By following this tutorial, you will learn how to effectively use Linux CLI tools like NMap and NCat to perform a port scan on any server.
NMap
- This is the de facto tool for port scanning right now.
- Install NMap.
// for RHEL/CentOS
$ sudo yum install nmap -y
// for Ubuntu/Debian
$ sudo apt-get update
$ sudo apt-get install nmap -y
- Start scanning ports. Note that flags starting with
-s*requiressudo.
// simple scan of TCP ports on web host / IP address
$ nmap 192.168.8.201
// scan a selected range of ip addresses
$ nmap 192.168.8.201-50
// scan a selected range of ports
$ nmap -p 1024-2048 192.168.8.201
$ nmap -p 80,22,25,443,8080 192.168.8.201
// scan entire subnet for active ip addresses and open ports
$ nmap 192.168.8.0/24
// inspect a selected port with increased verbosity
$ sudo nmap -vv --packet-trace -p 22 -sV 192.168.8.201
-A: aggressive scan, scans for everything--iflist: show host interfaces and routes-O --osscan-guess: detect OS--open: only show open (or possibly open) ports-p-: scan for all 65535 ports--packet-trace: show all packets sent and received-Pn: treat all hosts as online (skip host discovery, useful in case the server blocks ping or protected by the firewall)--reason: display the reason a port is in a particular state-sA: find out if a host/network is protected by a firewall-sP: scan in host discovery or ping mode-sO: detect IP protocols-sS: scan in TCP SYN modesT: scan in TCP Connect mode-sU: scan in UDP mode-sV: probe open ports to determine remote service/version info-v: verbose output
NCat (NetCat)
- Installed with NMap, this tool can be used to connect services and get its output. Similar to
curl IP:PORT.
$ nc 192.168.8.201 8080
| ✅ Tested OS's | : RHEL 7+, CentOS 7+, Ubuntu 18.04+, Debian 8+ |
|---|---|
| ✅ Tested Gear | : Cloud (AWS EC2), On-Prem (Bare Metal) |
Leave a comment