Nmap 7 40 0 0 0

1 (of 3) scan.Initiating NSE at 22:51Completed NSE at 22:51, 0.00s elapsedNSE: Starting runlevel 2 (of 3) scan.Initiating NSE at 22:51Completed NSE at 22:51, 0.00s elapsedNSE: Starting runlevel 3 (of 3) scan.Initiating NSE at 22:51Completed NSE at 22:51, 0.00s elapsedRead data files from: /usr/bin/../share/nmapOS and Service detection performed. Please report any incorrect results at .Nmap done: 1 IP address (1 host up) scanned in 25.09 seconds Raw packets sent: 65 (4.396KB) | Rcvd: 41 (3.068KB) 考察Nmapの場合、全ポートに対してオプションで指定した動作を試みるので時間がかかるRustScanは全ポートをスキャンしてから、空いているポートに対してnmapで指定したオプションを試みるので時間が短縮される全ポートスキャンする場合、RustScanを使ったほうが早い最後にRustScanはOSCPで禁止されてなく普通に使われているツールと思われるので、これからもRustScanを使いこなしていこうと思います追記Nmapの検証で、高速オプション「-T4」を使用してなかったので再度Nmapの時間を計測1016.57秒（約17分）作業ログ└─# nmap -p- -T4 -sV -A -oN nmap.txt 10.10.216.174Starting Nmap 7.92 ( ) at 2021-11-30 23:21 UTCTraceroute Timing: About 32.26% done; ETC: 23:38 (0:00:00 remaining)Nmap scan report for 10.10.216.174Host is up (0.25s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION80/tcp open http Apache httpd 2.4.18 ((Ubuntu))|_http-title: Apache2 Ubuntu Default Page: It works|_http-server-header: Apache/2.4.18 (Ubuntu)6379/tcp open redis Redis key-value store 6.0.7No exact OS matches for host (If you know what OS is running on it, see ).TCP/IP fingerprint:OS:SCAN(V=7.92%E=4%D=11/30%OT=80%CT=1%CU=33336%PV=Y%DS=4%DC=T%G=Y%TM=61A6B5OS:F4%P=x86_64-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=10B%TI=Z%CI=I%II=I%TS=8)SEOS:Q(SP=103%GCD=1%ISR=10B%TI=Z%II=I%TS=8)OPS(O1=M506ST11NW7%O2=M506ST11NW7%OS:O3=M506NNT11NW7%O4=M506ST11NW7%O5=M506ST11NW7%O6=M506ST11)WIN(W1=68DF%W2OS:=68DF%W3=68DF%W4=68DF%W5=68DF%W6=68DF)ECN(R=Y%DF=Y%T=40%W=6903%O=M506NNSOS:NW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%OS:DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%OS:O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%OS:W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%OS:RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)Network Distance: 4 hopsTRACEROUTE (using port 587/tcp)HOP RTT ADDRESS1 113.49 ms 10.13.0.12 ... 34 254.71 ms 10.10.216.174OS and Service detection performed. Please report any incorrect results at .Nmap done: 1 IP address (1 host up) scanned in 1016.57 seconds15Go to list of users who liked6Register as a new user and use Qiita more convenientlyYou get articles that match your needsYou can efficiently read back useful informationYou can use dark themeWhat you can do with signing up15Go to list of users who liked6Deleted articles cannot be recovered.Draft of this article would be also deleted.Are you sure you want to delete this article?

15Go to list of users who liked6Deleted articles cannot be recovered.Draft of this article would be also deleted.Are you sure you want to delete this article?More than 3 years have passed since last update.RustScanというポートスキャンが高速でできるツールを見つけたので検証してみました。リポジトリRustScan@GitHubインストールKali Linuxのインストールコマンドwget -i rustscan_2.0.1_amd64.deb検証環境ローカルはVirtual BoxのKali linuxスキャン対象はTryHackMe - Resで提供されているサーバ、ポート80と6379が空いている検証①：Nmap検証内容Nmapコマンドで以下のオプションを指定して実行時間を計測オプション説明-p-全ポート指定（デフォルトは1-1024）-sVバージョン検出-AOS検出-oNファイル出力（output Normal）検証結果1621.94秒（約27分）実行ログ└─# nmap -p- -sV -A -oN nmap.txt 10.10.216.174 Starting Nmap 7.92 ( ) at 2021-11-30 22:52 UTCStats: 0:24:29 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth ScanNmap scan report for 10.10.216.174Host is up (0.25s latency).Not shown: 65533 closed tcp ports (reset)PORT STATE SERVICE VERSION80/tcp open http Apache httpd 2.4.18 ((Ubuntu))|_http-title: Apache2 Ubuntu Default Page: It works|_http-server-header: Apache/2.4.18 (Ubuntu)6379/tcp open redis Redis key-value store 6.0.7No exact OS matches for host (If you know what OS is running on it, see ).TCP/IP fingerprint:OS:SCAN(V=7.92%E=4%D=11/30%OT=80%CT=1%CU=41258%PV=Y%DS=4%DC=T%G=Y%TM=61A6B1OS:70%P=x86_64-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=109%TI=Z%CI=I%II=I%TS=8)OPOS:S(O1=M506ST11NW7%O2=M506ST11NW7%O3=M506NNT11NW7%O4=M506ST11NW7%O5=M506STOS:11NW7%O6=M506ST11)WIN(W1=68DF%W2=68DF%W3=68DF%W4=68DF%W5=68DF%W6=68DF)ECOS:N(R=Y%DF=Y%T=40%W=6903%O=M506NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=OS:AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%OS:F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=NOS:%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%COS:D=S)Network Distance: 4 hopsTRACEROUTE (using port 443/tcp)HOP RTT ADDRESS1 115.52 ms 10.13.0.12 ... 34 252.41 ms 10.10.216.174OS and Service detection performed. Please report any incorrect results at .Nmap done: 1 IP address (1 host up) scanned in 1621.94 seconds検証②：RustScan検証内容RustScanで同じオプションを指定して実行時間を計測検証結果ポートスキャン：3秒バージョン検出スキャン：25秒実行ログ└─# rustscan -a 10.10.216.174 --ulimit 5000 -- -sV -A -oN rustscan.txt.----. .-. .-. .----..---. .----. .---. .--. .-. .-.| {} }| { } |{ {__ {_ _}{ {__ / ___} / {} \ | `| || .-. \| {_} |.-._} } | | .-._} }\ }/ /\ \| |\ |`-' `-'`-----'`----' `-' `----' `---' `-' `-'`-' `-'The Modern Day Port Scanner.________________________________________: :: : --------------------------------------🌍HACK THE PLANET🌍[~] The config file is expected to be at "/root/.rustscan.toml"[~] Automatically increasing ulimit value to 5000.Open 10.10.216.174:80Open 10.10.216.174:6379[~] Starting Script(s)[>] Script to be run Some("nmap -vvv -p {{port}} {{ip}}")[~] Starting Nmap 7.92 ( ) at 2021-11-30 22:50 UTCNSE: Loaded 155 scripts for scanning.NSE: Script Pre-scanning.NSE: Starting runlevel 1 (of 3) scan.Initiating NSE at 22:50Completed NSE at 22:50, 0.00s elapsedNSE: Starting runlevel 2 (of 3) scan.Initiating NSE at 22:50Completed NSE at 22:50, 0.00s elapsedNSE: Starting runlevel 3 (of 3) scan.Initiating NSE at 22:50Completed NSE at 22:50, 0.00s elapsedInitiating Ping Scan at 22:50Scanning 10.10.216.174 [4 ports]Completed Ping Scan at 22:50, 0.37s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 22:50Completed Parallel DNS resolution of 1 host. at 22:50, 0.01s elapsedDNS resolution of 1

Posted Mon April 01, 2019 06:58 PM Originally posted by: KiloBravo The 2:7.60-3 build of nmap in the AIX ToolKit has version-specific dependencies it is not checking for and fails to operate until they are manually satisfied: /* Original Functioning Environment: */ nmap.ppc 2:7.60-1 lua.ppc 5.3.3-1 pcre.ppc 8.33-1 # yum install ncat nmap nping Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package ncat.ppc 2:7.60-3 will be installed --> Processing Dependency: libpcap >= 1.9.0-1 for package: 2:ncat-7.60-3.ppc ---> Package nmap.ppc 2:7.60-1 will be updated ---> Package nmap.ppc 2:7.60-3 will be an update ---> Package nping.ppc 2:0.7.60-3 will be installed --> Running transaction check ---> Package libpcap.ppc 0:1.8.1-1 will be updated ---> Package libpcap.ppc 0:1.9.0-1 will be an update --> Processing Dependency: dbus >= 1.11.12-1 for package: libpcap-1.9.0-1.ppc --> Processing Dependency: libdbus-1.a(libdbus-1.so.3) for package: libpcap-1.9.0-1.ppc --> Running transaction check ---> Package dbus.ppc 0:1.12.10-1 will be installed --> Processing Dependency: expat >= 2.2.4 for package: dbus-1.12.10-1.ppc --> Running transaction check ---> Package expat.ppc 0:2.2.0-1 will be updated ---> Package expat.ppc 0:2.2.4-1 will be an update --> Finished Dependency Resolution Dependencies Resolved ==================================================================================================================================== Package Arch Version Repository Size ==================================================================================================================================== Installing: ncat ppc 2:7.60-3 PHS_AIX_Toolbox 343 k nping ppc 2:0.7.60-3 PHS_AIX_Toolbox 505 k Updating: nmap ppc 2:7.60-3 PHS_AIX_Toolbox 6.8 M Installing for dependencies: dbus ppc 1.12.10-1 PHS_AIX_Toolbox 2.0 M Updating for dependencies: expat ppc 2.2.4-1 PHS_AIX_Toolbox 511 k libpcap ppc 1.9.0-1 PHS_AIX_Toolbox 904 k Transaction Summary ==================================================================================================================================== Install 3 Packages Upgrade 3 Packages Total download size: 11 M Is this ok [y/N]: y Downloading Packages: (1/6): dbus-1.12.10-1.aix6.1.ppc.rpm | 2.0 MB 00:00:00 (2/6): expat-2.2.4-1.aix6.1.ppc.rpm | 511 kB 00:00:00 (3/6): libpcap-1.9.0-1.aix6.1.ppc.rpm | 904 kB 00:00:00 (4/6): ncat-7.60-3.aix6.1.ppc.rpm | 343 kB 00:00:00 (5/6): nmap-7.60-3.aix6.1.ppc.rpm | 6.8 MB 00:00:00 (6/6): nping-0.7.60-3.aix6.1.ppc.rpm | 505 kB 00:00:00 ------------------------------------------------------------------------------------------------------------------------------------ Total 9.7 MB/s | 11 MB 00:01 Running Transaction Check Running Transaction Test Transaction Test Succeeded Running Transaction Updating : expat-2.2.4-1.ppc 1/9 Installing : dbus-1.12.10-1.ppc 2/9 Updating : libpcap-1.9.0-1.ppc 3/9 Updating : 2:nmap-7.60-3.ppc 4/9 Installing : 2:nping-0.7.60-3.ppc 5/9 Installing : 2:ncat-7.60-3.ppc 6/9 Cleanup : 2:nmap-7.60-1.ppc 7/9 Cleanup : libpcap-1.8.1-1.ppc 8/9 Cleanup : expat-2.2.0-1.ppc 9/9 Installed: ncat.ppc 2:7.60-3 nping.ppc 2:0.7.60-3 Dependency Installed: dbus.ppc 0:1.12.10-1 Updated: nmap.ppc 2:7.60-3 Dependency Updated: expat.ppc 0:2.2.4-1 libpcap.ppc 0:1.9.0-1 Complete! # nmap -sS -O -vv -A --script vuln target exec(): 0509-036 Cannot load program nmap because of the following errors: 0509-150 Dependent module /opt/freeware/lib/liblua.a(liblua-5.3.so) could not be loaded. 0509-152 Member liblua-5.3.so is not found in archive

IntroductionThis document describes the TCP and UDP ports that Cisco CGR2010 platform uses for applications and intranetwork communications.Default PortsCisco CGR2010 has these ports enabled by default :Router#show control-plane host open-portsActive internet connections (servers and established)Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTENRouter#In case that SSH is enabled in the router, port 22 is open in the CGR 2010:Router#show control-plane host open-portsActive internet connections (servers and established)Prot Local Address Foreign Address Service State tcp *:22 *:0 SSH-Server LISTEN tcp *:23 *:0 Telnet LISTENUse Nmap to verify the ports that are enabled in the router.C:\Program Files (x86)\Nmap>nmap -sS -p1-10000 10.31.126.137Starting Nmap 7.70 ( ) at 2018-12-06 20:05 Central Standard Time (Mexico)Nmap scan report for 10.31.126.137Host is up (0.0054s latency).Not shown: 9998 closed portsPORT STATE SERVICE22/tcp open ssh23/tcp open telnetNmap done: 1 IP address (1 host up) scanned in 14.23 secondsC:\Program Files (x86)\Nmap>When a switch module is installed on the CGR2010, the router opens the ports 2003, 4003, 6003 and 9003. Take a look at the Table.C:\Program Files (x86)\Nmap>nmap -sS -p1-10000 10.31.126.137Starting Nmap 7.70 ( ) at 2018-12-06 20:22 Central Standard Time (Mexico)Nmap scan report for 10.31.126.137Host is up (0.0067s latency).Not shown: 9994 closed portsPORT STATE SERVICE22/tcp open ssh23/tcp open telnet2003/tcp open finger4003/tcp open pxc-splr-ft6003/tcp open X11:39003/tcp open unknownNmap done: 1 IP address (1 host up) scanned in 12.54 secondsC:\Program Files (x86)\Nmap>Table of Reverse Port ServicesService Name Reserved Port RangeNormal Telnet2000-2xxxRaw TCP4000-4xxxTelnet Binary Mode6000-6xxxReverse Xremote9000-9xxxThis behavior is addressed in these CDETS:

From 0 to 9. The higher the intensity, the more probes sent to the targeted host. The NMAP default is 7. Running the following command finds only common ports on the host:nmap 192.168.1.100 -sU -sV –version-intensity 0Why Would You Do a UDP Scan with NMAP?Administrators have several reasons for performing a UDP scan using NMAP. It could be to simply audit the network for open unnecessary ports. For cybersecurity reasons, unnecessary services should be disabled, and an NMAP scan tells administrators which machines are running services that can be shut down.Another reason for a UDP scan is to find vulnerabilities on the network. If an attacker can install malware on the network, a compromised host could be running a malicious service on a UDP port. Using the NMAP scan, an administrator would find the open port and perform additional scans and analysis on the host. NMAP could also be used to discover hosts on the network. Shadow IT is the term given to unauthorized devices installed on the network. An administrator could find the unauthorized device and find out who owns it and how it was installed on the environment.ConclusionFor any administrator responsible for network security, the NMAP tool is a great auditing and vulnerability scanner. NMAP can discover machines, operating systems, and services that should not run on the environment. Discovery of unauthorized devices and open ports is essential in securing hosts and protecting corporate data. Port scanning is just one facet of the type of monitoring that you will need to do to keep your data center safe. Power your security analytics with performant, scalable, and simple data infrastructure solutions by Pure Storage.