-
Notifications
You must be signed in to change notification settings - Fork 67
Scanning profiles
#Rainmap Lite Scanning Profiles This page lists all the available scanning profiles shipped with Rainmap Lite.
##Contributions Do you know an awesome Nmap scanning command I missed? Please contribute to the project by sending your scanning profile and I'll add it to the database and to our credits section.
##Available Scanning Profiles ###BACNET Scan
--script bacnet-info -sU -p47808
###Broadcast Scan
-sn --script broadcast
###DDOS Reflectors UDP Scan
–sU –A –PN –n –pU:19,53,123,161 --script=ntp-monlist,dns-recursion,snmp-sysdescr
###DDOS Slowloris Check Scan
–p- -sV --script=http-slowloris-check
###DNS Enumeration Scan
-sn --script dns-brute
###ENIP Scan
--script enip-info -sU -p44818
###Fast scan
-F -T4 --max-retries 1
###Full Service Scan
-sV --version-all -p- -sT
###Full Service with scripts Scan
-sV --version-all -p- -sT -sC
###Full UDP scan with default scripts
-sU -sC -p-
###HTTP WAF Scan
-p- -sV --script http-waf-detect,http-waf-fingerprint
###HTTP Enumeration Scan
-p- -sV --script http-enum
###HTTP Scan
-p- -sV --script "http-* and not(dos or brute)"
###HTTP Shellshock Scan
-p- -sV --script http-shellshock
###HTTP MS15-034 Scan
-p80,433 -sV --script http-vuln-cve2015-1635
###IIS Short Name Scan
-p- -sV --script http-iis-short-name-brute
###IP Address Info Scan
-p- -sV --script hostmap-ip2hosts,hostmap-bfk,hostmap-robtex,asn-query,whois-*
###Intense All Ports (Zenmap)
-p 1-65535 -T4 -A -v
###Intense scan (Zenmap)
-T4 -A -v
###Intense scan plus UDP (Zenmap)
-sS -sU -T4 -A -v
###JDWP Scan
-p- -sV --script jdwp-info,jdwp-version
###PHP SELF XSS scan
-p- -sV --script http-phpself-xss
###Ping scan (Zenmap)
-sn
###Quick scan Plus (Zenmap)
-T4 -F
###Quick trace route (Zenmap)
-sn --traceroute
###RPC Scan
-p- -sV --script rpc-grind
###S7 Scan
--script s7-info.nse -p102
###SCADA Modbus Scan
--script modbus-discover --script-args=modbus-discover.aggressive=true -p 502
###Slow Comprehensive Scan (Zenmap)
-sS -sU -T4 -A -v -PE -PS80,443 -PA3389 -PP -PU40125 -PY --source-port 53 --script "default or (discovery and safe)"
###SSL Scan
-p- -sV --script ssl*
###SSL Heartbleed Scan
-p- -sV --script ssl-heartbleed
###SMB Scan
--script "smb* and not(dos or brute)" -p139,445 -sU -sT
###SMB Signing Scan
--script smb-security-mode -p139,445 -sU -sT
###SMB Vuln Scan
--script smb-vuln-* -p139,445 -sU -sT
###OS Detection
-O --osscan-guess
###VNC Scan
-p- -sV --script vnc-info
###Vuln Scan
-p- -sV --script vuln
###Wordpress User Enum Scan
-p80 -sV --script http-wordpress-users
###Wordpress Enum Scan
-p- -sV --script http-wordpress-enum --script-args check-latest=true
##Credits/References
- DDOS Reflectors UDP Scan by hackertarget.com (https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/)
- Full Service TCP Connect with scripts by @_hkm (https://hakim.ws)