

Opciones disponibles



sudo apt update 

sudo apt install nmap zenmap



nmap 192.168.3.2 



nmap 192.168.3.1-254 



nmap www.redusers.com 



nmap 192.168.3.0/24



usuario@usuario:~$ nmap 192.168.1.1  



Starting Nmap 7.60 ( https://nmap.org ) at 2020-04-30 12:31 -04 

Nmap scan report for 192.168.1.1 

Host is up (0.012s latency). 

Not shown: 992 closed ports 

PORT     STATE    SERVICE 

21/tcp   filtered ftp 

22/tcp   open     ssh 

23/tcp   filtered telnet 

80/tcp   open     http 

443/tcp  filtered https 

5431/tcp open     park-agent 

8000/tcp open     http-alt 

8080/tcp open     http-proxy  



Nmap done: 1 IP address (1 host up) scanned in 1.40 seconds 

usuario@usuario:~$  



usuario@usuario:~$ nmap www.google.cl  

Starting Nmap 7.60 ( https://nmap.org ) at 2020-04-30 12:34 -04 

Nmap scan report for www.google.cl (64.233.186.94) 

Host is up (0.025s latency). 

Other addresses for www.google.cl (not scanned): 2800:3f0:4003:c00::5e 

rDNS record for 64.233.186.94: cb-in-f94.1e100.net 

Not shown: 998 filtered ports 

PORT    STATE SERVICE 

80/tcp  open  http 

443/tcp open  https  



Nmap done: 1 IP address (1 host up) scanned in 5.98 seconds 

usuario@usuario:~$  



nmap 192.168.1.1-30 -PS



usuario@usuario:~$ nmap 192.168.1.1-30 -PS  

Starting Nmap 7.60 ( https://nmap.org ) at 2020-04-30 12:57 -04 

Nmap scan report for 192.168.1.1 

Host is up (0.013s latency). 

Not shown: 992 closed ports 

PORT     STATE    SERVICE 

21/tcp   filtered ftp 

22/tcp   open     ssh 

23/tcp   filtered telnet 

80/tcp   open     http 

443/tcp  filtered https 

5431/tcp open     park-agent 

8000/tcp open     http-alt 

8080/tcp open     http-proxy  



Nmap done: 30 IP addresses (1 host up) scanned in 5.56 seconds 

usuario@usuario:~$  



nmap 192.168.1.1 -F



nmap 192.168.1.1 -p U:53,T:21-25,80



nmap 192.168.1.1 --top-ports 100





Escaneo con Nmap

sudo ifconfig





kali@kali:~$ sudo ifconfig 



[sudo] password for kali:  

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500         

inet 192.168.1.102  netmask 255.255.255.0  broadcast 192.168.1.255         inet6 fe80::a00:27ff:fe1f:3076  prefixlen 64  scopeid 0x20<link>         ether 08:00:27:1f:30:76  txqueuelen 1000  (Ethernet)         

RX packets 31  bytes 2820 (2.7 KiB)         

RX errors 0  dropped 0  overruns 0  frame 0         

TX packets 36  bytes 3200 (3.1 KiB)         

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  



lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536         

inet 127.0.0.1  netmask 255.0.0.0         

inet6 ::1  prefixlen 128  scopeid 0x10<host>         

loop  txqueuelen 1000  (Local Loopback)         

RX packets 8  bytes 396 (396.0 B)         

RX errors 0  dropped 0  overruns 0  frame 0         

TX packets 8  bytes 396 (396.0 B)         

TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0  



kali@kali:~$  



kali@kali:~$ nmap -sn 192.168.1.0/24 



Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-30 17:25 EDT 



Nmap scan report for 192.168.1.1 

Host is up (0.0056s latency). 

Nmap scan report for 192.168.1.82 

Host is up (0.00070s latency). 

Nmap scan report for 192.168.1.83 

Host is up (0.034s latency). 

Nmap scan report for 192.168.1.90 

Host is up (0.041s latency). 

Nmap scan report for 192.168.1.92 

Host is up (0.072s latency). 

Nmap scan report for 192.168.1.97 

Host is up (0.039s latency). 

Nmap scan report for 192.168.1.102 

Host is up (0.0031s latency). 

Nmap scan report for 192.168.1.103 

Host is up (0.00040s latency). 



Nmap done: 256 IP addresses (8 hosts up) scanned in 2.48 seconds 

kali@kali:~$  



Nmap scan report for 192.168.1.102 

Host is up (0.0031s latency). 

Nmap scan report for 192.168.1.103 

Host is up (0.00040s latency). 



nmap sn v 192.168.1.0/24



kali@kali:~$ nmap -sn -v 192.168.1.0/24 

Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-30 17:37 EDT 

Initiating Ping Scan at 17:37 

Scanning 256 hosts [2 ports/host] 

Completed Ping Scan at 17:37, 3.43s elapsed (256 total hosts) 

Initiating Parallel DNS resolution of 256 hosts. at 17:37 

Completed Parallel DNS resolution of 256 hosts. at 17:37, 0.01s elapsed 



Nmap scan report for 192.168.1.0 [host down] 

Nmap scan report for 192.168.1.1 

Host is up (0.0055s latency). 

Nmap scan report for 192.168.1.2 [host down] 

Nmap scan report for 192.168.1.3 [host down] 

Nmap scan report for 192.168.1.4 [host down] 

Nmap scan report for 192.168.1.5 [host down] 

Nmap scan report for 192.168.1.6 [host down] 

Nmap scan report for 192.168.1.7 [host down] 

.

.

.

Nmap scan report for 192.168.1.99 [host down] 

Nmap scan report for 192.168.1.100 

Host is up (0.00064s latency). 

Nmap scan report for 192.168.1.101 [host down] 

Nmap scan report for 192.168.1.102 

Host is up (0.00060s latency). 

Nmap scan report for 192.168.1.103 

Host is up (0.00046s latency). 

Nmap scan report for 192.168.1.104 [host down] 

Nmap scan report for 192.168.1.105 [host down] 

Nmap scan report for 192.168.1.106 [host down] 

Nmap scan report for 192.168.1.107 [host down] 

Nmap scan report for 192.168.1.108 [host down] 

Nmap scan report for 192.168.1.109 [host down] 

Nmap scan report for 192.168.1.110 [host down] 

Nmap scan report for 192.168.1.111 [host down] 

Nmap scan report for 192.168.1.112 [host down] 

.

.

.

Read data files from: /usr/bin/../share/nmap 

Nmap done: 256 IP addresses (9 hosts up) scanned in 3.45 seconds 



Nmap scan report for 192.168.1.111 [host down] 



Nmap scan report for 192.168.1.103 

Host is up (0.00046s latency). 



nmap sS 192.168.1.103



kali@kali:~$ nmap sS 192.168.1.103 



Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-30 17:49 EDT Failed to resolve "sS". 

Nmap scan report for 192.168.1.103 

Host is up (0.00076s latency). 

Not shown: 977 closed ports 

PORT     STATE SERVICE 

21/tcp   open  ftp 

22/tcp   open  ssh 

23/tcp   open  telnet 

25/tcp   open  smtp 

53/tcp   open  domain 

80/tcp   open  http 

111/tcp  open  rpcbind 

139/tcp  open  netbios-ssn 

445/tcp  open  microsoft-ds 

512/tcp  open  exec 

513/tcp  open  login 

514/tcp  open  shell 

1099/tcp open  rmiregistry 

1524/tcp open  ingreslock 

2049/tcp open  nfs 

2121/tcp open  ccproxy-ftp 

3306/tcp open  mysql 

5432/tcp open  postgresql 

5900/tcp open  vnc 

6000/tcp open  X11 

6667/tcp open  irc

8009/tcp open  ajp13 

8180/tcp open  unknown  



Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds



kali@kali:~$ sudo nmap -sS www.eromer.cl 

[sudo] password for kali:  

Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-30 18:03 EDT 

Nmap scan report for www.eromer.cl (186.64.119.65) 

Host is up (0.022s latency). 

rDNS record for 186.64.119.65: mail.rack26.miwebdns.net 

Not shown: 918 filtered ports, 71 closed ports 

PORT      STATE SERVICE 

21/tcp    open  ftp 

25/tcp    open  smtp 

80/tcp    open  http 

110/tcp   open  pop3 

143/tcp   open  imap 

443/tcp   open  https 

465/tcp   open  smtps 

587/tcp   open  submission 

993/tcp   open  imaps 

995/tcp   open  pop3s 

49163/tcp open  unknown  



Nmap done: 1 IP address (1 host up) scanned in 4.02 seconds 



kali@kali:~$ nmap -v -sT 192.168.1.103 

Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-30 18:08 EDT 

Initiating Ping Scan at 18:08 

Scanning 192.168.1.103 [2 ports] 

Completed Ping Scan at 18:08, 0.00s elapsed (1 total hosts) 

Initiating Parallel DNS resolution of 1 host. at 18:08 

Completed Parallel DNS resolution of 1 host. at 18:08, 0.01s elapsed Initiating Connect Scan at 18:08 

Scanning 192.168.1.103 [1000 ports] 

Discovered open port 23/tcp on 192.168.1.103 

Discovered open port 80/tcp on 192.168.1.103 

Discovered open port 3306/tcp on 192.168.1.103 

Discovered open port 445/tcp on 192.168.1.103 

Discovered open port 139/tcp on 192.168.1.103 

Discovered open port 5900/tcp on 192.168.1.103 

Discovered open port 53/tcp on 192.168.1.103 

Discovered open port 111/tcp on 192.168.1.103 

Discovered open port 25/tcp on 192.168.1.103 

Discovered open port 21/tcp on 192.168.1.103 

Discovered open port 22/tcp on 192.168.1.103 

Discovered open port 2049/tcp on 192.168.1.103 

Discovered open port 8180/tcp on 192.168.1.103 

Discovered open port 1099/tcp on 192.168.1.103 

Discovered open port 514/tcp on 192.168.1.103 

Discovered open port 2121/tcp on 192.168.1.103 

Discovered open port 513/tcp on 192.168.1.103 

Discovered open port 6667/tcp on 192.168.1.103 

Discovered open port 1524/tcp on 192.168.1.103 

Discovered open port 512/tcp on 192.168.1.103 

Discovered open port 8009/tcp on 192.168.1.103 

Discovered open port 6000/tcp on 192.168.1.103 

Discovered open port 5432/tcp on 192.168.1.103 

Completed Connect Scan at 18:08, 0.22s elapsed (1000 total ports) 

Nmap scan report for 192.168.1.103 

Host is up (0.0028s latency). 

Not shown: 977 closed ports 

PORT     STATE SERVICE 

21/tcp   open  ftp 

22/tcp   open  ssh 

23/tcp   open  telnet 

25/tcp   open  smtp 

53/tcp   open  domain 

80/tcp   open  http 

111/tcp  open  rpcbind 

139/tcp  open  netbios-ssn 

445/tcp  open  microsoft-ds 

512/tcp  open  exec 

513/tcp  open  login 

514/tcp  open  shell 

1099/tcp open  rmiregistry 

1524/tcp open  ingreslock 

2049/tcp open  nfs 

2121/tcp open  ccproxy-ftp 

3306/tcp open  mysql 

5432/tcp open  postgresql 

5900/tcp open  vnc 

6000/tcp open  X11 

6667/tcp open  irc 

8009/tcp open  ajp13 

8180/tcp open  unknown  



Read data files from: /usr/bin/../share/nmap 

Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds 



kali@kali:~$ sudo nmap -O 192.168.1.103 

[sudo] password for kali:  

Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-01 09:35 EDT 

Nmap scan report for 192.168.1.103 

Host is up (0.00056s latency). 

Not shown: 977 closed ports 

.

.

.

MAC Address: 08:00:27:E1:4B:A5 (Oracle VirtualBox virtual NIC) 

Device type: general purpose 

Running: Linux 2.6.X 

OS CPE: cpe:/o:linux:linux_kernel:2.6 

OS details: Linux 2.6.9 - 2.6.33 

Network Distance: 1 hop  



OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . 

Nmap done: 1 IP address (1 host up) scanned in 1.79 seconds 



nmap p 1-65535 T4 A v 192.168.1.103



Host script results: 

|_clock-skew: mean: -15h06m00s, deviation: 0s, median: -15h06m00s 

|_ms-sql-info: ERROR: Script execution failed (use -d to debug) 

| nbstat: NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown) 

| Names: 

|   METASPLOITABLE<00>   Flags: <unique><active> 

|   METASPLOITABLE<03>   Flags: <unique><active> 

|   METASPLOITABLE<20>   Flags: <unique><active> 

|   \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active> 

|   WORKGROUP<00>        Flags: <group><active> 

|   WORKGROUP<1d>        Flags: <unique><active> 

|_  WORKGROUP<1e>        Flags: <group><active> 

|_smb-os-discovery: ERROR: Script execution failed (use -d to debug) 

|_smb-security-mode: ERROR: Script execution failed (use -d to debug) 

|_smb2-time: Protocol negotiation failed (SMB2) 





Host script results: 

|_clock-skew: mean: -15h06m00s, deviation: 0s, median: -15h06m00s 

|_ms-sql-info: ERROR: Script execution failed (use -d to debug) 

| nbstat: NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown) 

| Names: |   METASPLOITABLE<00>   Flags: <unique><active> 

|   METASPLOITABLE<03>   Flags: <unique><active> 

|   METASPLOITABLE<20>   Flags: <unique><active> 

|   \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active> 

|   WORKGROUP<00>        Flags: <group><active> 

|   WORKGROUP<1d>        Flags: <unique><active> 

|_  WORKGROUP<1e>        Flags: <group><active> 

|_smb-os-discovery: ERROR: Script execution failed (use -d to debug) 

|_smb-security-mode: ERROR: Script execution failed (use -d to debug) 

|_smb2-time: Protocol negotiation failed (SMB2) 





Opciones adicionales

[root@server1 ~]# nmap 192.168.1.101 192.168.1.102 192.168.1.103  

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST 

Interesting ports on server2.mimaquina.com (192.168.0.101): 

Not shown: 1674 closed ports 

PORT     STATE SERVICE 

22/tcp   open  ssh 

80/tcp   open  http 

111/tcp  open  rpcbind 

957/tcp  open  unknown 

3306/tcp open  mysql 

8888/tcp open  sun-answerbook 



MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) 

Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds



[root@server1 ~]# nmap 192.168.1.*



Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST

Interesting ports on server1.mimaquina.com (192.168.0.100):

Not shown: 1677 closed ports

PORT    STATE SERVICE

22/tcp  open  ssh

111/tcp open  rpcbind

851/tcp open  unknown



Interesting ports on server2.mimaquina.com (192.168.0.101):

Not shown: 1674 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

957/tcp  open  unknown

3306/tcp open  mysql

8888/tcp open  sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)



Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds

You have new mail in /var/spool/mail/root



[root@server1 ~]# nmap -sA 192.168.0.101



Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 EST

All 1680 scanned ports on server2.mimaquina.com (192.168.0.101) are UNfiltered

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)



Nmap finished: 1 IP address (1 host up) scanned in 0.382 seconds

You have new mail in /var/spool/mail/root



[root@server1 ~]# nmap -PN 192.168.0.101



Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 EST

Interesting ports on server2.mimaquina.com (192.168.0.101):

Not shown: 1674 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

957/tcp  open  unknown

3306/tcp open  mysql

8888/tcp open  sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)



Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds





[root@server1 ~]# nmap -p T:8888,80 192.168.1.103



Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST

Interesting ports on 192.168.1.103:

PORT     STATE SERVICE

80/tcp   open  http

8888/tcp open  sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)



Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds



[root@server1 ~]# nmap -sU 53 192.168.1.103



Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST

Interesting ports on 192.168.1.103:

PORT     STATE SERVICE

53/udp   open  http

8888/udp open  sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)



Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds



[root@server1 ~]# nmap -sV 192.168.1.103



Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:48 EST

Interesting ports on 192.168.1.103:

Not shown: 1674 closed ports

PORT     STATE SERVICE VERSION

22/tcp   open  ssh     OpenSSH 4.3 (protocol 2.0)

80/tcp   open  http    Apache httpd 2.2.3 ((CentOS))

111/tcp  open  rpcbind  2 (rpc #100000)

957/tcp  open  status   1 (rpc #100024)

3306/tcp open  mysql   MySQL (unauthorized)

8888/tcp open  http    lighttpd 1.4.32

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)



Nmap finished: 1 IP address (1 host up) scanned in 12.624 seconds



[root@server1 ~]# nmap -PS 192.168.1.103



Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:51 EST

Interesting ports on 192.168.1.103:

Not shown: 1674 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

111/tcp  open  rpcbind

957/tcp  open  unknown

3306/tcp open  mysql

8888/tcp open  sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)



Nmap finished: 1 IP address (1 host up) scanned in 0.360 seconds

You have new mail in /var/spool/mail/root

























































	

