Skip to content

Instantly share code, notes, and snippets.

@ETUN4

ETUN4/nmap scanning profiles.txt

Forked from sec-js/nmap scanning profiles.txt
Created March 9, 2024 22:49
Show Gist options
  • Save ETUN4/7acfd3ff41e423896fed9e932a0a956c to your computer and use it in GitHub Desktop.
Save ETUN4/7acfd3ff41e423896fed9e932a0a956c to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @sec-js sec-js created this gist Mar 4, 2020.
    86 changes: 86 additions & 0 deletions nmap scanning profiles.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,86 @@


    Available profiles
    Fast scan
    -F -T4 --max-retries 1
    Web scan
    -p- -sV --version-all --script "http-* and not(dos or brute)"
    Full Service Scan
    -sV --version-all -p- -sT
    SMB Scan
    --script "smb* and not(dos or brute)" -p139,445 -sU -sT
    Full UDP Scan
    -sU -sC -p-
    Intense Scan (Zenmap)
    -T4 -A -v
    Intense All-Ports (Zenmap)
    -p 1-65535 -T4 -A -v
    Intense Scan plus UDP (Zenmap)
    -sS -sU -T4 -A -v
    Ping Scan (Zenmap)
    -sn
    Quickscan (Zenmap)
    -T4 -F
    Quickscan Plus (Zenmap)
    -sV -T4 -O -F --version-light
    Quick Traceroute (Zenmap)
    -sn --traceroute
    Slow Comprehensive Scan (Zenmap)
    -sS -sU -T4 -A -v -PE -PS80,443 -PA3389 -PP -PU40125 -PY --source-port 53 --script "default or (discovery and safe)
    OS detection
    -O --osscan-guess
    Bacnet Scan
    --script bacnet-info -sU -p47808
    Broadcast Scan
    -sn --script broadcast
    DDOS Reflectors UDP Scan
    –sU –A –PN –n –pU:19,53,123,161 --script=ntp-monlist,dns-recursion,snmp-sysdescr
    DDOS Slowloris Check Scan
    -p- -sV --script http-slowloris-check
    DNS Enum Scan
    -sn --script dns-brute
    ENIP Scan
    --script enip-info -sU -p44818
    HTTP WAF Scan
    -p- -sV --script http-waf-detect,http-waf-fingerprint
    HTTP Enum Scan
    -p- -sV --script http-enum
    HTTP Scan
    -p- -sV --script "http-* and not(dos or brute)"
    HTTP Shellshock Scan
    -p- -sV --script http-shellshock
    HTTP MS15-034 Scan
    -p80,433 -sV --script http-vuln-cve2015-1635
    HTTP IIS Short Name Scan
    -p- -sV --script http-iis-short-name-brute
    IP Address Info Scan
    -sn --script hostmap-ip2hosts,hostmap-bfk,hostmap-robtex,asn-query,whois-*
    JDWP Scan
    -p- -sV --script jdwp-info,jdwp-version
    HTTP Phpself XSS Scan
    -p- -sV --script http-phpself-xss
    RPC Scan
    -p- -sV --script rpc-grind
    S7 Scan
    --script s7-info.nse -p102
    SCADA Modbus Scan
    --script modbus-discover --script-args=modbus-discover.aggressive=true -p 502
    SSL Scan
    -p- -sV --script ssl*
    SSL Heartbleed Scan
    -p- -sV --script ssl-heartbleed
    SMB Signing Scan
    --script smb-security-mode -p139,445 -sU -sT
    SMB Vuln Scan
    --script smb-vuln-* -p139,445 -sU -sT
    VNC Scan
    -p- -sV --script vnc-info
    Vuln Scan
    -p- -sV --script vuln
    Wordpress User Enum Scan
    -p80 -sV --script http-wordpress-users
    Wordpress Enum Scan
    -p- -sV --script http-wordpress-enum --script-args check-latest=true
    Full Service TCP Connect scripts
    -sV --version-all -p- -sT -sC