Firewall evasion
Nmap
# Use this switch to evade firewall and discover hidden networks (full TCP scan with -sT)
nmap -sT 192.168.0.0/24
# Bypass firewall with this nmap script
sudo nmap --script=firewalk --traceroute 172.19.19.7
# Bypass firewall: scan until port and increment by (++1)
sudo hping3 -S 172.19.19.7 -c 100 -p ++1
# Send an ACK flag to see if the server is up and if it will open up. After that, you can use the -sS flag
nmap -sA -Pn
# Check the ARP table to retrieve some live hosts
arp -a
# Scan from a specific port and treat the host as alive
nmap -p 445 -g 445 172.25.170.170 --script=*vuln* -Pn
# Perform a scan for a specific port using the -g switch
nmap -sS -v -v -Pn 172.25.100.105 -g 445
# Use these nmap switches if you think you've missed a host
# -P, -Pn, -PE, -PS, -PA, -PP, -PM, -PU, -PY, -PO
nmap -P -Pn -PE -PS -PA -PP -PM -PU -PY -PO
# Window scan is an implementation detail used to differentiate open ports from closed ones
# It does this by examining the TCP Window value of the RST packets returned.
nmap -sW
# Set CPORT for netcat scanning
nc IP PORT -p PORT
# Different switches using various tools to scan from a specific port using netcat (-p-), nmap, or metasploit
nmap -gLast updated