zmap is an opensource network scanner, most often used to scan whole external internet networks in this tutorial I’ll show you how to run zmap on a local network. One disadvantage of zmap over nmap is that you can only scan one port at a time.
brew install zmaphttps://github.com/zmap/zmap/wiki
to scan with zmap on a local network for upnp hosts:
/usr/local/sbin/zmap -p 1900 192.168.0.0/24 -M upnp -b /dev/nullto scan for DNS services
/usr/local/sbin/zmap -p 53 192.168.0.0/24 -b /dev/nullto scan for ssh services
/usr/local/sbin/zmap -p 22 192.168.0.0/24 -b /dev/nullto scan for http services
/usr/local/sbin/zmap -p 80 192.168.0.0/24 -b /dev/nullSome Standard Ports
20, 21 File Transfer Protocol (FTP) TCP
22 Secure Shell (SSH) TCP and UDP
23 Telnet TCP
25 Simple Mail Transfer Protocol (SMTP) TCP
50, 51 IPSec
53 Domain Name System (DNS) TCP and UDP
67, 68 Dynamic Host Configuration Protocol (DHCP) UDP
69 Trivial File Transfer Protocol (TFTP) UDP
80 HyperText Transfer Protocol (HTTP) TCP
110 Post Office Protocol (POP3) TCP
119 Network News Transport Protocol (NNTP) TCP
123 Network Time Protocol (NTP) UDP
135-139 NetBIOS TCP and UDP
143 Internet Message Access Protocol (IMAP4) TCP and UDP
161, 162 Simple Network Management Protocol (SNMP) TCP and UDP
389 Lightweight Directory Access Protocol TCP and UDP
443 HTTP with Secure Sockets Layer (SSL) TCP and UDP
989, 990 FTP over SSL/TLS (implicit mode) TCP
3389 Remote Desktop Protocol TCP and UDP
Going further: grabbing banners
https://www.hackingarticles.in/multiple-ways-to-banner-grabbing/
whatweb
whatweb http://192.168.0.1curl
curl -sI 192.168.0.1wget
wget -qS 192.168.0.1nc
nc 192.168.0.1 80
