zmap on a local network

zmap is an opensource network scanner, most often used to scan whole external internet networks in this tutorial I’ll show you how to run zmap on a local network. One disadvantage of zmap over nmap is that you can only scan one port at a time.

brew install zmap

https://github.com/zmap/zmap/wiki

to scan with zmap on a local network for upnp hosts:

/usr/local/sbin/zmap -p 1900 192.168.0.0/24 -M upnp -b /dev/null

to scan for DNS services

/usr/local/sbin/zmap -p 53 192.168.0.0/24 -b /dev/null

to scan for ssh services

/usr/local/sbin/zmap -p 22 192.168.0.0/24 -b /dev/null

to scan for http services

/usr/local/sbin/zmap -p 80 192.168.0.0/24 -b /dev/null

Some Standard Ports

 20, 21 File Transfer Protocol (FTP) TCP
 22 Secure Shell (SSH) TCP and UDP
 23 Telnet TCP
 25 Simple Mail Transfer Protocol (SMTP) TCP
 50, 51 IPSec
 53 Domain Name System (DNS) TCP and UDP
 67, 68 Dynamic Host Configuration Protocol (DHCP) UDP
 69 Trivial File Transfer Protocol (TFTP) UDP
 80 HyperText Transfer Protocol (HTTP) TCP
 110 Post Office Protocol (POP3) TCP
 119 Network News Transport Protocol (NNTP) TCP
 123 Network Time Protocol (NTP) UDP
 135-139 NetBIOS TCP and UDP
 143 Internet Message Access Protocol (IMAP4) TCP and UDP
 161, 162 Simple Network Management Protocol (SNMP) TCP and UDP
 389 Lightweight Directory Access Protocol TCP and UDP
 443 HTTP with Secure Sockets Layer (SSL) TCP and UDP
 989, 990 FTP over SSL/TLS (implicit mode) TCP
 3389 Remote Desktop Protocol TCP and UDP

Going further: grabbing banners

https://www.hackingarticles.in/multiple-ways-to-banner-grabbing/

whatweb

whatweb http://192.168.0.1

curl

curl -sI 192.168.0.1

wget

wget -qS 192.168.0.1

nc

nc 192.168.0.1 80

Leave a Reply