Port Scanning

nmap

# suggested nmap scans
nmap -p- -T5 domain.com
nmap -p x,y,z -A domain.com -v -oN scanPORT.txt


# useful flags
-sT # tcp scan
-sU # udp scan
-sn # host scan (multi-IP)
-O --osscan-guess # os Scan


#filtering results
-oG # on file G
grep Up hostsScan.txt | cut -d " " -f 2
grep open openPortScan.txt | cut -d " " -f 2

nmap scripting engine NSE

# headers enum script
--script http-headers

Powershell

Test-NetConnection -Port 445 127.0.0.1

foreach ($port in 1..1024) {If (($a=Test-NetConnection 192.168.50.151 -Port $port
-WarningAction SilentlyContinue).tcpTestSucceeded -eq $true){"TCP Port $port is open"}}