Not sure if it’s allowed, but pop a root shell on one of the other machines, download & install a pre-compiled nmap binary for that system and run it from there; the VPN might be a serious bottleneck
Generally an nmap scan takes time, especially when the -p- option is specified. I usually use -T4 ( or rarely -T5) option to speedup the scan. Both options assume that you are in a fast network of course (however these options should not always be used).
imho ist most of the time sufficient to stick with nmap defaults and scan the 1000 most common ports. if I don’t get anywhere I sometimes try to scan more, but it rarely got me anywhere
For my initial scan I usually use “nmap -T4 -A -oA nmap ”. Use that info as a basis for what to do next, and while using other tools, launch a more in-depth nmap scan. Something like “nmap -sS -sC -sV -A --reason --privileged -vv -oA nmap ” - yes, I know that “-sC and -sV” are included with the -A flag, but I like to specify both because who really knows EXACTLY what -A does? Just to cover my bases…
Running a quick scan to start is a good idea. Once that is done, start a full scan while you check out what the first scan found. The majority of boxes only have services found with the quick scan, so it should be good in most cases.
I know its almost been eight months since this thread was active but I find it funny that I ran into this issue working on my first machine ever. Of course my first machine would happen to be Chatterbox which doesn’t listen on the 1000 most common and nmap -p- is needed. -___- 17.52% done with 1:28:38 remaining.
python htbscan.py < ip > 500 it will adjust the threshold speed, masscan will get you fast the Ports you are looking for, and after that the nmap will analyse them for specific versions and services running under the specific ports.
Running a quick scan to start is a good idea. Once that is done, start a full scan while you check out what the first scan found. The majority of boxes only have services found with the quick scan, so it should be good in most cases.
i used nmap -p- -v -Pn -sS -T5 10.10.10.174 on my first go…its stilll taking ridiculously long time!! any way to tackle!?
thank you for your time!