I am using eu-free-1 and I think this is the cause of slow nmap scan, Isn’t it?
Or Machines are slow?
If you’re using a free lab, it might be that many people are working on the same machine, which of course has an influence on the speed of nmap. However, also check which parameters you are using. nmap has several different scanning modes, which can be quite different in their speed.
I use masscan for a quick port scan:
masscan -e tun0 -p1-65535,U:1-65535 10.10.10.x --rate=500
Thanks Guys I use simply nmap 10.10.10.x -T5 but It gives me only open ports information no version no services or OS info.
but I’ll try also masscan -e tun0 -p1-65535,U:1-65535 10.10.10.x --rate=500
@thepunisher7 said:
Thanks Guys I use simply
nmap 10.10.10.x -T5but It gives me only open ports information no version no services or OS info.but I’ll try also
masscan -e tun0 -p1-65535,U:1-65535 10.10.10.x --rate=500
It’s worth looking into the various switches of nmap so you can tune it to your specific needs. My " go to " tends to be nmap -Pn -sC -sV -oA tcp -p- -T4 -vvvvv --reason IP.AD.DR.SS.
I’ve found some boxes are more responsive than others, and this is true on the VIP boxes as well so it isn’t all down to other people hitting it (but this is part of it). When it comes to UDP scanning, I’ve often rooted a box before that completes.
scanning all 65000 ports does take a long time yeah. I usually start off by just scanning the first 6000 ports (as that’s where most of the interesting stuff is, on Windows anyway), then if I get stuck I’ll scan the rest later on.
Type your comment> @VbScrub said:
scanning all 65000 ports does take a long time yeah. I usually start off by just scanning the first 6000 ports (as that’s where most of the interesting stuff is, on Windows anyway), then if I get stuck I’ll scan the rest later on.
I do both a common port scan and full port scan, doing what @VbScrub mentioned as my common scan, but then allowing passive recon to run in the background while I check out everything that showed up on the common scan. That way I am always running constant enumeration but it still gives me a chance to go look at what I’ve already found.
Attacks on easy Difficulty rating machines are happening more than the hard. So they may busy.
If we can go on with basic nmap scan then It’s okay.
If we need more then we need to wait more…
Thanks @TazWake nmap -Pn -sC -sV -oA tcp -p- -T4 -vvvvv --reason IP.AD.DR.SS for this command.
It’s a good thing to increase the verbosity and also the reason argument for learning something new.
It’s good to 6000 ports first then if we need more then we can.
Or
Start with basic ports with less info then if we need more details we’ll do advanced scan.
More information makes more easy to gain access…
Type your comment> @limbernie said:
I use
masscanfor a quick port scan:
masscan -e tun0 -p1-65535,U:1-65535 10.10.10.x --rate=500
This worked like a gem great one …