NMAP : Network Scan for open ports

If you wish to quickly find all machines on a network that have a certain TCP port open you might want to can for all machines with TCP port 80/443 open to enable you to audit servers with expiring certificates you can use NMAP, the general syntax is this:

nmap -Pn -p<portnumber> -oG <logfilename.gnmap> <target networks>

WARNING : You can configure web services to work on ports other than 80 and 443, therefore remember this only scans the default port that is assigned to a web server, if you need all ports see the "all ports" section.

Scan for HTTP/HTTPS (on default ports)

This means if you wanted to scan your local network for all servers with HTTP or HTTP open you could use this:

You will need to change the network for the actual network you want to scan.

HTTP : nmap -Pn -p80 -oG http-scan-%D.gnmap 10.12.0.0/24
HTTPS: nmap -Pn -p443 -oG https-scan-%D.gnmap 10.12.0.0/24

This will output a file in the current directory called either "http-scan" or "https-scan" followed by the current date as you can see here:


The report file will look like this, so here you can see that a server called iis-test-.bears.local as HTTP open on 443.


Scan for all open ports

If you wish to scan all open ports:

All Ports : nmap -Pn -oG http-scan-%D.gnmap 10.12.0.0/24

This will return all the ports and not only the ones on 80/443 as earlier like this, it will also returned the closed ports as well:




Previous Post Next Post

Ω†Ω…ΩˆΨ°Ψ¬ Ψ§Ω„Ψ§ΨͺΨ΅Ψ§Ω„