Nmap -oG Scan ( No targets were specified, so 0 hosts scanned) - nmap

nmap scanme.nmap.org works fine. I see the SSH 22 Port open etc...
But whenever I want to scan my own IP Address (ifconfig, eth0 Inet Address) - I get that 0 hosts scanned notif.
The command I use is:
nmap -oG "x.x.x.0-255" -vv > /Desktop/test.txt
I get 0 results.

The -oG option requires you to specify an output file. Try one of the following:
nmap "x.x.x.0-255" -vv -oG /Desktop/test.txt
nmap -oG - "x.x.x.0-255" -vv > /Desktop/test.txt

Related

db_nmap metasploit using hosts in postgres database

I am using metasploit and attempting to run a db_nmap against all the hosts I imported from an nmap run that I saved into a .xml file. So all the hosts are in my metasploit postgres database as verified when I run the hosts command. However I am unsure how I can run db_nmap against all these hosts.
The typical command I use for a single IP is:
db_nmap -sS -Pn -A --script vuln 192.0.0.1
The command I tried to use for all IPs in my database:
db_nmap -sS -Pn -A --script vuln hosts
I also tried
db_nmap -sS -Pn -A --script vuln hosts -c
I am also currently running this as a hackaround but so far it hasn't outputted anything: db_nmap -sS -Pn -A --script vuln -i /home/myuser/targets.txt
I cannot find the documentation I need so I am hoping someone can help me out here.
Thank you!
Try this:
host -o hostcsv
cat hostcsv | awk -F"," '{print $1}' | tr -d '"' | sort -u > host.txt
db_nmap --iL host.txt

What are the ports that -F option in nmap probe?

I searched the nmap book but I couldn't find the list of ports probed with the -F option. Can anyone help me with this information?
You can get the complete list of ports from Nmap by running it in verbose Grepable output mode without any targets:
$ nmap -F -v -oG -
# Nmap 7.70 scan initiated Tue May 7 15:02:23 2019 as: ./nmap -F -v -oG -
# Ports scanned: TCP(100;7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157) UDP(0;) SCTP(0;) PROTOCOLS(0;)
WARNING: No targets were specified, so 0 hosts scanned.
# Nmap done at Tue May 7 15:02:23 2019 -- 0 IP addresses (0 hosts up) scanned in 0.03 seconds
Note the line that says "Ports scanned:" which lists 100 TCP ports starting with 7, 9, and 13 and ending with the range 49152-49157.

tshark doesn't always print source ip

How can i get the tcp payload of packets with tshark, and also get the source IP that sent these packets?
This command works for most packets, but some packets are still printed WITHOUT a source IP (Why?) :
tshark -Y "tcp.dstport == 80" -T fields -d tcp.port==80,echo -e echo.data -e ip.src
*To test my command, run it and then browse to http://stackoverflow.com. Notice that usually the data chunks ("47:45:54:20:2f:61:64:73:...") have an IP after them, but not always.
I found the problem:
The packets with a missing source IP were IPv6, but my original command only prints IPv4.
This works:
tshark -Y "tcp.dstport == 80" -T fields -d tcp.port==80,echo -e echo.data -e ip.src -e ipv6.src

How to set up cron using curl command?

After apache rebuilt my cron jobs stopped working.
I used the following command:
wget -O - -q -t 1 http://example.com/cgi-bin/loki/autobonus.pl
Now my DC support suggests me to change the wget method to curl. What would be the correct value in this case?
-O - is equivalent to curl's default behavior, so that's easy.
-q is curl's -s (or --silent)
--retry N will substitute for wget's -t N
All in all:
curl -s --retry 1 http://example.com/cgi-bin/loki/autobonus.pl
try run change with the full path of wget
/usr/bin/wget -O - -q -t 1 http://example.com/cgi-bin/loki/autobonus.pl
you can find the full path with:
which wget
and more, check if you can reach the destination domain with ping or other methods:
ping example.com
Update:
based on the comments, seems to be caused by the line in /etc/hosts:
127.0.0.1 example.com #change example.com to the real domain
It seems that you have restricted options in terms that on the server where the cron should run you have the domain pinned to 127.0.0.1 but the virtual host configuration does not work with that.
What you can do is to let wget connect by IP but send the Host header so that the virtual host matching would work:
wget -O - -q -t 1 --header 'Host: example.com' http://xx.xx.35.162/cgi-bin/loki/autobonus.pl
Update
Also probably you don't need to run this over the web server, so why not just run:
perl /path/to/your/script/autobonus.pl

How to get the IP address used by a Parallels VM from the host?

Parallels has a command line API which is documented here
>prlctl list
UUID STATUS IP_ADDR NAME
{ca50aac6-caa6-47a6-9bfe-e38f6261cb8d} running - win7
Still, even with this the IP_ADDR reported is always empty, even if the machine is running as has an internet connection.
How can I find the IP of the machine from the guest? I need a way to connect to the guest, by using a domain name or an IP.
If it's a Windows VM, you can get the IP with the following command from the host:
prlctl exec "VM Name" ipconfig | grep "IPv4" | grep -o '\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}'
For a *nix VM:
prlctl exec "VM Name" ifconfig eth1 | grep "inet " | grep -o 'addr:\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}' | grep -o '\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}\.\d\{1,3\}'
if you want to access the machine using SSH there is a built in command that can help with this.
prlctl enter <VM_ID|VM_NAME>
This will open a prompt as root to the VM
if you want the IP for any other reason there is another way to get it
prlctl exec <VM_ID|VM_NAME> ifconfig
The exec command from prlctl will execute the ifconfig command on the host linux machine (if using windows do ipconfig instead of ifconfig)
All the output of the ifconfig will be printed on your terminal and the ip will be clearly visible in the output
I stumbled upon this today and found it questionable that the list command shows an IP_ADDR but never the IP. I checked the most recent docs for the prlctl command and its states:
-f, --full
Shows the real IP address(es) for running virtual machines.
Providing this flag displays the IP addresses for me
prlctl list -f