PORT Scanning

TCP/UDP Port Scanning

NetCat

nc -nvv -w 1 -z 192.168.10.123 3388-3390

#-u is used to connect UDP
nc -nv -u -z -w 1 192.168.10.123 120-123

NMAP

sudo nmap  -sV -sC --min-rate 10000 $1 -v -Pn -oN nmap/default.sVsC

sudo nmap --script=vuln --min-rate 10000 $1 -Pn -oN nmap/script.vuln
 
sudo nmap -p- --min-rate 10000 $1 -Pn -oN nmap/allPorts

# All port scan again with max retries 0 and min rate 5000
sudo nmap -p- -T4 --min-rate 5000 --max-retries 0 -v $IP -oN nmap/ports

# Once we have to ports do both an aggressive scan and a verbose service scan
ports=$(cat nmap/{initial,ports,ports2} | grep 'open' | cut -d '/' -f 1 | sort -u |sed -z 's/\n/,/g;s/,$/\n/')


sudo nmap -sU -p- --min-rate 10000 $1 -oN nmap/alludp
sudo nmap -sU -sC --top-ports 20 -oA nmap/udp-top20-scripts $1


# Get an initial idea of the scenario
sudo nmap -sCV -oN nmap/initial -v $IP

# All port scan again with max retries 0 and min rate 5000
sudo nmap -p- -T4 --min-rate 5000 --max-retries 0 -v $IP -oN nmap/ports

# All port scan with 5 threads to list the ports
sudo nmap -p- -T5 -v $IP -oN nmap/ports2

# Once we have to ports do both an aggressive scan and a verbose service scan
ports=$(cat nmap/{initial,ports,ports2} | grep 'open' | cut -d '/' -f 1 | sort -u |sed -z 's/\n/,/g;s/,$/\n/')

sudo nmap -p $ports -A -v $IP -oN nmap/all-ports
sudo nmap -p $ports -sCV -O -oN nmap/all-ports-service -v $IP

# UDP Portscan
sudo nmap -p $ports -sU -A $IP

https://github.com/21y4d/nmapAutomator

Using Windows

1..1024 | % {echo ((New-Object Net.Sockets.TcpClient).Connect("192.168.50.151", $_)) "TCP port $_ is open"} 2>$null

Test-NetConnection -Port 445 192.168.50.151