Skip to main content

appendix_c_typical_usage_for_pentesting

In a general pentest we may go with a simple:

 sudo nmap -sC -sV -oA outputfile ipaddress --stats-every 1m
 # with the -sC flag we launch the common scripts
 # this combination is one of the most commonly used during
 # basic pentests or CTFs, it is also used by ippsec
 sudo nmap -sV -O -sC -oA outputfile <ipaddress> --stats-every 1m
 # this is a more complete scan, which tries also to attempt the guess
 # of the OS

these combinations of flags/options/parameters gives us a good initial point to start to pentest the machine, of course in the meanwhile, if we can do it, we could also launch a more accurate scan on every port with:

 sudo nmap -sV -p- -oA fulloutputfile <ipaddress> --stats-every 1m
 # this checks all 65535 ports