> For the complete documentation index, see [llms.txt](https://blog.hacktive.bebzounette.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://blog.hacktive.bebzounette.com/information-gathering/scans.md).

# Scans

## **1. Nmap**

Scan Basique rapide  **:** 

```
nmap -T5 <ip>/domain
```

Scan IP Range :&#x20;

```
nmap 192.168.1.1-20
```

Scan Subnet :

```
nmap 192.168.1.0/24
```

Scan Firewall :

```
nmap -sA -Pn <ip>/domain
```

Scan rapide ping :&#x20;

```
nmap -sn <ip>/domain
```

Scan Operating system :&#x20;

```
nmap -O <ip>/domain
```

Scan sortie de fichier :&#x20;

```
nmap -A <ip>/domain > file.txt
```

Scan avancé :

```
nmap -A -p- <ip>/domain
```

Scan Vulnérabilités :

```
nmap -v --script vuln <ip>/domain
```

Scan complet (plus lent) :

```
nmap -A -Pn -sS -sV -Ps -Pa -sU -T5 <ip>/domain>
```

Vous pouvez trouver les scripts nmap ici : usr/share/nmap/script

**Process que j’aime utiliser :**&#x20;

```
nmap -A -p- -oA target1 <ip>/domain
nmap -v --script vuln <ip>/domain 
```

Astuce : Sortez vos scan au format XML/nmap/gnmap pour les importer dans Metasploit avec la commande -oA (exemple scan complet : **nmap -A -p- -oA outpout \<ip>/domain**

## **2. Dirbuster**

![](https://lh6.googleusercontent.com/F6q5MXaK85H9ZdjZJLz9ydgwKTORvUx16VKecVNPtgImHouaW8CkL2iyT-6hq1xDyTdFjaMA2wDJqApI-4tOQ7HVPayhz7SoA1kgfM9sJcEsQxPkUNwpm1aVHr8KrlmrR87U71c4)

1. Entrer L’url
2. Choisissez une WordList
3. Vous pouvez aussi utiliser la commande dirb \<ip>

**Process que j’aime utiliser :**

```
Voici deux wordlists très générale
/usr/share/dirbuster/wordists/directory-list-2.3-medium.txt
/usr/share/dirb/wordists/common.txt
Executer la commande
dirb http://<IP> /usr/share/wordlists/dirb/big.txt -X .phpuname -a
```

**Astuce** :  Utilisez la commande CTRL + L pour écrire directement le chemin quand vous êtes dans explorateur de fichiers.

## **3. Nikto**

```
 nikto -C all -h <ip>
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.hacktive.bebzounette.com/information-gathering/scans.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.