# Scans

## **1. Nmap**

Scan Basique rapide  **:** 

```
nmap -T5 <ip>/domain
```

Scan IP Range :&#x20;

```
nmap 192.168.1.1-20
```

Scan Subnet :

```
nmap 192.168.1.0/24
```

Scan Firewall :

```
nmap -sA -Pn <ip>/domain
```

Scan rapide ping :&#x20;

```
nmap -sn <ip>/domain
```

Scan Operating system :&#x20;

```
nmap -O <ip>/domain
```

Scan sortie de fichier :&#x20;

```
nmap -A <ip>/domain > file.txt
```

Scan avancé :

```
nmap -A -p- <ip>/domain
```

Scan Vulnérabilités :

```
nmap -v --script vuln <ip>/domain
```

Scan complet (plus lent) :

```
nmap -A -Pn -sS -sV -Ps -Pa -sU -T5 <ip>/domain>
```

Vous pouvez trouver les scripts nmap ici : usr/share/nmap/script

**Process que j’aime utiliser :**&#x20;

```
nmap -A -p- -oA target1 <ip>/domain
nmap -v --script vuln <ip>/domain 
```

Astuce : Sortez vos scan au format XML/nmap/gnmap pour les importer dans Metasploit avec la commande -oA (exemple scan complet : **nmap -A -p- -oA outpout \<ip>/domain**

## **2. Dirbuster**

![](https://lh6.googleusercontent.com/F6q5MXaK85H9ZdjZJLz9ydgwKTORvUx16VKecVNPtgImHouaW8CkL2iyT-6hq1xDyTdFjaMA2wDJqApI-4tOQ7HVPayhz7SoA1kgfM9sJcEsQxPkUNwpm1aVHr8KrlmrR87U71c4)

1. Entrer L’url
2. Choisissez une WordList
3. Vous pouvez aussi utiliser la commande dirb \<ip>

**Process que j’aime utiliser :**

```
Voici deux wordlists très générale
/usr/share/dirbuster/wordists/directory-list-2.3-medium.txt
/usr/share/dirb/wordists/common.txt
Executer la commande
dirb http://<IP> /usr/share/wordlists/dirb/big.txt -X .phpuname -a
```

**Astuce** :  Utilisez la commande CTRL + L pour écrire directement le chemin quand vous êtes dans explorateur de fichiers.

## **3. Nikto**

```
 nikto -C all -h <ip>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.hacktive.bebzounette.com/information-gathering/scans.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.