Linux – Practical Nmap examples

I have used nmap and other IP scanners such as Angry IP scanner. My observation was that Nmap used Reverse DNS to resolve hostnames, so for that to work the DNS server should have reverse pointer records for the hosts. I found that other scanners follow up a PTR Query with a Netbios Query.

If you are sure that all hosts on the target network are Windows hosts and that they have NETBIOS enabled, you can use nbtscan tool to scan them.

In Nmap 6.46BETA6, the smb-check-vulns script was split into 6 different scripts:

• smb-vuln-conficker
• smb-vuln-cve2009-3103
• smb-vuln-ms06-025
• smb-vuln-ms07-029
• smb-vuln-regsvc-dos
• smb-vuln-ms08-067

You can run any specific checks you like, or all of them with --script smb-vuln-*, but be aware that many of these can cause a blue screen or other crash on the scanned system. Previously, these required you to add --script-args unsafe=1, so we added these scripts to the "dos" category so you can rule them out with --script "smb-vulns-* and not dos"