Nmap 6: Network Exploration and Security Auditing Cookbook
Downloading Nmap from the official source code repository
Compiling Nmap from source code
Listing open ports on a remote host
Fingerprinting services of a remote host
Finding live hosts in your network
Scanning using specific port ranges
Scanning using a specified network interface
Comparing scan results with Ndiff
Managing multiple scanning profiles with Zenmap
Monitoring servers remotely with Nmap and Ndiff
Discovering hosts with TCP SYN ping scans
Discovering hosts with TCP ACK ping scans
Discovering hosts with UDP ping scans
Discovering hosts with ICMP ping scans
Discovering hosts with IP protocol ping scans
Discovering hosts with ARP ping scans
Discovering hosts using broadcast pings
Hiding our traffic with additional random data
Excluding hosts from your scans
Gathering network information with broadcast scripts
Gathering Additional Host Information
Getting information from WHOIS records
Checking if a host is known for malicious activities
Collecting valid e-mail accounts
Discovering hostnames pointing to the same IP address
Fingerprinting the operating system of a host
Listing protocols supported by a remote host
Discovering stateful firewalls by using a TCP ACK scan
Matching services with known security vulnerabilities
Spoofing the origin IP of a port scan
Listing supported HTTP methods
Checking if an HTTP proxy is open
Discovering interesting files and directories on various web servers
Brute forcing HTTP authentication
Abusing mod_userdir to enumerate user accounts
Testing default credentials in web applications
Brute-force password auditing WordPress installations
Brute-force password auditing Joomla! installations
Detecting web application firewalls
Detecting possible XST vulnerabilities
Detecting Cross Site Scripting vulnerabilities in web applications
Finding SQL injection vulnerabilities in web applications
Detecting web servers vulnerable to slowloris denial of service attacks
Finding root accounts with empty passwords in MySQL servers
Detecting insecure configurations in MySQL servers
Brute forcing Oracle passwords
Brute forcing Oracle SID names
Retrieving MS SQL server information
Brute forcing MS SQL passwords
Dumping the password hashes of an MS SQL server
Running commands through the command shell on MS SQL servers
Finding sysadmin accounts with empty passwords on MS SQL servers
Retrieving MongoDB server information
Retrieving CouchDB database statistics
Discovering valid e-mail accounts using Google Search
Enumerating users in an SMTP server
Detecting backdoor SMTP servers
Retrieving the capabilities of an IMAP mail server
Retrieving the capabilities of a POP3 mail server
Detecting vulnerable Exim SMTP servers version 4.70 through 4.75
Reading targets from a text file
Skipping tests to speed up long scans
Selecting the correct timing template
Adjusting performance parameters
Collecting signatures of web servers
Distributing a scan among several clients using Dnmap
Saving scan results in normal format
Saving scan results in an XML format
Saving scan results to a SQLite database
Saving scan results in a grepable format
Generating a network topology graph with Zenmap
Generating an HTML scan report
Reporting vulnerability checks performed during a scan
Making HTTP requests to identify vulnerable Trendnet webcams
Sending UDP payloads by using NSE sockets
Exploiting a path traversal vulnerability with NSE
Working with the web crawling library
Reporting vulnerabilities correctly in NSE scripts
Working with NSE threads, condition variables, and mutexes in NSE