20 KiB
20 KiB
type, created, updated
| type | created | updated |
|---|---|---|
| topic | 2024-01-06T01:25:36.042Z | 2024-01-06T01:25:36.042Z |
NMap
# https://www.stationx.net/nmap-cheat-sheet/
# https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
"C:\Program Files (x86)\Nmap\nmap.exe"
Nmap 7.94 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
--exclude-ports <port ranges>: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports sequentially - don't randomize
--top-ports <number>: Scan <number> most common ports
--port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity <level>: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma-separated list of script-files or
script-categories.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate <number>: Send packets no slower than <number> per second
--max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
--data <hex string>: Append a custom payload to sent packets
--data-string <string>: Append a custom ASCII string to sent packets
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-oA <basename>: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume <filename>: Resume an aborted scan
--noninteractive: Disable runtime interactions via keyboard
--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir <dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.
EXAMPLES:
nmap -v -A scanme.nmap.org
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
"C:\Program Files (x86)\Nmap\nmap.exe" -v -sn 10.95.176.49
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:24 US Mountain Standard Time
Initiating ARP Ping Scan at 07:24
Scanning 10.95.176.49 [1 port]
Completed ARP Ping Scan at 07:24, 1.42s elapsed (1 total hosts)
Nmap scan report for 10.95.176.49 [host down]
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.44 seconds
Raw packets sent: 2 (56B) | Rcvd: 0 (0B)
"C:\Program Files (x86)\Nmap\nmap.exe" -v -sn 10.95.176.46
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:24 US Mountain Standard Time
Initiating Parallel DNS resolution of 1 host. at 07:24
Completed Parallel DNS resolution of 1 host. at 07:24, 0.01s elapsed
Nmap scan report for MESTSA003.infineon.com (10.95.176.46)
Host is up.
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
"C:\Program Files (x86)\Nmap\nmap.exe" -v -sn 10.95.176.60
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:24 US Mountain Standard Time
Initiating ARP Ping Scan at 07:24
Scanning 10.95.176.60 [1 port]
Completed ARP Ping Scan at 07:24, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 07:24
Completed Parallel DNS resolution of 1 host. at 07:24, 0.02s elapsed
Nmap scan report for MESTSA005.infineon.com (10.95.176.60)
Host is up (0.0010s latency).
MAC Address: 00:50:56:8E:63:CF (VMware)
Read data files from: C:\Program Files (x86)\Nmap
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
Raw packets sent: 1 (28B) | Rcvd: 1 (28B)
"C:\Program Files (x86)\Nmap\nmap.exe" -v -A 10.95.176.60 -oX 10.95.176.xml
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:25 US Mountain Standard Time
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 07:25
Completed NSE at 07:25, 0.00s elapsed
Initiating NSE at 07:25
Completed NSE at 07:25, 0.00s elapsed
Initiating NSE at 07:25
Completed NSE at 07:25, 0.00s elapsed
Initiating ARP Ping Scan at 07:25
Scanning 10.95.176.60 [1 port]
Completed ARP Ping Scan at 07:25, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 07:25
Completed Parallel DNS resolution of 1 host. at 07:25, 0.02s elapsed
Initiating SYN Stealth Scan at 07:25
Scanning MESTSA005.infineon.com (10.95.176.60) [1000 ports]
Discovered open port 445/tcp on 10.95.176.60
Discovered open port 135/tcp on 10.95.176.60
Discovered open port 80/tcp on 10.95.176.60
Discovered open port 139/tcp on 10.95.176.60
Discovered open port 3389/tcp on 10.95.176.60
Discovered open port 5050/tcp on 10.95.176.60
Completed SYN Stealth Scan at 07:25, 4.70s elapsed (1000 total ports)
Initiating Service scan at 07:25
Scanning 6 services on MESTSA005.infineon.com (10.95.176.60)
Completed Service scan at 07:25, 11.02s elapsed (6 services on 1 host)
Initiating OS detection (try #1) against MESTSA005.infineon.com (10.95.176.60)
Retrying OS detection (try #2) against MESTSA005.infineon.com (10.95.176.60)
NSE: Script scanning 10.95.176.60.
Initiating NSE at 07:25
Completed NSE at 07:26, 40.10s elapsed
Initiating NSE at 07:26
Completed NSE at 07:26, 0.10s elapsed
Initiating NSE at 07:26
Completed NSE at 07:26, 0.00s elapsed
Nmap scan report for MESTSA005.infineon.com (10.95.176.60)
Host is up (0.00020s latency).
Not shown: 994 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.20.1
| http-methods:
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: nginx/1.20.1
|_http-favicon: Unknown favicon MD5: 40D4F2C38D1CD854AD463F16373CBCB6
| http-title: Swagger UI
|_Requested resource was index.html
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds?
3389/tcp open ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
| Target_Name: INFINEON
| NetBIOS_Domain_Name: INFINEON
| NetBIOS_Computer_Name: MESTSA005
| DNS_Domain_Name: infineon.com
| DNS_Computer_Name: MESTSA005.infineon.com
| DNS_Tree_Name: infineon.com
| Product_Version: 10.0.17763
|_ System_Time: 2023-12-05T14:25:42+00:00
| ssl-cert: Subject: commonName=MESTSA005.infineon.com
| Subject Alternative Name: DNS:MESTSA005.infineon.com
| Issuer: commonName=Infineon Technologies AG Machine CA 2/organizationName=Infineon Technologies AG/countryName=DE
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2023-02-02T08:12:48
| Not valid after: 2024-02-02T08:12:48
| MD5: cf40:75b6:5bf1:369b:940a:c81e:6773:7f84
|_SHA-1: 6c95:afca:ff55:efc1:3cd5:2aa3:1f02:bb47:28d0:b98c
|_ssl-date: 2023-12-05T14:26:22+00:00; 0s from scanner time.
5050/tcp open http nginx 1.20.1
|_http-title: Welcome to nginx!
|_http-server-header: nginx/1.20.1
| http-methods:
|_ Supported Methods: GET HEAD
MAC Address: 00:50:56:8E:63:CF (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2019 (97%)
Aggressive OS guesses: Microsoft Windows Server 2019 (97%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-time:
| date: 2023-12-05T14:25:42
|_ start_date: N/A
| nbstat: NetBIOS name: MESTSA005, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:8e:63:cf (VMware)
| Names:
| MESTSA005<20> Flags: <unique><active>
| MESTSA005<00> Flags: <unique><active>
|_ INFINEON<00> Flags: <group><active>
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
TRACEROUTE
HOP RTT ADDRESS
1 0.20 ms MESTSA005.infineon.com (10.95.176.60)
NSE: Script Post-scanning.
Initiating NSE at 07:26
Completed NSE at 07:26, 0.00s elapsed
Initiating NSE at 07:26
Completed NSE at 07:26, 0.00s elapsed
Initiating NSE at 07:26
Completed NSE at 07:26, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 64.87 seconds
Raw packets sent: 2070 (94.772KB) | Rcvd: 43 (2.950KB)
# https://www.stationx.net/nmap-cheat-sheet/
"C:\Program Files (x86)\Nmap\nmap.exe" -A 10.95.176.0/26 -F -oX "D:\Tmp\10.95.176.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 10.95.154.0/25 -F -oX "D:\Tmp\10.95.154.0.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.1.0/26 -F -oX "D:\Tmp\192.168.1.0.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.2.0/26 -F -oX "D:\Tmp\192.168.2.0.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.3.0/26 -F -oX "D:\Tmp\192.168.3.0.xml"
nmap -A 192.168.4.0/26 -F -oX /home/mike/192.168.4.0.xml
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.4.0/26 -F -oX "D:\Tmp\192.168.4.0.xml"
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.4.64/26 -F -oX "D:\Tmp\192.168.4.64.xml"
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/192.168.4.64.xml" > "D:/Tmp/192.168.4.64.json"
# Office-5G
"C:\Program Files (x86)\Nmap\nmap.exe" -sn 192.168.1.0/26 -oX "D:\Tmp\phares\Network\192.168.1.0.xml"
# Laundry-5G
"C:\Program Files (x86)\Nmap\nmap.exe" -sn 192.168.2.0/26 -oX "D:\Tmp\phares\Network\192.168.2.0.xml"
# Media-5G
"C:\Program Files (x86)\Nmap\nmap.exe" -sn 192.168.3.0/26 -oX "D:\Tmp\phares\Network\192.168.3.0.xml"
# Loft-2G
"C:\Program Files (x86)\Nmap\nmap.exe" -sn 192.168.4.0/26 -oX "D:\Tmp\phares\Network\192.168.4.0.xml"
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/phares/Network/192.168.1.0.xml" > "D:/Tmp/phares/Network/192.168.1.0.json"
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/phares/Network/192.168.2.0.xml" > "D:/Tmp/phares/Network/192.168.2.0.json"
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/phares/Network/192.168.3.0.xml" > "D:/Tmp/phares/Network/192.168.3.0.json"
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/phares/Network/192.168.4.0.xml" > "D:/Tmp/phares/Network/192.168.4.0.json"
L:/DevOps/Mesa_FI/File-Folder-Helper/bin/Release/net8.0/win-x64/publish/File-Folder-Helper.exe s X D:/Tmp/Phares/Network Day-Helper-2023-12-12 1*.json
# https://github.com/vdjagilev/nmap-formatter
"L:/Git/nmap-formatter/nmap-formatter.exe" json "D:/Tmp/10.95.154.xml" > "D:/Tmp/10.95.154.json"
copy "L:\Git\nmap-formatter\.vscode\10.95.154.xml" "L:\Git\Notes-EC-Documentation\EC-Documentation\nmap\10.95.154.xml"
Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 07:51 US Mountain Standard Time
Nmap scan report for 10.95.176.1
Host is up (0.0049s latency).
All 100 scanned ports on 10.95.176.1 are in ignored states.
Not shown: 100 closed tcp ports (reset)
MAC Address: 00:08:E3:FF:FD:90 (Cisco Systems)
Nmap scan report for MESSR001.infineon.com (10.95.176.9)
Host is up (0.00063s latency).
Not shown: 93 filtered tcp ports (no-response)
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: F4:03:43:AE:90:A0 (Hewlett Packard Enterprise)
Nmap scan report for MESSN002.infineon.com (10.95.176.21)
Host is up (0.00056s latency).
Not shown: 96 closed tcp ports (reset)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:8E:19:C2 (VMware)
Nmap scan report for MESSR002.infineon.com (10.95.176.25)
Host is up (0.00063s latency).
Not shown: 93 filtered tcp ports (no-response)
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:8E:24:15 (VMware)
Nmap scan report for MESSAD1001.infineon.com (10.95.176.35)
Host is up (0.00060s latency).
Not shown: 95 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:8E:51:F6 (VMware)
Nmap scan report for MESSN003.infineon.com (10.95.176.36)
Host is up (0.00055s latency).
Not shown: 96 closed tcp ports (reset)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:8E:80:86 (VMware)
Nmap scan report for MESSMSCCM02.infineon.com (10.95.176.37)
Host is up (0.00090s latency).
Not shown: 95 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:8E:95:BA (VMware)
Nmap scan report for MESSP1003.infineon.com (10.95.176.38)
Host is up (0.00038s latency).
Not shown: 90 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
515/tcp open printer
1433/tcp open ms-sql-s
3389/tcp open ms-wbt-server
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8443/tcp open https-alt
MAC Address: 00:50:56:8E:84:5A (VMware)
Nmap scan report for MESSA004.infineon.com (10.95.176.44)
Host is up (0.00062s latency).
Not shown: 94 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:8E:A1:D2 (VMware)
Nmap scan report for MESSA005.infineon.com (10.95.176.45)
Host is up (0.00074s latency).
Not shown: 94 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
8888/tcp open sun-answerbook
MAC Address: 00:50:56:8E:5A:0D (VMware)
Nmap scan report for MESTSA004.infineon.com (10.95.176.47)
Host is up (0.00077s latency).
Not shown: 96 closed tcp ports (reset)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:8E:0E:AF (VMware)
Nmap scan report for MESSA012.infineon.com (10.95.176.50)
Host is up (0.00065s latency).
Not shown: 94 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
8888/tcp open sun-answerbook
MAC Address: 00:50:56:8E:79:14 (VMware)
Nmap scan report for MESTSA005.infineon.com (10.95.176.60)
Host is up (0.00032s latency).
Not shown: 95 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
MAC Address: 00:50:56:8E:63:CF (VMware)
Nmap scan report for MESTSA006.infineon.com (10.95.176.61)
Host is up (0.00081s latency).
Not shown: 94 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
5051/tcp open ida-agent
MAC Address: 00:50:56:8E:A8:92 (VMware)
Nmap scan report for MESTSA003.infineon.com (10.95.176.46)
Host is up (0.0028s latency).
Not shown: 93 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
5051/tcp open ida-agent
Nmap done: 64 IP addresses (15 hosts up) scanned in 4.03 seconds
# https://www.youtube.com/watch?v=-rSqbgI7oZM
sudo -i
apt-get install nmap
apt-get install wireshark
apt-get install ettercap-text-only
ettercap -T -S -i ens18 -M arp:remote /192.168.3.1// /192.168.3.42//
# https://apackets.com/upload
"C:\Program Files (x86)\Nmap\nmap.exe" -A 192.168.31.50 -F -oX "D:\Tmp\192.168.31.50.xml"