NMAP
Ping Scan
Permet de trouver tous les hôtes connectés à un réseau
nmap -sn 192.168.42.0/32
Scan complet
~2min par hôte depuis le réseau local, peut prendre plus de temps en WAN
LAN
# nmap -A -T4 192.168.42.254/32
Starting Nmap 7.80 ( https://nmap.org ) at 2021-11-15 10:12 CET
Nmap scan report for gateway.42.168.192.in-addr.arpa (192.168.42.254)
Host is up (0.00024s latency).
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Raspbian 5+b1 (protocol 2.0)
25/tcp open smtp Postfix smtpd
|_smtp-commands: mail.michel-joly.fr, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8, CHUNKING,
| ssl-cert: Subject: commonName=michel-joly.fr
| Subject Alternative Name: DNS:*.michel-joly.fr, DNS:michel-joly.fr
| Not valid before: 2021-10-22T08:31:32
|_Not valid after: 2022-01-20T08:31:31
|_ssl-date: TLS randomness does not represent time
53/tcp open domain ISC BIND 9.16.15 (Raspbian Linux)
| dns-nsid:
|_ bind.version: 9.16.15-Raspbian
80/tcp open http Apache httpd 2.4.51
|_http-server-header: Apache/2.4.51 (Raspbian)
|_http-title: Did not follow redirect to https://www.michel-joly.fr/
143/tcp open imap Dovecot imapd
|_imap-capabilities: OK AUTH=LOGINA0001 listed IDLE STARTTLS post-login ENABLE AUTH=PLAIN more IMAP4rev1 LITERAL+ LOGIN-REFERRALS Pre-login have capabilities ID SASL-IR
| ssl-cert: Subject: commonName=raspberrypi
| Subject Alternative Name: DNS:raspberrypi
| Not valid before: 2020-12-06T11:57:07
|_Not valid after: 2030-12-04T11:57:07
443/tcp open ssl/http Apache httpd 2.4.51 ((Raspbian))
|_http-server-header: Apache/2.4.51 (Raspbian)
|_http-title: R\xC3\xA9f\xC3\xA9rences
| ssl-cert: Subject: commonName=michel-joly.fr
| Subject Alternative Name: DNS:*.michel-joly.fr, DNS:michel-joly.fr
| Not valid before: 2021-10-22T08:31:32
|_Not valid after: 2022-01-20T08:31:31
| tls-alpn:
|_ http/1.1
993/tcp open ssl/imap Dovecot imapd
|_imap-capabilities: IMAP4rev1 ENABLE have AUTH=LOGINA0001 capabilities ID IDLE more OK LITERAL+ SASL-IR Pre-login listed post-login LOGIN-REFERRALS AUTH=PLAIN
| ssl-cert: Subject: commonName=raspberrypi
| Subject Alternative Name: DNS:raspberrypi
| Not valid before: 2020-12-06T11:57:07
|_Not valid after: 2030-12-04T11:57:07
3390/tcp open ms-wbt-server xrdp
MAC Address: DC:A6:32:D9:50:97 (Raspberry Pi Trading)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.80%E=4%D=11/15%OT=22%CT=1%CU=44406%PV=Y%DS=1%DC=D%G=Y%M=DCA632%
OS:TM=619224E2%P=x86_64-pc-linux-gnu)SEQ(SP=108%GCD=1%ISR=10B%TI=Z%CI=Z%II=
OS:I%TS=A)OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%
OS:O5=M5B4ST11NW7%O6=M5B4ST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W5=FE88%W
OS:6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=
OS:O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD
OS:=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0
OS:%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1
OS:(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI
OS:=N%T=40%CD=S)
Network Distance: 1 hop
Service Info: Hosts: mail.michel-joly.fr, michel-joly.fr; OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT ADDRESS
1 0.24 ms gateway.42.168.192.in-addr.arpa (192.168.42.254)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 107.24 seconds
WAN
nmap -A -T4 michel-joly.fr
Starting Nmap 7.91 ( https://nmap.org ) at 2021-11-15 10:24 CET
Warning: 82.65.139.91 giving up on port because retransmission cap hit (6).
Stats: 0:05:35 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 33.61% done; ETC: 10:41 (0:11:02 remaining)
Nmap scan report for michel-joly.fr (82.65.139.91)
Host is up (0.82s latency).
rDNS record for 82.65.139.91: 82-65-139-91.subs.proxad.net
Not shown: 848 closed ports, 139 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Raspbian 5+b1 (protocol 2.0)
| ssh-hostkey:
| 2048 1f:4c:b3:36:f3:42:79:f0:6e:21:bf:e6:a1:c7:e6:44 (RSA)
| 256 08:91:7f:ad:e8:58:61:f5:29:87:0c:8e:a9:c9:82:2b (ECDSA)
|_ 256 3c:a1:86:06:b0:22:9c:bc:96:af:2b:5c:ba:b9:d0:69 (ED25519)
25/tcp open smtp Postfix smtpd
|_smtp-commands: mail.michel-joly.fr, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, AUTH PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8, CHUNKING,
| ssl-cert: Subject: commonName=michel-joly.fr
| Subject Alternative Name: DNS:*.michel-joly.fr, DNS:michel-joly.fr
| Not valid before: 2021-10-22T08:31:32
|_Not valid after: 2022-01-20T08:31:31
|_ssl-date: TLS randomness does not represent time
53/tcp open domain dnsmasq 2.85
| dns-nsid:
|_ bind.version: dnsmasq-2.85
80/tcp open http Apache httpd 2.4.51
|_http-server-header: Apache/2.4.51 (Raspbian)
|_http-title: Did not follow redirect to https://www.michel-joly.fr/
143/tcp open imap Dovecot imapd
|_imap-capabilities: listed AUTH=LOGINA0001 ID LITERAL+ more AUTH=PLAIN SASL-IR IDLE ENABLE capabilities have post-login Pre-login LOGIN-REFERRALS OK STARTTLS IMAP4rev1
| ssl-cert: Subject: commonName=raspberrypi
| Subject Alternative Name: DNS:raspberrypi
| Not valid before: 2020-12-06T11:57:07
|_Not valid after: 2030-12-04T11:57:07
443/tcp open ssl/ssl Apache httpd (SSL-only mode)
|_http-server-header: Apache/2.4.51 (Raspbian)
|_http-title: R\xC3\xA9f\xC3\xA9rences
| ssl-cert: Subject: commonName=michel-joly.fr
| Subject Alternative Name: DNS:*.michel-joly.fr, DNS:michel-joly.fr
| Not valid before: 2021-10-22T08:31:32
|_Not valid after: 2022-01-20T08:31:31
| tls-alpn:
|_ http/1.1
445/tcp open microsoft-ds
| fingerprint-strings:
| SMBProgNeg:
|_ SMBr
554/tcp open rtsp Freebox rtspd 1.2
|_rtsp-methods: DESCRIBE, OPTIONS, SETUP, TEARDOWN, PLAY, PAUSE
993/tcp open ssl/imap Dovecot imapd
|_imap-capabilities: more have listed AUTH=LOGINA0001 post-login ID IDLE ENABLE capabilities Pre-login OK AUTH=PLAIN LOGIN-REFERRALS LITERAL+ SASL-IR IMAP4rev1
| ssl-cert: Subject: commonName=raspberrypi
| Subject Alternative Name: DNS:raspberrypi
| Not valid before: 2020-12-06T11:57:07
|_Not valid after: 2030-12-04T11:57:07
5000/tcp open rtsp
| fingerprint-strings:
| FourOhFourRequest, GenericLines, GetRequest, HTTPOptions:
| P/1.0 400 Bad Request
| CSeq: 0
| RTSPRequest:
| RTSP/1.0 200 OK
| Public: OPTIONS, ANNOUNCE, SETUP, RECORD, SET_PARAMETER, GET_PARAMETER, FLUSH, TEARDOWN, POST, GET
| SIPOptions:
|_ ept: application/sdp
|_rtsp-methods: OPTIONS, ANNOUNCE, SETUP, RECORD, SET_PARAMETER, GET_PARAMETER, FLUSH, TEARDOWN, POST, GET
5357/tcp open wsdapi?
| fingerprint-strings:
| DNSStatusRequestTCP, DNSVersionBindReqTCP, RPCCheck, SSLSessionReq, TerminalServerCookie:
| HTTP/1.1 414 URI Too Long
| Content-Type: text/plain
| Server: FbxWSD/1.0
| Content-Length: 16
| Connection: close
| Long
| GenericLines, Help, RTSPRequest:
| HTTP/1.1 400 Bad Request
| Content-Type: text/plain
| Server: FbxWSD/1.0
| Content-Length: 15
| Connection: close
| Request
| GetRequest, HTTPOptions:
| HTTP/1.1 426 Upgrade Required
| Upgrade: HTTP/1.1
| Content-Type: text/plain
| Server: FbxWSD/1.0
| Content-Length: 20
| Connection: close
|_ Upgrade Required
8090/tcp open http nginx
|_http-title: Freebox :: Probl\xC3\xA8me de connexion Internet
9091/tcp open http nginx
|_http-title: 404 Not Found
3 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port445-TCP:V=7.91%I=7%D=11/15%Time=61922B65%P=aarch64-unknown-linux-an
SF:droid%r(SMBProgNeg,51,"\0\0\0M\xffSMBr\0\0\0\0\x80\x01@\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0@\x06\0\0\x01\0\x11\x07\0\x03\n\0\x01\0\0\0\x01\0\0\0\x01\0
SF:\0\0\0\0\xdc\xc3\x80\x80\x9d\xa3\r\x05\x05\xda\xd7\x01\0\0\x08\x08\0b\x
SF:b0\x99\xf5\xfb\xd1\xb8\xc2");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5000-TCP:V=7.91%I=7%D=11/15%Time=61922B65%P=aarch64-unknown-linux-a
SF:ndroid%r(GenericLines,25,"\0\0\0P/1\.0\x20400\x20Bad\x20Request\r\nCSeq
SF::\x200\r\n\r\n")%r(GetRequest,25,"\0\0\0P/1\.0\x20400\x20Bad\x20Request
SF:\r\nCSeq:\x200\r\n\r\n")%r(RTSPRequest,77,"RTSP/1\.0\x20200\x20OK\r\nPu
SF:blic:\x20OPTIONS,\x20ANNOUNCE,\x20SETUP,\x20RECORD,\x20SET_PARAMETER,\x
SF:20GET_PARAMETER,\x20FLUSH,\x20TEARDOWN,\x20POST,\x20GET\r\n\r\n")%r(HTT
SF:POptions,25,"\0\0\0P/1\.0\x20400\x20Bad\x20Request\r\nCSeq:\x200\r\n\r\
SF:n")%r(FourOhFourRequest,25,"\0\0\0P/1\.0\x20400\x20Bad\x20Request\r\nCS
SF:eq:\x200\r\n\r\n")%r(SIPOptions,25,"\0\0\0ept:\x20application/sdp\0\0\0
SF:\0\0\0o\0\0\0\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5357-TCP:V=7.91%I=7%D=11/15%Time=61922B5F%P=aarch64-unknown-linux-a
SF:ndroid%r(GenericLines,80,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent
SF:-Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2015
SF:\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(GetRequest,9D
SF:,"HTTP/1\.1\x20426\x20Upgrade\x20Required\r\nUpgrade:\x20HTTP/1\.1\r\nC
SF:ontent-Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:
SF:\x2020\r\nConnection:\x20close\r\n\r\n426\x20Upgrade\x20Required")%r(HT
SF:TPOptions,9D,"HTTP/1\.1\x20426\x20Upgrade\x20Required\r\nUpgrade:\x20HT
SF:TP/1\.1\r\nContent-Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nCon
SF:tent-Length:\x2020\r\nConnection:\x20close\r\n\r\n426\x20Upgrade\x20Req
SF:uired")%r(RTSPRequest,80,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent
SF:-Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2015
SF:\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(RPCCheck,82,"
SF:HTTP/1\.1\x20414\x20URI\x20Too\x20Long\r\nContent-Type:\x20text/plain\r
SF:\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x20clo
SF:se\r\n\r\n414\x20URI\x20Too\x20Long")%r(DNSVersionBindReqTCP,82,"HTTP/1
SF:\.1\x20414\x20URI\x20Too\x20Long\r\nContent-Type:\x20text/plain\r\nServ
SF:er:\x20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x20close\r\n
SF:\r\n414\x20URI\x20Too\x20Long")%r(DNSStatusRequestTCP,82,"HTTP/1\.1\x20
SF:414\x20URI\x20Too\x20Long\r\nContent-Type:\x20text/plain\r\nServer:\x20
SF:FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x20close\r\n\r\n414
SF:\x20URI\x20Too\x20Long")%r(Help,80,"HTTP/1\.1\x20400\x20Bad\x20Request\
SF:r\nContent-Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Len
SF:gth:\x2015\r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(SSL
SF:SessionReq,82,"HTTP/1\.1\x20414\x20URI\x20Too\x20Long\r\nContent-Type:\
SF:x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nCon
SF:nection:\x20close\r\n\r\n414\x20URI\x20Too\x20Long")%r(TerminalServerCo
SF:okie,82,"HTTP/1\.1\x20414\x20URI\x20Too\x20Long\r\nContent-Type:\x20tex
SF:t/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnectio
SF:n:\x20close\r\n\r\n414\x20URI\x20Too\x20Long");
Service Info: Hosts: mail.michel-joly.fr, michel-joly.fr; OS: Linux; Device: media device; CPE: cpe:/o:linux:linux_kernel
Host script results:
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb2-security-mode:
| 2.02:
|_ Message signing enabled but not required
| smb2-time:
| date: 2021-11-15T09:42:25
|_ start_date: N/A
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1070.23 seconds