====== Ubuntu - nmap - Scan OS information and Traceroute ====== Detect which OS and version is running on the remote host. To enable OS & version detection, script scanning and traceroute, we can use **-A** option with nmap. nmap -A 192.168.1.100 result: Starting Nmap 6.40 ( http://nmap.org ) at 2016-07-08 00:19 BST Nmap scan report for peter-laptop-1 (192.168.1.69) Host is up (0.00018s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 80/tcp open http nginx 1.4.6 (Ubuntu) |_http-methods: No Allow or Public header in OPTIONS response (status code 405) |_http-title: Site doesn't have a title (text/html). 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: PETER-LAPTOP-1) 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: PETER-LAPTOP-1) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel Host script results: |_nbstat: NetBIOS name: PETER-LAPTOP-1, NetBIOS user: , NetBIOS MAC: | smb-os-discovery: | OS: Windows 6.1 (Samba 4.3.9-Ubuntu) | Computer name: peter-laptop-1 | NetBIOS computer name: PETER-LAPTOP-1 | Domain name: | FQDN: peter-laptop-1 |_ System time: 2016-07-08T00:19:56+01:00 | smb-security-mode: | Account that was used for smb scripts: guest | User-level authentication | SMB Security: Challenge/response passwords supported |_ Message signing disabled (dangerous, but default) |_smbv2-enabled: Server supports SMBv2 protocol Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.40 seconds ---- ===== Example of Unknown OS ===== Starting Nmap 6.40 ( http://nmap.org ) at 2016-07-08 00:06 BST Nmap scan report for 192.168.1.100 Host is up (0.035s latency). Not shown: 989 closed ports PORT STATE SERVICE VERSION 80/tcp open http? | http-methods: Potentially risky methods: PUT DELETE |_See http://nmap.org/nsedoc/scripts/http-methods.html |_http-title: Site doesn't have a title (text/html). 139/tcp open tcpwrapped 443/tcp open ssl/https? | http-methods: Potentially risky methods: PUT DELETE |_See http://nmap.org/nsedoc/scripts/http-methods.html |_http-title: Site doesn't have a title (text/html). | ssl-cert: Subject: commonName=Printer/organizationName=HP/stateOrProvinceName=Washington/countryName=US | Not valid before: 2015-01-09T13:43:38+00:00 |_Not valid after: 2035-01-04T13:43:38+00:00 445/tcp open netbios-ssn 515/tcp open printer 631/tcp open ipp? | http-methods: Potentially risky methods: PUT DELETE |_See http://nmap.org/nsedoc/scripts/http-methods.html 6839/tcp open tcpwrapped 7435/tcp open tcpwrapped 8080/tcp open http-proxy? | http-methods: Potentially risky methods: PUT DELETE |_See http://nmap.org/nsedoc/scripts/http-methods.html |_http-title: Site doesn't have a title (text/html). 9100/tcp open jetdirect? 9220/tcp open unknown 4 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port80-TCP:V=6.40%I=7%D=7/8%Time=577EE09E%P=x86_64-pc-linux-gnu%r(GetRe SF:quest,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nSe SF:rver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\ SF:x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov SF:\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(HTTPOptions SF:,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer: SF:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\ SF:x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x202 SF:0,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RTSPRequest,B7," SF:HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x SF:20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x2 SF:0A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020, SF:\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(X11Probe,B7,"HTTP/ SF:1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\ SF:x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F6 SF:5A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202 SF:015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(FourOhFourRequest,B3,"H SF:TTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer:\x20HP SF:\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F SF:65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x20 SF:2015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(GenericLines,B7,"HTTP/ SF:1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\ SF:x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F6 SF:5A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202 SF:015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RPCCheck,B7,"HTTP/1\.1\ SF:x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x20HT SF:TP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A;\x SF:20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202015\x SF:2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSVersionBindReq,B7,"HTTP/1 SF:\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x SF:20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65 SF:A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x2020 SF:15\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port443-TCP:V=6.40%T=SSL%I=7%D=7/8%Time=577EE0A5%P=x86_64-pc-linux-gnu% SF:r(GetRequest,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supporte SF:d\r\nServer:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x SF:208620\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri SF:\x20Nov\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Gene SF:ricLines,B7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close SF:\r\nServer:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x2 SF:08620\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\ SF:x20Nov\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(HTTPO SF:ptions,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nS SF:erver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620 SF:\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20No SF:v\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RTSPReques SF:t,B7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nSer SF:ver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x SF:20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\ SF:x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RPCCheck,B7, SF:"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\ SF:x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x SF:20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020 SF:,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSVersionBindReq SF:,B7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServ SF:er:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x2 SF:0-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x SF:2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSStatusRequ SF:est,B7,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nS SF:erver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620 SF:\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20No SF:v\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Help,B7,"H SF:TTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x2 SF:0HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20 SF:A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\ SF:x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port631-TCP:V=6.40%I=7%D=7/8%Time=577EE09E%P=x86_64-pc-linux-gnu%r(GetR SF:equest,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nS SF:erver:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620 SF:\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20No SF:v\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(HTTPOption SF:s,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer SF::\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20- SF:\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x20 SF:20,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(GenericLines,B7 SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer: SF:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\ SF:x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x202 SF:0,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RTSPRequest,B7," SF:HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x SF:20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x2 SF:0A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020, SF:\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RPCCheck,B7,"HTTP/ SF:1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\ SF:x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F6 SF:5A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202 SF:015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSVersionBindReq,B7,"H SF:TTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x2 SF:0HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20 SF:A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\ SF:x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(DNSStatusRequest,B7 SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer: SF:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\ SF:x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x202 SF:0,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Help,B7,"HTTP/1\ SF:.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x2 SF:0HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A SF:;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x20201 SF:5\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n"); ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port8080-TCP:V=6.40%I=7%D=7/8%Time=577EE09E%P=x86_64-pc-linux-gnu%r(Get SF:Request,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\n SF:Server:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x20862 SF:0\x20-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20N SF:ov\x2020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(HTTPOptio SF:ns,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServe SF:r:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20 SF:-\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2 SF:020,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RTSPRequest,B7 SF:,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nServer: SF:\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\ SF:x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x202 SF:0,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(FourOhFourReques SF:t,B3,"HTTP/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer SF::\x20HP\x20HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20- SF:\x20A7F65A;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x20 SF:20,\x202015\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Socks5,B3,"HTTP SF:/1\.1\x20505\x20HTTP\x20Version\x20Not\x20Supported\r\nServer:\x20HP\x2 SF:0HTTP\x20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A SF:;\x20Serial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x20201 SF:5\x2011:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(Socks4,B7,"HTTP/1\.1\x204 SF:00\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x20HTTP\x SF:20Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A;\x20Se SF:rial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202015\x2011 SF::46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(GenericLines,B7,"HTTP/1\.1\x2040 SF:0\x20Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x20HTTP\x2 SF:0Server;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A;\x20Ser SF:ial\x20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202015\x2011: SF:46:43AM\x20{FDP1CN1547AR}\r\n\r\n")%r(RPCCheck,B7,"HTTP/1\.1\x20400\x20 SF:Bad\x20Request\r\nConnection:\x20close\r\nServer:\x20HP\x20HTTP\x20Serv SF:er;\x20HP\x20HP\x20Officejet\x20Pro\x208620\x20-\x20A7F65A;\x20Serial\x SF:20Number:\x20CN55FFK2QC;\x20Built:Fri\x20Nov\x2020,\x202015\x2011:46:43 SF:AM\x20{FDP1CN1547AR}\r\n\r\n"); Host script results: |_nbstat: NetBIOS name: HP3863BB75D414, NetBIOS user: , NetBIOS MAC: | smb-os-discovery: | OS: VxWorks (NQ 4.32) | NetBIOS computer name: | Workgroup: |_ System time: 2016-07-08T00:15:24+00:00 | smb-security-mode: | Account that was used for smb scripts: guest | User-level authentication | SMB Security: Challenge/response passwords supported |_ Message signing disabled (dangerous, but default) |_smbv2-enabled: Server doesn't support SMBv2 protocol Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 225.80 seconds