Aggressive Scan

joesizzlin3 total contributions
Published Dec 8, 2022Updated Dec 23, 2022
Contribute to Docs
An aggressive scan provides far better information than a regular scan, but is more likely to be detected. It is performed by using the -A
option and enables the following:
- OS detection (
-O
) - Version detection (
-sV
) - Script scanning (
-sC
) - Traceroute (
--traceroute
)
Aggressive scans send out more probes than a regular scan, and are more likely to be detected during a security audit.
Syntax
nmap -A <target>
The above conducts an aggressive scan on <target>
.
Example
The following example runs an aggressive scan on the site scanme.nmap.org:
nmap -A scanme.nmap.org
Note: This is a site explicitly set up for testing Nmap. Scans should only be performed on domains with explicit permissions given to the user.
This results in the following output:
Starting Nmap 7.93 ( https://nmap.org ) at 2022-11-27 11:53 Eastern Standard TimeNmap scan report for scanme.nmap.org (45.33.32.156)Host is up (0.12s latency).Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2fNot shown: 992 closed tcp ports (reset)PORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)| ssh-hostkey:| 1024 ac00a01a82ffcc5599dc672b34976b75 (DSA)| 2048 203d2d44622ab05a9db5b30514c2a6b2 (RSA)| 256 9602bb5e57541c4e452f564c4a24b257 (ECDSA)|_ 256 33fa910fe0e17b1f6d05a2b0f1544156 (ED25519)25/tcp filtered smtp80/tcp open http Apache httpd 2.4.7 ((Ubuntu))|_http-title: Go ahead and ScanMe!|_http-favicon: Nmap Project|_http-server-header: Apache/2.4.7 (Ubuntu)135/tcp filtered msrpc139/tcp filtered netbios-ssn445/tcp filtered microsoft-ds9929/tcp open nping-echo Nping echo31337/tcp open tcpwrappedAggressive OS guesses: Linux 5.4 (99%), Linux 5.0 - 5.4 (99%), Linux 4.15 - 5.6 (97%), Linux 2.6.32 - 3.13 (96%), Linux 5.0 - 5.3 (95%), Linux 5.1 (95%), Linux 2.6.22 - 2.6.36 (95%), Linux 3.10 - 4.11 (95%), Linux 5.0 (94%), Linux 2.6.32 (94%)No exact OS matches for host (test conditions non-ideal).Network Distance: 18 hopsService Info: OS: Linux; CPE: cpe:/o:linux:linux_kernelTRACEROUTE (using port 443/tcp)HOP RTT ADDRESS1 3.00 ms dsldevice.attlocal.net (192.168.1.254)2 ... 56 35.00 ms 32.130.17.777 33.00 ms cgcil403igs.ip.att.net (12.122.132.121)8 36.00 ms be3039.ccr41.ord03.atlas.cogentco.com (154.54.12.85)9 33.00 ms be2766.ccr42.ord01.atlas.cogentco.com (154.54.46.177)10 61.00 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)11 65.00 ms be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89)12 90.00 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)13 92.00 ms be3109.ccr21.sfo01.atlas.cogentco.com (154.54.44.137)14 94.00 ms be3178.ccr21.sjc01.atlas.cogentco.com (154.54.43.70)15 97.00 ms be2063.rcr21.b001848-1.sjc01.atlas.cogentco.com (154.54.1.162)16 99.00 ms 38.142.11.15417 100.00 ms if-1-6.csw5-fnc1.linode.com (173.230.159.67)18 118.00 ms scanme.nmap.org (45.33.32.156)OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 53.73 seconds
All contributors
- joesizzlin3 total contributions
- StevenSwiniarski475 total contributions
Looking to contribute?
- Learn more about how to get involved.
- Edit this page on GitHub to fix an error or make an improvement.
- Submit feedback to let us know how we can improve Docs.