Ben, figure a cool way to popup (or somthing) explanitory text onmouseover of key portions of the examples.
Below is an example of an nmap scan.
$ nmap -Pn -A -sS -sV -O --open --version-all -T4 -p 1-65535 127.0.0.1 Starting Nmap 7.60 ( https://nmap.org ) at 2019-08-20 11:56 EDT Stats: 0:00:05 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 32.73% done; ETC: 11:56 (0:00:06 remaining) Stats: 0:00:15 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Service scan Timing: About 0.00% done Nmap scan report for localhost (127.0.0.1) Host is up (0.0000090s latency). Not shown: 65533 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: Apache2 Ubuntu Default Page: It works 631/tcp open ipp CUPS 2.2 | http-methods: |_ Potentially risky methods: PUT | http-robots.txt: 1 disallowed entry |_/ |_http-server-header: CUPS/2.2 IPP/2.1 |_http-title: Home - CUPS 2.2.7 Device type: general purpose Running: Linux 3.X OS CPE: cpe:/o:linux:linux_kernel:3 OS details: Linux 3.7 - 3.10 Network Distance: 0 hops OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 17.80 seconds
This tells me which hosts on this network are powered up. It does not test all ports or gather much information, it simply identifies hosts that are online and checks a 1000 ports.
$ nmap -PE -T4 192.168.2.1-254 Starting Nmap 7.60 ( https://nmap.org ) at 2019-08-25 15:01 EDT Warning: 192.168.2.1 giving up on port because retransmission cap hit (6). Warning: 192.168.2.7 giving up on port because retransmission cap hit (6). Nmap scan report for _gateway (192.168.2.1) Host is up (0.0013s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http MAC Address: B4:75:0E:25:49:BE (Belkin International) Nmap scan report for 192.168.2.2 Host is up (0.053s latency). All 1000 scanned ports on 192.168.2.2 are filtered MAC Address: B0:EE:7B:AF:1E:E3 (Roku) Nmap scan report for 192.168.2.3 Host is up (0.055s latency). All 1000 scanned ports on 192.168.2.3 are filtered MAC Address: D8:31:34:68:77:AF (Unknown) Nmap scan report for 192.168.2.4 Host is up (0.041s latency). Not shown: 999 filtered ports PORT STATE SERVICE 2869/tcp open icslap MAC Address: 00:12:17:93:AC:AD (Cisco-Linksys) Nmap scan report for 192.168.2.5 Host is up (0.0037s latency). Not shown: 999 filtered ports PORT STATE SERVICE 2701/tcp open sms-rcinfo MAC Address: 5C:87:9C:7B:3D:6F (Unknown) Nmap scan report for 192.168.2.7 Host is up (0.017s latency). All 1000 scanned ports on 192.168.2.7 are closed MAC Address: D0:13:FD:25:EB:20 (LG Electronics (Mobile Communications)) Nmap scan report for wintermute (192.168.2.8) Host is up (0.000017s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http Nmap done: 254 IP addresses (7 hosts up) scanned in 271.87 seconds parth@wintermute:~$
Ben, get different examples that state systems.
root@kali:/# nc -vv www.ky.gov 80 dayglo.state.ky.us [205.204.132.139] 80 (http) open GET / HTTP/1.0 HTTP/1.1 200 OK Server: Sun-ONE-Web-Server/6.1 Date: Tue, 19 Apr 2016 12:51:36 GMT Content-length: 352 Content-type: text/html Last-modified: Tue, 01 Nov 2005 21:19:10 GMT Accept-ranges: bytes Connection: close <!doctype html public "-//IETF//DTD HTML//EN"> <html> <head> <meta http-equiv="Refresh" content="0; URL=http://kentucky.gov/"> <meta name="Robots" content="NoIndex, NoFollow, NoArchive" /> </noscript> <title>Commonwealth of Kentucky</title> </head> <body bgcolor="#FFFFFF" text="#000080" link="#000080" vlink="#000000" alink="#FF00FF"> </body> </html> sent 16, rcvd 573 root@kali:/# nc -vv www.ky.gov 80 dayglo.state.ky.us [205.204.132.139] 80 (http) open OPTIONS / HTTP/1.0 HTTP/1.1 200 OK Server: Sun-ONE-Web-Server/6.1 Date: Tue, 19 Apr 2016 12:52:15 GMT Content-length: 0 Allow: HEAD, GET Connection: close sent 20, rcvd 144 root@kali:/# nc -vv www.perl.com 80 DNS fwd/rev mismatch: www.perl.com != mt.perl.org www.perl.com [207.171.7.72] 80 (http) open OPTIONS / HTTP/1.0 HTTP/1.0 200 OK Date: Tue, 19 Apr 2016 13:32:17 GMT Allow: GET,HEAD,POST,OPTIONS,TRACE Server: Apache/2.2.14 (Unix) Connection: Close Content-Type: text/html Content-Length: 0 sent 20, rcvd 185 root@kali:/# nc -vv -o dump.txt www.perl.com 80 DNS fwd/rev mismatch: www.perl.com != mt.perl.org www.perl.com [207.171.7.72] 80 (http) open GET / HTTP/1.0 HTTP/1.0 200 OK Date: Tue, 19 Apr 2016 13:33:47 GMT ETag: "6d8002-0-48bf13df9c180" Server: Apache/2.2.14 (Unix) Connection: Close Content-Type: text/html Accept-Ranges: bytes Last-Modified: Thu, 22 Jul 2010 03:09:10 GMT Content-Length: 0 sent 16, rcvd 249 root@kali:/# cat dump.txt > 00000000 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 30 0a # GET / HTTP/1.0. > 0000000f 0a # . < 00000000 48 54 54 50 2f 31 2e 30 20 32 30 30 20 4f 4b 0d # HTTP/1.0 200 OK. < 00000010 0a 44 61 74 65 3a 20 54 75 65 2c 20 31 39 20 41 # .Date: Tue, 19 A < 00000020 70 72 20 32 30 31 36 20 31 33 3a 33 33 3a 34 37 # pr 2016 13:33:47 < 00000030 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 36 64 38 # GMT..ETag: "6d8 < 00000040 30 30 32 2d 30 2d 34 38 62 66 31 33 64 66 39 63 # 002-0-48bf13df9c < 00000050 31 38 30 22 0d 0a 53 65 72 76 65 72 3a 20 41 70 # 180"..Server: Ap < 00000060 61 63 68 65 2f 32 2e 32 2e 31 34 20 28 55 6e 69 # ache/2.2.14 (Uni < 00000070 78 29 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 # x)..Connection: < 00000080 43 6c 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 # Close..Content-T < 00000090 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 0d 0a # ype: text/html.. < 000000a0 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 # Accept-Ranges: b < 000000b0 79 74 65 73 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 # ytes..Last-Modif < 000000c0 69 65 64 3a 20 54 68 75 2c 20 32 32 20 4a 75 6c # ied: Thu, 22 Jul < 000000d0 20 32 30 31 30 20 30 33 3a 30 39 3a 31 30 20 47 # 2010 03:09:10 G < 000000e0 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 # MT..Content-Leng < 000000f0 74 68 3a 20 30 0d 0a 0d 0a # th: 0.... root@kali:/# nc -vv -o dump.txt williambellamy.com 80 DNS fwd/rev mismatch: williambellamy.com != hblnxweb06.hostbaby.com williambellamy.com [67.51.200.169] 80 (http) open GET / HTTP/1.0 HTTP/1.0 302 Found Date: Tue, 19 Apr 2016 13:35:19 GMT Location: http://www.hostbaby.com/ Connection: Close Set-Cookie: TS01a76e46=018dcb317e2cf2f85d8156c7afcd8e8d049ec327e4ab9517b09b0f96f7f5919201d0288fa3; Path=/ Content-Type: text/html Content-Length: 0 sent 16, rcvd 265
Below is an example of a tool's output.
Bla, bla, bla.
C:\>ftp 127.0.0.1 Connected to 127.0.0.1. 220-Microsoft FTP Service 220 Data will be sent over the wire unencrypted. User (127.0.0.1:(none)): anonymous 331 Password required for anonymous. Password: 530 User cannot log in. Login failed. ftp>bye
Below is another example, but in this example the login was successful!
Notice that the 'ls' command is similar to the 'ls' command in *nix, and in this case there is only one directory to report.
Next the 'cd' command is used to change directory into that one subdirectory. 'ls' is run again to list the file/directories in the current subdirectory.
Often you can enter the command 'help' to get a list of the commands this specific FTP host supports. You can then enter the command 'help (some-command)' to get help about a specific command.
Second Example
C:\>ftp 127.0.0.1 Connected to 127.0.0.1. 220 Microsoft FTP Service User (127.0.0.1:(none)): anonymous 331 Anonymous access allowed, send identity (e-mail name) as password. Password: me@here.com 230 User logged in. ftp> ls 200 PORT command successful. 125 Data connection already open; Transfer starting. MyGeoData 226 Transfer complete. ftp: 11 bytes received in 0.00Seconds 11000.00Kbytes/sec. ftp> cd MyGeoData 250 CWD command successful. ftp> ls 200 PORT command successful. 125 Data connection already open; Transfer starting. cnty private standards 226 Transfer complete. ftp: 27 bytes received in 0.00Seconds 27.00Kbytes/sec. ftp> bye