Re[2]: Finding web servers with nmap

[Denis Shestakov <da_shestakov () myrealbox com>]

Thanks for the answer!

I've checked the WotWeb. It's really nice tool and it is faster than
nmap (at least if executed with options I mentioned)!
But ... I did a scan for a list of randomly selected IPs. Nmap (with
-PS80 -PA80 -p 80) returns more hosts with open port 80 than WotWeb. I
understand that nmap does more 'general' job and detects, for
instance, hosts behind firewalls (that is, discovers hosts with
non-publicly available services which are not interesting for me since
I seek for 'available-for-all' web servers). However, I wonder what
other services may be provided by machines with open port 80?


BR,
  Denis


-----------------------------------------------------------------------------
Wednesday, November 30, 2005, 8:16:25 PM, you wrote:
BS> Robin Keir (keir.net) has a free Windows program available, wotweb, which
BS> does a simple scan for a range of IPs.  It's preloaded with checkboxes for
BS> all the usual and many unusual web server ports.

BS> -----Burton

BS> -----Original Message-----
BS> From: Denis [mailto:da_shestakov () myrealbox com] 
BS> Sent: Wednesday, November 30, 2005 11:01 AM
BS> To: security-basics () securityfocus com
BS> Subject: Finding web servers with nmap

BS> Hi,

BS> I have a task to "relatively quickly" find all web servers (all hosts with
BS> open port 80) in some particular network. It seems it can be done with the
BS> nmap program. Could you advice me concerning the best options for running
BS> nmap to accomplish this task? In particular, does the following command do
BS> it right?
BS> nmap -v -sS -PS80 -PA80 -p 80 -oG my.log -iL x.x.0-255.0-255 I am asking
BS> that because I have a concern that the above command may miss some hosts.
BS> However, it works faster than the command with "-P0 -p 80" ...