Useful Nmap Scans

Here are some helpful nmap scans for SQL, SMTP, SMB, and FTP. These can give you ideas by helping to enumerate the target system. Just replace the with the target address or range. If a single host is targeted, the option –open can be removed.

nmap -sV -Pn -vv –script=mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 -p 3306 –open

nmap –script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 –open

nmap -p 139,445 –script smb-v* –script-args=unsafe=1 –open

nmap –script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 –open


This was a new python script that I saw which works similarly to searchspoilt. Basically, it will search through all the CVEs for your search terms. If you are on a fresh install of Kali, you will need to install Pip for Python 3. This can be accomplished with:

Git clone
Sudo apt-get install python3-pip

Next, you will need to install the python module Untangle which will reach XML files and present a more human readable format. Run the following command to get Untangle:

Pip3 install requests untangle

Finally, update the database with:

 ./ -d

You can use either the CVE number with the -c argument or use -s and search by a keyword. Below, I searched for the version number of ISC Bind 9.8.1-P1 on a Vulnhub.