Having fun with nmap

Hey there.

You may know the network scanner nmap? Its one of my favorite tools for network discovery.

This tool is by far the most advanced network scanner you can get. So how can you have fun with it?
You can discover interessting content thats on the web and maybe not indexed by google or other search engiens.

So nmap works not on the same layer as google or other search engiens. It works on the TCP/UDP layer to discover network services. This means you do not search for a website that contains specific content you search for a network services that has some properties you define.

Every server that is connected to the Internet has an ip address asigned to it. For example steemit.com has the address 34.198.138.170 and since the website runs via an encrypted SSL/TLS connection it uses port 443 and port 80.

So usualy the web-service on a server runs on port 80 and 443. With that knowledge we can tell nmap to scan random ip addresses looking for open port 80 and or 443.

So we fire up nmap like:
nmap -v -PS80 -iR 2000 -p 80

That -iR flag tells nmap to scan 2000 random ip addresses it generates.

Copy the ip address (if port 80 is open) just in your browser addressbar and find out whats behind.
I found for example some security cameras, albums, backend-apis and other stuff ;)

Have fun discovering interessting stuff ;)