Nmap basic commands to check ports

nmap [HOSTNAME]
nmap localhost
nmap xx.xx.xx.xx
nmap -p 1-65535 localhost
nmap -p 80,443 8.8.8.8

Multiple IP Addresses

nmap 1.1.1.1 8.8.8.8
nmap -p 1.1.1.1,2,3,4
nmap -p 8.8.8.0/28
nmap 8.8.8.1-14
nmap  8.8.8.*
nmap -p 8.8.8.* --exclude  8.8.8.5

Top ports

nmap --top-ports 10 192.168.1.1

Scan from a text file

nmap -iL list.txt

Save to file

nmap -oN output.txt localhost
nmap -oX output.xml localhost

OS and service detection

nmap -A -T4 localhost

Service and Daemon version

nmap -sV localhost

Juniper SRX setup

Initialise

root%           <-- Shell
root% cli       <-- Operational CLI mode
root>           <-- Logged in to operational CLI mode
root>configure <-- Configuration mode
root#           <-- Logged in to configuration mode

Creating password

root# set system root-authentication plain-text-password

New password:
Retype new password:

root# set system host-name srx
root# commit

commit complete

root@srx#

Interfaces

#delete interfaces ge-0/0/0
#delete interfaces ge-0/0/1
#set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.38/24
#set interfaces ge-0/0/1 unit 0 family inet address 192.168.239.1/24

Default route

#set routing-options static route 0.0.0.0/0 next-hop 192.168.100.1

Security zone allowing ping and ssh

#set security zones security-zone internal interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
#set security zones security-zone internal interfaces ge-0/0/1.0 host-inbound-traffic system-services ssh
#set security zones security-zone internet interfaces ge-0/0/0.0

Address book entries

#set security zones security-zone internal address-book address network_239 192.168.239.0/24

Security policies

#delete security policies
#set security policies from-zone internal to-zone internet policy allow-internal-clients match source-address network_239
#set security policies from-zone internal to-zone internet policy allow-internal-clients match destination-address any
#set security policies from-zone internal to-zone internet policy allow-internal-clients match application any
#set security policies from-zone internal to-zone internet policy allow-internal-clients then permit

Nat for internal clients

#delete security nat
#set security nat source rule-set internal-to-internet from zone internal
#set security nat source rule-set internal-to-internet to zone internet
#set security nat source rule-set internal-to-internet rule internet-access match source-address 192.168.239.0/24
#set security nat source rule-set internal-to-internet rule internet-access match destination-address 0.0.0.0/0
#set security nat source rule-set internal-to-internet rule internet-access then source-nat interface
#commit