(1) Use NMAP to determine I.P. Address of victim:- NMAP include two scripts in his database.
nmap --script ip-geolocation-* host-name
As we can see that it show co-ordinate & location of our target.
(2)Use NMAP as Whois Tool:- Following Command is used to find whois information about victim
nmap --script whois host-name
(3)Use NMAP for Email Harvesting:- There are two script for email harvesting.
Http-email-harvesting is official repository in nmap . But if you want to use Google webs & Google Group to find Email then you should Download Http-google-email from here.
Use Following command to find email Address
nmap -p80 --script http-email-harvest host-name
(4)Use NMAP as Brute Force DNS:- DNS recor contain useful information about website. There are many tools available for this purpose , But you can also use nmap for simple DNS Brute Force Attack.
Use Following command
nmap -p80 --script dns-brute host-name
(5)Discovering Additional Host-name:- we can find additional host which has same I.p. Address using simple nmap script. It can help us to find web-application which hosted on same I.p. Address.
Download this nse script from here.
You can aslo use following script code
nmap --script http-robtex-reverse-ip --script-args http-robtex-reverse-ip.host='ip'