Nmap Cheat Sheet

Assalamu Alaikum
peace be upon you

Photo by Honey Yanibel Minaya Cruz on Unsplash

Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports, and detecting security risks.

** nmap -sS → Tcp SYN port scan(Default)
** nmap -sT → Connected port
** nmap -sA → Tcp ACK port
** nmap -sU → Udp port scan
** nmap -sX → Xmas scan
** nmap -sP → Ping scan

** nmap -sV → Basic CM for finding the version of the service

** nmap -sV — version-intensity 6 → intensity level 0–9

** nmap -A → A means aggressive. It’s find os detection, version detection, script scanning, and traceroute. But it creates much noise and your sending request may be detected by the firewall if they have

** nmap -O → Remote os detection

** nmap -p 23 → For specific option

** nmap -p 23–100 → For specific option and specific port range

** nmap -pU:110,T:23–25 → U(UDP),T(TCP) Scan together different types of ports

** nmap -p- Scan all ports means 65535 ports(default scan 1000 ports).This thinks also makes much noise. But the interesting thing is sometimes some clever admin hide important info on some odd port

** nmap -smtp,https → port scan from specific protocols

** nmap -T0 → Slow scan
** nmap -T1 → little fast
** nmap -T2 → Timely scan
** nmap -T3 → Aggressive scan
** nmap -T4 → Very aggressive scan

** nmap — scripts vulners → vulners script name find on github https://github.com/vulnersCom/nmap-vulners

** nmap — script vulners,ftp-anon → Comma for multiple scripting adding

** nmap -p 21 — script “ftp-*” → For using all ftp script.On ftp you can add http/smb ect

** nmap -sV -sC → Scan using default scripts

** nmap -script-help=ssl-hartbleed → Get help for any script

## Type this ls -al /usr/share/nmap/scripts/ on your terminal to see nmap defult scripts.
## Also many scripts are available on github
## For better performance you should update your nmap scripts DB for this CM is nmap — script-updatedb

** nmap -f → To send your request by fragment packets. It’s send your request as a very small packet that's why the Firewall/IDS(institution detection system) can’t detect it.

# Note: This method doesn’t work for everyone because nowadays many Fire/IDS are able to detect them.

** nmap -A -T1 → Use T1 for the tricky scan to avoid IDS/Firewall

** nmap -sS -T2 — script firewall-bypass

** nmap -sS -sV -D RND:3 → D(decoys), RND:3(random)IP which is selected by nmap

Some Other Command

  • * nmap -A -T4 → T4 to make aggressive scan faster
    ** nmap -sV -sS -vv → vv for verbose output/in details
    ** nmap -A -F → F is also used for the fast scan but it only scan most common 100 ports
    ** nmap -A | tee /root/Desktop/nmaptestresult.txt → Use tee for easy output

You can follow me on Github | Twitter | Linkedin | Facebook

Photo by Pete Pedroza on Unsplash

I am an Ethical Hacker 👩‍💻 | Web app security learner 📖 | Open Source Lover ❤ | Bug Hunter🐞| Penetration Tester💻| 📩Github:https://github.com/tamimhasan404