Nmap Cheat Sheet
Assalamu Alaikum
peace be upon you
Hello hackers. I hope you are well. I am Tamim Hasan a Security Researcher and Bug Bounty hunter From Bangladesh π§π©.
Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discover hosts that are available and the services they offer, find open ports, and detect security risks.
Scanning Type
** nmap 172.217.31.206 -sS β Tcp SYN port scan(Default)
** nmap 172.217.31.206 -sT β Connected port
** nmap 172.217.31.206 -sA β Tcp ACK port
** nmap 172.217.31.206 -sU β Udp port scan
** nmap 172.217.31.206 -sX β Xmas scan
** nmap 172.217.31.206 -sP β Ping scan
Version Detection
** nmap 172.217.31.206 -sV β Basic CM for finding the version of the service
** nmap 172.217.31.206 -sV β version-intensity 6 β intensity level 0β9
** nmap 172.217.31.206 -A β A means aggressive. Itβs found os detection, version detection, script scanning, and traceroute. But it creates much noise and your sending request may be detected by the firewall if they have
** nmap 172.217.31.206 -O β Remote os detection
Port Specification option
** nmap 172.217.31.206 -p 23 β For specific option
** nmap 172.217.31.206 -p 23β100 β For specific options and specific port range
** nmap 172.217.31.206 -pU:110,T:23β25 β U(UDP),T(TCP) Scan together different types of ports
** nmap 172.217.31.206 -p- Scan all ports means 65535 ports(default scan 1000 ports).This thinks also makes a lot of noise. But the interesting thing is sometimes some clever admin hides important info on some odd port
** nmap 172.217.31.206 -smtp,https β port scan from specific protocols
Time Options
** nmap 172.217.31.206 -T0 β Slow scan
** nmap 172.217.31.206 -T1 β little fast
** nmap 172.217.31.206 -T2 β Timely scan
** nmap 172.217.31.206 -T3 β Aggressive scan
** nmap 172.217.31.206 -T4 β Very aggressive scan
Scripts (Best part on Nmap)
** nmap 172.217.31.206 β scripts vulners β vulners script name find on github https://github.com/vulnersCom/nmap-vulners
** nmap 172.217.31.206 β script vulners,ftp-anon β Comma for multiple scripting adding
** nmap 172.217.31.206 -p 21 β script βftp-*β β For using all ftp scripts. On ftp you can add http/smb ect
** nmap 172.217.31.206 -sV -sC β Scan using default scripts
** nmap -script-help=ssl-hartbleed β Get help for any script
## Type this ls -al /usr/share/nmap/scripts/ on your terminal to see nmap defult scripts.
## Also many scripts are available on github
## For better performance you should update your nmap scripts DB for this CM is nmap β script-updatedb
Firewall Bypass
** nmap 172.217.31.206 -f β To send your request by fragment packets. Itβs send your request as a very small packet that's why the Firewall/IDS(institution detection system) canβt detect it.
# Note: This method doesnβt work for everyone because nowadays many Fire/IDS are able to detect them.
** nmap 172.217.31.206 -A -T1 β Use T1 for the tricky scan to avoid IDS/Firewall
** nmap -sS -T2 192.168.0.0 β script firewall-bypass
** nmap 172.217.31.206 -sS -sV -D RND:3 β D(decoys), RND:3(random)IP which is selected by nmap
Some Other Command
- * nmap 172.217.31.206 -A -T4 β T4 to make aggressive scan faster
** nmap 172.217.31.206 -sV -sS -vv β vv for verbose output/in details
** nmap 172.217.31.206 -A -F β F is also used for the fast scan but it only scan most common 100 ports
** nmap 172.217.31.206 -A | tee /root/Desktop/nmaptestresult.txt β Use tee for easy output
You can follow me on Youtube | Github | Twitter | Linkedin | Facebook