Nmap is a free, open-source tool for discovering hosts and services on a computer network by sending packets and analyzing the responses. Nmap includes features such as host discovery, service detection, and operating system detection that are useful for probing computer networks.
- Nmap can give you more information about your targets, such as reverse DNS names, device types, and MAC addresses.
- The process of locating hosts on a network is known as host discovery. List the hosts that, for example, respond to TCP and/or ICMP requests or have a specific port open.
- Port scanning is the process of identifying all open ports on a target host.
- OS detection is the process of determining the operating system and hardware characteristics of network devices.
- Version detection is the process of interrogating network services on remote devices to determine the application name and version number.
- You can interact with the target support in a scripted manner by using the Nmap Scripting Engine (NSE).
Also Read: How to Install Nmap on windows, linux, mac, android and Top Penetration testing tools for Kali Linux
Table of Contents
The application of Nmap
- To assess a device’s or firewall’s security, identify the network connections that can be made to or through it.
- Identifying open ports on a target host as part of audit preparation.
- Network inventory includes things like network inventory, network mapping, and asset and maintenance management.
- To assess a network’s security, new servers must be identified.
- For hosts on a network, traffic generation, response analysis, and response time measurement are all available.
- A network’s vulnerabilities are discovered and exploited.
- DNS requests and subdomain lookups
Also Read: How to install WIRESHARK on kali linux/ubuntu/debain and How to Install burp suite on linux/ubuntu
Commands for NMAP Cheat sheet
The following section explains how to use different NMAP commands based on their type, with examples such as –
Common Scanning Commands
Goal | Command | Example |
Scan just a single target | [Target]nmap-n | nmap 192.168.0.1 |
Scan Multiple targets at a time | [Taget1, Target2, Target3 etc.] nmap | nmap 192.168.0.1 192.168.0.2 |
Scan a Collection of hosts | nmap [range of ip addresses] | nmap 192.168.0.1-10 |
Scan a Subnet in Its Entirety | nmap [ip address/cdir] | nmap 192.168.0.1/24 |
Scan a set of hosts randomly | nmap -iR [number] | nmap -iR |
Leaving Targets Out of a Scan | nmap [targets] – exclude [targets] | nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.20 |
Leaving Targets Out of a Scan using a list | nmap [targets] – excludefile [list.txt] | nmap 192.168.0.1/24 –excludefile notargets.tx |
Performing an aggressive scan | nmap -A [target] | nmap -A 192.168.0. |
Scanning IPv6 Target | nmap -6 [target] | nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2af |
Exploring Options
Goal | Command | Example |
Conduct a Ping-Only Scan. | nmap -sP [target] | nmap -sP 192.168.0.1 |
Please don’t ping. | nmap -PN [target] | nmap -PN 192.168.0. |
TCP SYN Ping | nmap -PS [target] | nmap -PS 192.168.0. |
TCP ACK Ping | nmap -PA [target] | nmap -PA 192.168.0. |
UDP Ping | nmap -PU [target] | nmap -PU 192.168.0. |
SCTP Ping | nmap -PY [target] | nmap -PY 192.168.0. |
ICMP Echo Ping | nmap -PE [target] | nmap -PE 192.168.0. |
ICMP Timestamp Ping | nmap -PP [target] | nmap -PP 192.168.0. |
CMP Address Mask Ping | nmap -PM [target] | nmap -PM 192.168.0. |
IP Protocol Ping | nmap -PO [target] | nmap -PO 192.168.0.1 |
Options for Advanced Scanning
ARP Ping | nmap -PR target | nmap -PR 192.168.0.1 |
Tracerout | nmap –traceroute [target] | nmap –traceroute 192.168.0.1 |
Force Reverse DNS Resolution | nmap -R [target] | nmap -R 192.168.0.1 |
Disabling Reverse DNS Resolution | nmap -n [target] | nmap -n 192.168.0.1 |
The Alternative DNS Lookup | nmap –system-dns [target] | nmap –system-dns 192.168.0.1 |
The Manually Specify DNS Server(s) | nmap –dns-servers [servers] [target] | nmap –dns-servers 201.56.212.54 192.168.0.1 |
Create a Host List | nmap -sL [targets] | nmap -sL 192.168.0.1/24 |
Options for Port Scanning
Goal | Command | Example |
Perform a quick scan | nmap -F [target] | nmap -F 192.168.0.1 |
Examine Particular Ports | nmap -p [port(s)] [target] | nmap -p 21-25,80,139,8080 192.168.1.1 |
Examine Ports by Name | nmap -p [port name(s)] [target] | nmap -p ftp,http* 192.168.0.1 |
Examine Ports by Protocol | nmap -sU -sT -p U: [ports],T:[ports] [target] | nmap -sU -sT -p U:53,111,137,T:21- 25,80,139,8080 192. 168.0.1 |
Examine all Ports | nmap -p ‘*’ [target] | nmap -p ‘*’ 192.168.0. |
Examine Top Ports | nmap –top-ports [number] [target] | nmap –top-ports 10 192.168.0. |
Scan Ports in Sequential Order | nmap -r [target] | nmap -r 192.168.0. |
Detecting Versions
Goal | Command | Example |
Detecting Operating System | nmap -O [target] | nmap -O 192.168.0.1 |
Attempting to Guess an Unknown OS | nmap -O –osscan guess [target] | nmap -O –osscan-guess 192.168.0.1 |
Detecting Service Version | nmap -sV [target] | nmap -sV 192.168.0.1 |
Examining troubleshooting versions | nmap -sV –version trace [target] | nmap -sV –version-trace 192.168.0.1 |
Performing a RPC Scan | nmap -sR [target] | nmap -sR 192.168.0.1 |
Techniques for Getting Through Firewalls
Goal | Command | Example |
Boost Packets | nmap -f [target] | nmap -f 192.168.0.1 |
pacify a particular MTU | nmap –mtu [MTU] [target] | nmap –mtu 32 192.168.0 |
Use Decoy | nmap -D RND:[number] [target] | nmap -D RND:10 192.168.0.1 |
The Zombie Scan | nmap -sI [zombie] [target] | nmap -sI 192.168.0.38 |
Specify a Source Port Manually | nmap –source-port [port] [target] | nmap –source-port 10 192.168.0.1 |
Include Random Data | nmap –data-length [size] [target] | nmap –data-length [size] [target] |
Randomize Target Scanning Order | nmap –randomize-hosts [target] | nmap –randomize-ho 192.168.0.1-20 |
Spoof MAC’s address | nmap –spoof-mac [MAC|0|vendor] [target] | nmap –spoof-mac Cis 192.168.0.1 |
Sending Invalid Checksum | nmap –badsum [target] | nmap –badsum 192.168.0.1 |
Visited 6 times, 1 visit(s) today