Nmap Cheat Sheet Tutorial

by

Nmap is a free, open-source tool for discovering hosts and services on a computer network by sending packets and analyzing the responses. Nmap includes features such as host discovery, service detection, and operating system detection that are useful for probing computer networks.

  • Nmap can give you more information about your targets, such as reverse DNS names, device types, and MAC addresses.
  • The process of locating hosts on a network is known as host discovery. List the hosts that, for example, respond to TCP and/or ICMP requests or have a specific port open.
  • Port scanning is the process of identifying all open ports on a target host.
  • OS detection is the process of determining the operating system and hardware characteristics of network devices.
  • Version detection is the process of interrogating network services on remote devices to determine the application name and version number.
  • You can interact with the target support in a scripted manner by using the Nmap Scripting Engine (NSE).

Also Read: How to Install Nmap on windows, linux, mac, android and Top Penetration testing tools for Kali Linux

The application of Nmap

  • To assess a device’s or firewall’s security, identify the network connections that can be made to or through it.
  • Identifying open ports on a target host as part of audit preparation.
  • Network inventory includes things like network inventory, network mapping, and asset and maintenance management.
  • To assess a network’s security, new servers must be identified.
  • For hosts on a network, traffic generation, response analysis, and response time measurement are all available.
  • A network’s vulnerabilities are discovered and exploited.
  • DNS requests and subdomain lookups

Also Read: How to install WIRESHARK on kali linux/ubuntu/debain and How to Install burp suite on linux/ubuntu

Commands for NMAP Cheat sheet

The following section explains how to use different NMAP commands based on their type, with examples such as –

Common Scanning Commands

GoalCommand  Example
Scan just a single target[Target]nmap-nnmap 192.168.0.1
Scan Multiple targets at a time[Taget1, Target2, Target3 etc.] nmapnmap 192.168.0.1 192.168.0.2
Scan a Collection of hostsnmap [range of ip addresses]nmap 192.168.0.1-10
Scan a Subnet in Its Entiretynmap [ip address/cdir]nmap 192.168.0.1/24
Scan a set of hosts randomlynmap -iR [number]nmap -iR
Leaving Targets Out of a Scannmap [targets] – exclude [targets]nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.20
Leaving Targets Out of a Scan using a listnmap [targets] – excludefile [list.txt]nmap 192.168.0.1/24 –excludefile notargets.tx
Performing an aggressive scannmap -A [target]nmap -A 192.168.0.
Scanning IPv6 Targetnmap -6 [target]nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2af

Exploring Options

GoalCommandExample
Conduct a Ping-Only Scan.nmap -sP [target]nmap -sP 192.168.0.1
Please don’t ping.nmap -PN [target]nmap -PN 192.168.0.
TCP SYN Pingnmap -PS [target]nmap -PS 192.168.0.
TCP ACK Pingnmap -PA [target]nmap -PA 192.168.0.
UDP Pingnmap -PU [target]nmap -PU 192.168.0.
SCTP Pingnmap -PY [target]nmap -PY 192.168.0.
ICMP Echo Pingnmap -PE [target]nmap -PE 192.168.0.
ICMP Timestamp Pingnmap -PP [target]nmap -PP 192.168.0.
CMP Address Mask Pingnmap -PM [target]nmap -PM 192.168.0.
IP Protocol Pingnmap -PO [target]nmap -PO 192.168.0.1  

Options for Advanced Scanning

ARP Pingnmap -PR targetnmap -PR 192.168.0.1
Traceroutnmap –traceroute [target]nmap –traceroute 192.168.0.1
Force Reverse DNS Resolutionnmap -R [target]nmap -R 192.168.0.1
Disabling Reverse DNS Resolutionnmap -n [target]nmap -n 192.168.0.1
The Alternative DNS Lookupnmap –system-dns [target]nmap –system-dns 192.168.0.1
The Manually Specify DNS Server(s)nmap –dns-servers [servers] [target]nmap –dns-servers 201.56.212.54 192.168.0.1
Create a Host Listnmap -sL [targets]nmap -sL 192.168.0.1/24

Options for Port Scanning

GoalCommandExample
Perform a quick scannmap -F [target]nmap -F 192.168.0.1
Examine Particular Portsnmap -p [port(s)] [target]nmap -p 21-25,80,139,8080 192.168.1.1
Examine Ports by Namenmap -p [port name(s)] [target]nmap -p ftp,http* 192.168.0.1
Examine Ports by Protocolnmap -sU -sT -p U: [ports],T:[ports] [target]nmap -sU -sT -p U:53,111,137,T:21- 25,80,139,8080 192. 168.0.1
Examine all Portsnmap -p ‘*’ [target]nmap -p ‘*’ 192.168.0.
Examine Top Portsnmap –top-ports [number] [target]nmap –top-ports 10 192.168.0.
Scan Ports in Sequential Ordernmap -r [target]nmap -r 192.168.0.

Detecting Versions

GoalCommandExample
Detecting Operating Systemnmap -O [target]nmap -O 192.168.0.1
Attempting to Guess an Unknown OSnmap -O –osscan guess [target]nmap -O –osscan-guess 192.168.0.1
Detecting Service Versionnmap -sV [target]nmap -sV 192.168.0.1
Examining troubleshooting versionsnmap -sV –version trace [target]nmap -sV –version-trace 192.168.0.1
Performing a RPC Scannmap -sR [target]nmap -sR 192.168.0.1

Techniques for Getting Through Firewalls

GoalCommandExample
Boost Packetsnmap -f [target]nmap -f 192.168.0.1
pacify a particular MTUnmap –mtu [MTU] [target]nmap –mtu 32 192.168.0
Use Decoynmap -D RND:[number] [target]nmap -D RND:10 192.168.0.1
The Zombie Scannmap -sI [zombie] [target]nmap -sI 192.168.0.38
Specify a Source Port Manuallynmap –source-port [port] [target]nmap –source-port 10 192.168.0.1
Include Random Datanmap –data-length [size] [target]nmap –data-length [size] [target]
Randomize Target Scanning Ordernmap –randomize-hosts [target]nmap –randomize-ho 192.168.0.1-20
Spoof MAC’s addressnmap –spoof-mac [MAC|0|vendor] [target]nmap –spoof-mac Cis 192.168.0.1
Sending Invalid Checksumnmap –badsum [target]nmap –badsum 192.168.0.1

 

Ovais Mirza

Ovais Mirza is a professional Blogger and writing for many interesting topics related to Hacking, Gaming, Digital Marketing and Stock Market. Here you will find some interesting tips and tricks related to Hacking and Gaming.

Disclaimer: The articles has been written for educational purpose only. We don’t encourage hacking or cracking. In fact we are here discussing the ways that hackers are using to hack our digital assets. If we know, what methods they are using to hack, we are in very well position to secure us. It is therefore at the end of the article we also mention the prevention measures to secure us.

facebookShare on Facebook
TwitterTweet
FollowFollow us
PinterestSave

Related Posts:

Leave a Comment