Nmap is a free, open-source tool for discovering hosts and services on a computer network by sending packets and analyzing the responses. Nmap includes features such as host discovery, service detection, and operating system detection that are useful for probing computer networks.
- Nmap can give you more information about your targets, such as reverse DNS names, device types, and MAC addresses.
- The process of locating hosts on a network is known as host discovery. List the hosts that, for example, respond to TCP and/or ICMP requests or have a specific port open.
- Port scanning is the process of identifying all open ports on a target host.
- OS detection is the process of determining the operating system and hardware characteristics of network devices.
- Version detection is the process of interrogating network services on remote devices to determine the application name and version number.
- You can interact with the target support in a scripted manner by using the Nmap Scripting Engine (NSE).
Also Read: How to Install Nmap on windows, linux, mac, android and Top Penetration testing tools for Kali Linux
Table of Contents
The application of Nmap
- To assess a device’s or firewall’s security, identify the network connections that can be made to or through it.
- Identifying open ports on a target host as part of audit preparation.
- Network inventory includes things like network inventory, network mapping, and asset and maintenance management.
- To assess a network’s security, new servers must be identified.
- For hosts on a network, traffic generation, response analysis, and response time measurement are all available.
- A network’s vulnerabilities are discovered and exploited.
- DNS requests and subdomain lookups
Also Read: How to install WIRESHARK on kali linux/ubuntu/debain and How to Install burp suite on linux/ubuntu
Commands for NMAP Cheat sheet
The following section explains how to use different NMAP commands based on their type, with examples such as –
Common Scanning Commands
| Goal | Command | Example |
| Scan just a single target | [Target]nmap-n | nmap 192.168.0.1 |
| Scan Multiple targets at a time | [Taget1, Target2, Target3 etc.] nmap | nmap 192.168.0.1 192.168.0.2 |
| Scan a Collection of hosts | nmap [range of ip addresses] | nmap 192.168.0.1-10 |
| Scan a Subnet in Its Entirety | nmap [ip address/cdir] | nmap 192.168.0.1/24 |
| Scan a set of hosts randomly | nmap -iR [number] | nmap -iR |
| Leaving Targets Out of a Scan | nmap [targets] – exclude [targets] | nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.20 |
| Leaving Targets Out of a Scan using a list | nmap [targets] – excludefile [list.txt] | nmap 192.168.0.1/24 –excludefile notargets.tx |
| Performing an aggressive scan | nmap -A [target] | nmap -A 192.168.0. |
| Scanning IPv6 Target | nmap -6 [target] | nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2af |
Exploring Options
| Goal | Command | Example |
| Conduct a Ping-Only Scan. | nmap -sP [target] | nmap -sP 192.168.0.1 |
| Please don’t ping. | nmap -PN [target] | nmap -PN 192.168.0. |
| TCP SYN Ping | nmap -PS [target] | nmap -PS 192.168.0. |
| TCP ACK Ping | nmap -PA [target] | nmap -PA 192.168.0. |
| UDP Ping | nmap -PU [target] | nmap -PU 192.168.0. |
| SCTP Ping | nmap -PY [target] | nmap -PY 192.168.0. |
| ICMP Echo Ping | nmap -PE [target] | nmap -PE 192.168.0. |
| ICMP Timestamp Ping | nmap -PP [target] | nmap -PP 192.168.0. |
| CMP Address Mask Ping | nmap -PM [target] | nmap -PM 192.168.0. |
| IP Protocol Ping | nmap -PO [target] | nmap -PO 192.168.0.1 |
Options for Advanced Scanning
| ARP Ping | nmap -PR target | nmap -PR 192.168.0.1 |
| Tracerout | nmap –traceroute [target] | nmap –traceroute 192.168.0.1 |
| Force Reverse DNS Resolution | nmap -R [target] | nmap -R 192.168.0.1 |
| Disabling Reverse DNS Resolution | nmap -n [target] | nmap -n 192.168.0.1 |
| The Alternative DNS Lookup | nmap –system-dns [target] | nmap –system-dns 192.168.0.1 |
| The Manually Specify DNS Server(s) | nmap –dns-servers [servers] [target] | nmap –dns-servers 201.56.212.54 192.168.0.1 |
| Create a Host List | nmap -sL [targets] | nmap -sL 192.168.0.1/24 |
Options for Port Scanning
| Goal | Command | Example |
| Perform a quick scan | nmap -F [target] | nmap -F 192.168.0.1 |
| Examine Particular Ports | nmap -p [port(s)] [target] | nmap -p 21-25,80,139,8080 192.168.1.1 |
| Examine Ports by Name | nmap -p [port name(s)] [target] | nmap -p ftp,http* 192.168.0.1 |
| Examine Ports by Protocol | nmap -sU -sT -p U: [ports],T:[ports] [target] | nmap -sU -sT -p U:53,111,137,T:21- 25,80,139,8080 192. 168.0.1 |
| Examine all Ports | nmap -p ‘*’ [target] | nmap -p ‘*’ 192.168.0. |
| Examine Top Ports | nmap –top-ports [number] [target] | nmap –top-ports 10 192.168.0. |
| Scan Ports in Sequential Order | nmap -r [target] | nmap -r 192.168.0. |
Detecting Versions
| Goal | Command | Example |
| Detecting Operating System | nmap -O [target] | nmap -O 192.168.0.1 |
| Attempting to Guess an Unknown OS | nmap -O –osscan guess [target] | nmap -O –osscan-guess 192.168.0.1 |
| Detecting Service Version | nmap -sV [target] | nmap -sV 192.168.0.1 |
| Examining troubleshooting versions | nmap -sV –version trace [target] | nmap -sV –version-trace 192.168.0.1 |
| Performing a RPC Scan | nmap -sR [target] | nmap -sR 192.168.0.1 |
Techniques for Getting Through Firewalls
| Goal | Command | Example |
| Boost Packets | nmap -f [target] | nmap -f 192.168.0.1 |
| pacify a particular MTU | nmap –mtu [MTU] [target] | nmap –mtu 32 192.168.0 |
| Use Decoy | nmap -D RND:[number] [target] | nmap -D RND:10 192.168.0.1 |
| The Zombie Scan | nmap -sI [zombie] [target] | nmap -sI 192.168.0.38 |
| Specify a Source Port Manually | nmap –source-port [port] [target] | nmap –source-port 10 192.168.0.1 |
| Include Random Data | nmap –data-length [size] [target] | nmap –data-length [size] [target] |
| Randomize Target Scanning Order | nmap –randomize-hosts [target] | nmap –randomize-ho 192.168.0.1-20 |
| Spoof MAC’s address | nmap –spoof-mac [MAC|0|vendor] [target] | nmap –spoof-mac Cis 192.168.0.1 |
| Sending Invalid Checksum | nmap –badsum [target] | nmap –badsum 192.168.0.1 |
Visited 6 times, 1 visit(s) today
