Nmap is a free, open-source tool for discovering hosts and services on a computer network by sending packets and analyzing the responses. Nmap includes features such as host discovery, service detection, and operating system detection that are useful for probing computer networks.
Nmap can give you more information about your targets, such as reverse DNS names, device types, and MAC addresses. The process of locating hosts on a network is known as host discovery. List the hosts that, for example, respond to TCP and/or ICMP requests or have a specific port open. Port scanning is the process of identifying all open ports on a target host. OS detection is the process of determining the operating system and hardware characteristics of network devices. Version detection is the process of interrogating network services on remote devices to determine the application name and version number. You can interact with the target support in a scripted manner by using the Nmap Scripting Engine (NSE). Also Read: How to Install Nmap on windows, linux, mac, android and Top Penetration testing tools for Kali Linux
The application of Nmap To assess a device’s or firewall’s security, identify the network connections that can be made to or through it. Identifying open ports on a target host as part of audit preparation. Network inventory includes things like network inventory, network mapping, and asset and maintenance management. To assess a network’s security, new servers must be identified. For hosts on a network, traffic generation, response analysis, and response time measurement are all available. A network’s vulnerabilities are discovered and exploited. DNS requests and subdomain lookups Also Read: How to install WIRESHARK on kali linux/ubuntu/debain and How to Install burp suite on linux/ubuntu
Commands for NMAP Cheat sheet The following section explains how to use different NMAP commands based on their type, with examples such as –
Common Scanning Commands Goal Command Example Scan just a single target [Target]nmap-n nmap 192.168.0.1 Scan Multiple targets at a time [Taget1, Target2, Target3 etc.] nmap nmap 192.168.0.1 192.168.0.2 Scan a Collection of hosts nmap [range of ip addresses] nmap 192.168.0.1-10 Scan a Subnet in Its Entirety nmap [ip address/cdir] nmap 192.168.0.1/24 Scan a set of hosts randomly nmap -iR [number] nmap -iR Leaving Targets Out of a Scan nmap [targets] – exclude [targets] nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.20 Leaving Targets Out of a Scan using a list nmap [targets] – excludefile [list.txt] nmap 192.168.0.1/24 –excludefile notargets.tx Performing an aggressive scan nmap -A [target] nmap -A 192.168.0. Scanning IPv6 Target nmap -6 [target] nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2af
Exploring Options Goal Command Example Conduct a Ping-Only Scan. nmap -sP [target] nmap -sP 192.168.0.1 Please don’t ping. nmap -PN [target] nmap -PN 192.168.0. TCP SYN Ping nmap -PS [target] nmap -PS 192.168.0. TCP ACK Ping nmap -PA [target] nmap -PA 192.168.0. UDP Ping nmap -PU [target] nmap -PU 192.168.0. SCTP Ping nmap -PY [target] nmap -PY 192.168.0. ICMP Echo Ping nmap -PE [target] nmap -PE 192.168.0. ICMP Timestamp Ping nmap -PP [target] nmap -PP 192.168.0. CMP Address Mask Ping nmap -PM [target] nmap -PM 192.168.0. IP Protocol Ping nmap -PO [target] nmap -PO 192.168.0.1
Options for Advanced Scanning ARP Ping nmap -PR target nmap -PR 192.168.0.1 Tracerout nmap –traceroute [target] nmap –traceroute 192.168.0.1 Force Reverse DNS Resolution nmap -R [target] nmap -R 192.168.0.1 Disabling Reverse DNS Resolution nmap -n [target] nmap -n 192.168.0.1 The Alternative DNS Lookup nmap –system-dns [target] nmap –system-dns 192.168.0.1 The Manually Specify DNS Server(s) nmap –dns-servers [servers] [target] nmap –dns-servers 201.56.212.54 192.168.0.1 Create a Host List nmap -sL [targets] nmap -sL 192.168.0.1/24
Options for Port Scanning Goal Command Example Perform a quick scan nmap -F [target] nmap -F 192.168.0.1 Examine Particular Ports nmap -p [port(s)] [target] nmap -p 21-25,80,139,8080 192.168.1.1 Examine Ports by Name nmap -p [port name(s)] [target] nmap -p ftp,http* 192.168.0.1 Examine Ports by Protocol nmap -sU -sT -p U: [ports],T:[ports] [target] nmap -sU -sT -p U:53,111,137,T:21- 25,80,139,8080 192. 168.0.1 Examine all Ports nmap -p ‘*’ [target] nmap -p ‘*’ 192.168.0. Examine Top Ports nmap –top-ports [number] [target] nmap –top-ports 10 192.168.0. Scan Ports in Sequential Order nmap -r [target] nmap -r 192.168.0.
Detecting Versions Goal Command Example Detecting Operating System nmap -O [target] nmap -O 192.168.0.1 Attempting to Guess an Unknown OS nmap -O –osscan guess [target] nmap -O –osscan-guess 192.168.0.1 Detecting Service Version nmap -sV [target] nmap -sV 192.168.0.1 Examining troubleshooting versions nmap -sV –version trace [target] nmap -sV –version-trace 192.168.0.1 Performing a RPC Scan nmap -sR [target] nmap -sR 192.168.0.1
Techniques for Getting Through Firewalls Goal Command Example Boost Packets nmap -f [target] nmap -f 192.168.0.1 pacify a particular MTU nmap –mtu [MTU] [target] nmap –mtu 32 192.168.0 Use Decoy nmap -D RND:[number] [target] nmap -D RND:10 192.168.0.1 The Zombie Scan nmap -sI [zombie] [target] nmap -sI 192.168.0.38 Specify a Source Port Manually nmap –source-port [port] [target] nmap –source-port 10 192.168.0.1 Include Random Data nmap –data-length [size] [target] nmap –data-length [size] [target] Randomize Target Scanning Order nmap –randomize-hosts [target] nmap –randomize-ho 192.168.0.1-20 Spoof MAC’s address nmap –spoof-mac [MAC|0|vendor] [target] nmap –spoof-mac Cis 192.168.0.1 Sending Invalid Checksum nmap –badsum [target] nmap –badsum 192.168.0.1
