List of content you will read in this article:
Nmap, which stands for Network Mapper, is a free and open-source vulnerability assessment and network discovery application. Nmap is used by network administrators to determine what devices are operating on their systems, debug networks, locate available hosts, find open ports, detect security issues in the network and determine network device operating systems and hardware characteristics.
Nmap may be used to monitor single hosts as well as large networks with hundreds of thousands of devices and subnets.
Below is the cheat sheet for Nmap that can be used for quick reference for the commands.
Scanning commands
class="link-id">
Scan a single target
nmap [IP address]
Scan multiple hosts within the same network
nmap [IP address1] [IP address2]
Scan a subnet
nmap [IP address/cidr]
Example:
nmap 192.168.1.1/24
Scanning an IPv6 address
nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2afe
Scanning a particular link or domain
nmap scan.nmap.com
Perform UDP power scan
nmap [IP address] -sU
Perform TCP window port scan
nmap [IP address] -sW
Perform TCP SYN port scan (default)
nmap [IP address] -sS
Scan by excluding few hosts
nmap --exclude [IP address]
Implement TCP SYN scan
nmap -sS [IP address]
Implement TCP ACK scan
nmap -sA [IP address]
Implement UDP scan
nmap -sU [IP address]
Implement IP protocol scan
nmap -sO [IP address]
Send IP packets to some host
nmap -send-ip [IP address]
Host discovery and ARP ping commands
class="link-id">
Ping on scan
nmap -sP [IP address]
Discover ARP in the local network
nmap 192.168.1.1-1/24 -PR
Implement TCP SYN ping
nmap -PS [IP address]
Implement TCP ACK ping
nmap -PA [IP address]
Implement UDP ping
nmap -PU [IP address]
Implement ICMP echo ping
nmap -PE [IP address]
Implement IP protocol ping
nmap -PO [IP address]
Implementing tracerouting
nmap -traceroute [IP address]
Enforce reverse DNS resolution
nmap -R [IP address]
To disable reverse DNS resolution
nmap -n [IP address]
Port Scanning
class="link-id">
Fast scan
nmap -F [IP address]
Specific ports’ scanning
nmap -p [port(s)] [IP address]
Implement scan on all the ports
nmap -p '*' [IP address]
Scan top k ports
nmap [IP address] --top-ports 10
Port scan a range
nmap [IP address] -p 1-100
Implement sequential port scanning
nmap -r [IP address]
Version and OS detection
class="link-id">
OS detection
nmap -O [IP address]
Detect service version
nmap -sV [IP address]
OS detection, version detection, script scanning, and tracerouting
nmap 192.168.1.1 -A
Guess an unknown OS
nmap -O -osscan guess [IP address]
Implement Remote Procedure Call scan
nmap -sR [IP address]
Firewall/IDS Evasion techniques
class="link-id">
Spoofing a MAC-address
nmap -spoof-mac [MAC|0|vendor] [IP address]
Append some random data to delivered packets
nmap --data-length 100 [IP address]
Induce an invalid TCP/UDP checksum for delivered packets
nmap --badsum [IP address]
Implement idle zombie scan
nmap -sI [zombie] [IP address]
Troubleshooting and debugging using outputs in Nmap
class="link-id">
Implement packet tracing
nmap -packet-trace [IP address]
Enhance debugging level
nmap -d [IP address]
Show open ports
nmap --open [IP address]
Give normal output of some file
nmap [IP address] -oN file.ext
Give XML output of the file
nmap [IP address] -oX file.ext
Display host interfaces and routes
nmap -iflist
Get Nmap version
nmap -V
To resume a scan
nmap --resume file.extension
Scripts
class="link-id">
Run individual scripts
nmap -script [file.nse] [IP address]
To check for SQL injection attack
nmap -p80 --script http-sql-injection scan.domain.com
To update script database
nmap -script-updatedb
Run multiple scripts using a wildcard
nmap -script [expression] [IP address]
Example
nmap -script 'http-*' 192.168.1.1
Terms discussed in the above commands
Ports
A port is a location in your computer where network services interact with your computer. Ports are software-based tools that are handled by the operating system of a computer. Each port corresponds to a certain activity or service. Ports allow computers to readily distinguish between different types of traffic: emails, for example, travel to a different port than websites, even when both arrive at a computer over the same connection.
Ports are standardised across all network-connected devices, with a unique number allocated to each port. For instance, Standard Mail Transfer Protocol (SMTP) has port number 25 and HTTP has port number 80. Search for more port numbers and services at your end.
IP address
An IP address is a one-of-a-kind identifier for a device on the internet or a local network. IP is an abbreviation for "Internet Protocol," which is a collection of rules that governs the format of data delivered over the internet or a local network. The two different types of IPs are IPv4 and IPv6.
TCP
TCP/IP allows you to specify how a certain computer should be linked to the internet and how data should be sent between them. When numerous computer networks are linked, it aids in the creation of a virtual network. It is a connection-oriented protocol meaning it first establishes a connection between server and client and then transfers data.
UDP
The Datagram oriented protocol is UDP. This is due to the fact that there is no overhead for initiating, maintaining, or ending a connection. UDP is a good choice for broadcast and multicast network communication.
I'm fascinated by the IT world and how the 1's and 0's work. While I venture into the world of Technology, I try to share what I know in the simplest way with you. Not a fan of coffee, a travel addict, and a self-accredited 'master chef'.