nmap Cheat Sheet
- Installation
- Nmap Commands
Installation
sudo pacman -S nmap
Nmap Commands
Syntax for Nmap Commands
The Nmap launch command is very simple. To do this, just pass the destination IP address or network to it in the parameters, and also Now let’s look at the main options that we will need in this article.
-vv
: Increase verbosity-n
: No DNS resolution. This speeds up our scan!-sn
: No port scan-PE
: Use ICMP echo request queries. This is what is displayed in the output above-T4
: prohibits the dynamic scan delay from exceeding 10 ms for TCP ports. See man nmap--packet-trace
: Trace sent and received packets-sL
: just create a list of running hosts, but do not scan nmap ports-sP
: only check if the host is accessible using ping-Pn
: consider all hosts available, even if they do not respond to ping-sS
/sT
/sA
/sW
/sM
: TCP scan-sU
: UDP scan nmap-sN
/sF
/sX
: TCP NULL and FIN scan-sC
: run the default script-sI
: lazy Idle scan-p
: specify the range of ports for checking-sV
: a detailed study of ports to determine the version of services-O
: determine the operating system-T[0-5]
: scanning speed, the more, the faster-D
: mask scan-S
: change your IP address to the specified-e
: use a speci_c interface--spoof-mac
: set your MAC address
Network Scans
nmap IP or Host Scan
nmap 192.168.2.117
nmap debian11
Scan a Range of IP’s
nmap 192.168.2.100-120
nmap Scan Subnet
nmap 192.168.2.0/24
Scan a List of Targets
nmap -iL list. txt
Fast Scan Don't List Services
nmap -sn 192.168.2.0/24
Port Scans
Scan Single Port
nmap -p 8080 192.168.2.117
Scan a Range of Ports
nmap -p 80-8080 192.168.2.117
Specified Ports
nmap -sV -p 22,53,110,143,4564 192.168.2.117
Scan the 100 most Common Ports
nmap -F 192.168.2.117
Scan all Ports
nmap -p 192.168.2.117
Scan TCP Ports
nmap -sT 192.168.2.117
SYN Scan TCP Ports
sudo nmap -sS 192.168.2.117
Scan specific UDP Ports
sudo nmap -sU -p 53 192.168.2.117
Scan Ports of Hosts that don't respond to Pings
nmap -Pn -F 192.168.2.117
Operating System and Services
nmap -A 192.168.2.117
Aggressive Service Detection
nmap -sV -T5 192.168.2.110
Lightweight Service Detection
nmap -sV -T0 192.168.2.110
Scan Firewall Settings
sudo nmap -sA 192.168.2.110
Scan IPv6 Addresses
nmap -6 240e:3b5:3011:1580:7dd7:91ed:c0b6:5a0d
Find the Open Port
nmap --open 192.168.2.117
Packets Send or Received
nmap --packet-trace 192.168.2.117
Specific MAC Address Spoofing
nmap --spoof-mac 28:ad:3e:75:e0:28 192.168.2.117
Random MAC Address Spoofing
nmap -v -sT -Pn --spoof-mac 0 192.168.2.117
Scanning with NSE Scripts
ls /usr/share/nmap/scripts
nmap --script-help=whois-domain.nse
WHOIS
nmap --script whois-domain.nse www.instar.com
HTTP Title
nmap -script=http-title 192.168.2.0/24
HTTP Headers
nmap -script=http-headers 192.168.2.117
Discover Hosts using the DNS Service
nmap --script=broadcast-avahi-dos 192.168.2.0/24
Brute Force
nmap --script http-brute -p 80 192.168.2.110
nmap --script http-form-brute -p 80 192.168.2.110
nmap --script ftp-brute -p 21 192.168.2.110
nmap -p 5432 --script pgsql-brute 192.168.2.110
nmap --script rtsp-url-brute -p 554 192.168.2.117
nmap -p 23 --script telnet-brute --script-args userdb=myusers.lst,passdb=mypwds.lst,telnet-brute.timeout=8s 192.168.2.110
DoS
nmap --script http-slowloris-check 192.168.2.110
nmap --script http-slowloris --max-parallelism 400 192.168.2.110
Host Interfaces, Routes and Packets
nmap --iflist
nmap --packet-trace
nmap -vv -n -sn -PE -T4 --packet-trace 192.168.2.117
Stealth List Scan
nmap --dns-servers 8.8.4.4,8.8.8.8 -sL 49.12.0.118/24