Never Ending Security

It starts all here

N-Map Cheatsheet


Useful Nmap commands:

Quick Ping Sweep(Single Host, Mulitple Hosts, Range, CIDR/*:

nmap -sP [Target IP] / nmap -sP [Target1 IP] [Target2 IP] / nmap -sP [Target Range] / nmap -sP [Target Subnet/CIDR] or nmap -sP [Target Subnet *]

Check for a specific port(Check port on TCP/UDP):

nmap -p [Target Port] [Target IP] / nmap -p T:[TCP Port] [Target IP] / nmap -p U:[UDP Port] [Target IP]

Check for common ports(1-1024) / Scan a number of Top ports:

nmap [Target IP] / nmap –top-ports 10 [Target IP]

Fast port scan only:

nmap -F [Target IP]

Increased verbosity:

nmap -v [Target IP] / nmap -vv [Target IP]

Only Scan for TCP ports / Scan for only UDP ports / Attempt to identify service version:

nmap -sT [Target IP] / sudo nmap -sU [Target IP] / nmap -sV [Target IP]

Do OS detection:

nmap -O [Target IP]

Use a list / Exclude from list:

nmap -iL [/dir/targets.txt] / nmap -iL [/dir/targets.txt] –exclude [Target IP]

IDS/IPS/Firwall Evasion with SYN Scan and FIN Scan / Don’t Ping!:

sudo nmap -sS [Target IP] / sudo nmap -sF [Target IP] / nmap [Target IP] -PN

Give a reason for detection or block:

nmap [Target IP] –reason

Stateful Device (Firwall/IDS/IPS) detection with an ACK scan/Null scan/Xmas Scan:

nmap -sA [Target IP] / nmap -sN [Target IP] / nmap -sX [Target IP]

Fragment Packets (More evasion):

nmap -f [Target IP]

Scan IPv6 host:

nmap -6 [Target IPv6]

Don’t Resolve DNS:

nmap -n [Target IP]

Decoy Scan(Add more IPs to throw off detectors):

nmap -D[Decoy IP1, Decoy IP2, Decoy IP3] [Target IP]

Different nmap Timings (Speed up or Slow down your scan):

nmap -T5 [Target IP] / nmap -T0 [Target IP]

Saving nmap Output(normal / grepable / XML):

nmap -oN [/path/filename.txt] [Target IP] / nmap -oG [/path/filename] [Target IP] / nmap -oX [/path/filename.xml] [Target IP]

Nmap Scripting Engine:

Execute Individual Scripts
nmap –script [script.nse] [target]

Execute Multiple Scripts
nmap –script [expression] [target]

Script Categories
all, auth, default, discovery, external, intrusive, malware, safe, vuln

Execute Scripts by Category
nmap –script [category] [target]

Execute Multiple Script Categories
nmap –script [category1,category2,etc]

IP-Geo Locate with nmap:

nmap –script ip-geolocation-* [Target IP]

Vuln Scanner:

nmap –script vuln [Target IP]

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s