nmap CheatSheet
Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts
1.0 Installation
2.0 Configuration
3.0 Usage
3.1 Basic Scans
Ping Scan
nmap -sP 172.16.0.0/16Fast Scan
nmap-sn 192.168.0.1/24Hostservices
nmap -sSV $IPVulnerability Scan
nmap -v --script vuln $IP3.2 Advanced Scans
Discover Hosts
export IPRANGE='172.16.0.0/16'
nmap -e tun0 -sn -v -oA pingscan $IPRANGEParse Results
grep Up pingscan.gnmap | awk '{print$2}' > 172_16_ping_ips.txtDiscover Services
nmap -v -sSV -A -O -iL 172_16_ping_ips.txtDiscover more Hosts
nmap -PE -PS80,443,3389 -PP -PU40125,161 -PA21 --source-port 53 $IPRANGESave Scans and use results
nmap -e tun0 -PE -sn -n -oA pingscan 172.16.0.0/16
grep Up pingscan.gnmap | awk '{print$2}' > 172_16_ping_ips.txt
nmap -e tun0 -sSV -O --top-ports 3800 -oA portscan172_ping_ips -iL 172_16_ping_ips.txtDetailed Scan
nmap -v -A -O -oX /root/op.xml -iL /home/kali/Desktop/hosts.txt
-A: Enable OS detection, version detection, script scanning, and traceroute
-O: Enable OS detection
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-iL <inputfilename>: Input from list of hosts/networks#Portrange
nmap -v -sSV -A -O -p40000-54000 $IPHidden Scan
--scan-delay/--max-scan-delay <time>: Adjust delay between probesBanner Grabbing
nmap -sV --script=banner <target>3.3 Top Ports
UDP
sudo nmap -Pn -sU --top-ports 1100 -O --reason -oA winlapudp $IPTCP
sudo nmap -Pn -sSV --top-ports 3800 -O --reason -oA winlap $IP