Nmap Cheat Sheet: Scanning Techniques, Port Specification, and Service Detection, Assignments of Network Analysis

This cheat sheet provides an overview of various nmap scanning techniques, port specifications, and service detection options. Learn how to scan single ips, ranges, domains, and use different scan types such as tcp syn, udp, and version detection. Also, discover how to customize scan settings like host discovery, os detection, and parallelism.

Typology: Assignments

2021/2022

Uploaded on 07/05/2022

allan.dev
allan.dev 🇦🇺

4.5

(86)

1K documents

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Nmap
Cheat Sheet
30 Days Hacking Challenge
Irfan Shakeel
www.ehacking.net
Target Specification
Switch
Example
Description
nmap 192.168.1.1
Scan a single IP
nmap 192.168.1.1
192.168.2.1
Scan specific IPs
nmap 192.168.1.1
-254
Scan a range
nmap scanme.nmap.org
Scan a domain
nmap 192.168.1.0/24
Scan using CIDR notation
-iL
nmap
-iL targets.txt
Scan targets from a file
-iR
nmap
-iR 100
Scan 100 random hosts
--
exclude
nmap
--
exclude 192.168.1.1
Exclude listed hosts
Scan Techniques
Switch
Example
Description
-sS
nmap 192.168.1.1
-sS
TCP SYN port scan (Default)
-sT
nmap 192.168.1.1
-sT
TCP connect port scan
(Default without root privilege)
-sU
nmap
192.168.1.1 -sU
UDP port scan
-sA
nmap
192.168.1.1 -sA
TCP ACK port scan
-sW
nmap
192.168.1.1 -sW
TCP Window port scan
-sM
nmap
192.168.1.1 -sM
TCP
Maimon port scan
pf3
pf4

Partial preview of the text

Download Nmap Cheat Sheet: Scanning Techniques, Port Specification, and Service Detection and more Assignments Network Analysis in PDF only on Docsity!

Nmap

Cheat Sheet

30 Days Hacking Challenge Irfan Shakeel www.ehacking.net

Target Specification

Switch Example Description

nmap 192.168.1.1 Scan a single IP

nmap 192.168.1.

192.168.2.1 Scan specific IPs

nmap 192.168.1.1- 254 Scan a range

nmap scanme.nmap.org Scan a domain

nmap 192.168.1.0/24 Scan using CIDR notation

  • iL nmap - iL targets.txt Scan targets from a file
  • iR nmap - iR 100 Scan 100 random hosts

--exclude nmap --exclude 192.168.1.1 Exclude listed hosts

Scan Techniques

Switch Example Description

  • sS nmap 192.168.1.1 - sS TCP SYN port scan (Default)
  • sT nmap 192.168.1.1 - sT TCP connect port scan (Default without root privilege)
  • sU nmap 192.168.1.1 - sU UDP port scan
  • sA nmap 192.168.1.1 - sA TCP ACK port scan
  • sW nmap 192.168.1.1 - sW TCP Window port scan
  • sM nmap 192.168.1.1 - sM TCP Maimon port scan

Host Discovery Example Description nmap 192.168.1.1- 3 - sL No Scan. List targets only nmap 192.168.1.1/24 - sn Disable port scanning nmap 192.168.1.1- 5 - Pn Disable host discovery. Port scan only nmap 192.168.1.1- 5 - PS22-25,80 TCP SYN discovery on port x. Port 80 by default nmap 192.168.1.1- 5 - PA22-25,80 TCP ACK discovery on port x. Port 80 by default nmap 192.168.1.1- 5 - PU53 UDP discovery on port x. Port 40125 by default nmap 192.168.1.1-1/24 - PR ARP discovery on local network nmap 192.168.1.1 - n Never do DNS resolution Port Specification

Switch Example Description

  • p nmap 192.168.1.1 - p 21 Port scan for port x
  • p nmap 192.168.1.1 - p 21- 100 Port range
  • p nmap 192.168.1.1 - p U:53,T:21-25,80 Port scan multiple TCP and UDP ports
  • p- nmap 192.168.1.1 - p- Port scan all ports
  • p nmap 192.168.1.1 - p http,https Port scan from service name
  • F nmap 192.168.1.1 - F Fast port scan (100 ports)

--top-ports nmap 192.168.1.1 --top-ports 2000 Port scan the top x ports

  • p- 65535 nmap 192.168.1.1 - p- 65535

Leaving off initial port in range makes the scan

start at port 1

  • p0- nmap 192.168.1.1 - p0-

Leaving off end port in range makes the scan

go through to port 65535

` Switch Example Description

  • T0 nmap 192.168.1.1 - T0 Paranoid (0) Intrusion Detection System evasion
  • T1 nmap 192.168.1.1 - T1 Sneaky (1) Intrusion Detection System evasion
  • T2 nmap 192.168.1.1 - T2 Polite (2) slows down the scan to use less bandwidth and use less target machine resources
  • T3 nmap 192.168.1.1 - T3 Normal (3) which is default speed
  • T4 nmap 192.168.1.1 - T4 Aggressive (4) speeds scans; assumes you are on a reasonably fast and reliable network
  • T5 nmap 192.168.1.1 - T5 Insane (5) speeds scan; assumes you are on an extraordinarily fast network Switch Example input Description --host-timeout