Nmap Fundamentals Cheat Sheet

Nmap Fundamentals Cheat Sheet

๐Ÿ” Basic Scanning

  • Scan a target: nmap [target]

  • Exclude a host: nmap --exclude [excluded_ip] [target]

  • Use custom DNS servers: nmap --dns-servers [DNS1],[DNS2] [target]

  • Scan without pinging: nmap -Pn [target]

  • Scan without DNS resolution: nmap -n [target]

  • Scan a specific port: nmap -p80 [target]

  • Scan an IPv6 target: nmap -6 [target]

๐Ÿ“ฆ Scanning Port Ranges

  • Scan specific ports: nmap -p 80,443,23 [target]

  • Scan a port range: nmap -p 1-100 [target]

  • Scan all ports: nmap -p- [target]

  • Scan by protocol (TCP/UDP): nmap -p T:25,U:53 [target]

  • Scan by service name: nmap -p smtp [target]

  • Scan service name wildcards: nmap -p smtp* [target]

  • Scan all registered ports: nmap -p 1-65535 [target]

๐ŸŒ Scanning Large Networks

  • Fast scan with minimal checks: nmap -T4 -n -Pn -p- [target]

Timing Templates

  • No ping: -Pn

  • No reverse DNS: -n

  • No port scan (host discovery only): -sn

  • Slow scan (least aggressive): -T0 or -T1

  • Normal scan: -T3

  • Fast scan (recommended): -T4

  • Very aggressive (not recommended): -T5

⚙️ Nmap Specific Options

  • Select network interface: nmap -e [interface] [target]

  • Save output as text: nmap -oN [filename] [target]

  • Save output as XML: nmap -oX [filename] [target]

  • Save all formats: nmap -oA [filename] [target]

  • Show scan stats periodically: nmap --stats-every [time] [target]

๐Ÿ“ก Host Discovery (Ping Scans)

  • Default ping scan: nmap -sP [target]

  • TCP SYN ping scan: nmap -sP -PS [target]

  • TCP SYN ping on specific port: nmap -sP -PS80 [target]

  • Ping without ARP: nmap -sP --send-ip [target]

  • IP protocol ping scan: nmap -sP -PO [target]

  • ARP scan: nmap -sP -PR [target]

๐Ÿงฌ Service & OS Fingerprinting

  • Detect service versions: nmap -sV [target]

  • Set version scan intensity: nmap -sV --version-intensity 9 [target]

  • Troubleshoot version scan: nmap -sV --version-trace [target]

  • Aggressive scan (OS + services + scripts): nmap -A [target]

  • RPC scan: nmap -sR [target]

  • Detect operating system: nmap -O [target]

  • Guess OS with full port scan: nmap -O -p- --osscan-guess [target]

  • Verbose OS detection: nmap -O -v [target]

๐Ÿ“œ Protocol & Firewall Detection

  • List supported IP protocols: nmap -sO [target]

  • Detect stateful firewalls (TCP ACK scan): nmap -sA [target]

๐Ÿง  Nmap Scripting Engine (NSE)

  • Run a specific script: nmap --script [script.nse] [target]

  • Run scripts by category: nmap --script [category] [target]

  • Troubleshoot a script: nmap --script [script] --script-trace [target]

  • Update script database: nmap --script-updatedb

Script Categories:

auth, broadcast, dos, default, discovery, external, intrusive, malware, safe, version, vuln

๐Ÿงช Nmap Examples

  • Detect service versions and OS: nmap -sV -O [target]

  • Detect web servers: nmap -sV --script http-title [target]

  • Scan top 10 common ports: nmap --top-ports 10 [target]

  • Discover hosts via broadcast ping: nmap --script broadcast-ping

  • Get WHOIS info: nmap --script whois [target]

  • Brute-force DNS records: nmap --script dns-brute [target]

  • MAC address spoofing scan: nmap -v -sT -PN --spoof-mac [MAC] [target]

  • Run all vulnerability scripts: nmap -sV --script vuln [target]

  • Run version and discovery scripts: nmap -sV --script="version,discovery" [target]

  • Detect sniffers: nmap -sP --script sniffer-detect [target]

Comments

Post a Comment

Popular posts from this blog

TryHackMe Learning Path From Beginner to Expert

Image
  TryHackMe Learning Path From Beginner to Expert A comprehensive TryHackMe learning path with organized sections on Introductory Rooms, Linux Fundamentals, Networking, Forensics, CTF challenges, Scripting, and more. This repo provides a structured approach to mastering cybersecurity skills through TryHackMe. Name of Topic Number of Rooms Introductory Rooms 10 Network Basics 4 Forensics 5 Networking 7 Linux Fundamentals 5 Special Events 9 Easy CTF 58 Privilege Escalation 13 Hard CTF 38 Scripting 8 Active Directory 5 Basic Rooms 9 Misc 35 Steganography 6 Reverse Engineering 11 Web 27 Crypto & Hashes 5 Medium CTF 73 Reconnaissance 10 Tooling 17 Malware Analysis 7 Wifi Hacking 1 PCAP Analysis 4 Android 1 Buffer Overflow 4 Windows 7 Windows Fundamentals 3 Total Rooms 389 Intro Rooms   TryHackMe | Welcome   TryHackMe | How to use TryHackMe   TryHackMe | Tutorial   TryHackMe | OpenVPN   TryHackMe | Learning Cyber Security   TryHackMe | Starting Out In Cy...
Read More >>

90-Day Cybersecurity Study Plan

Image
90-DayCybersecurity Study Plan ๐Ÿ“š Table of Contents Introduction Goals and Audience Daily BreakdownDay 1-7: Network+ Concepts Day 8-14: Security+ Concepts Day 15-28: Linux Tutorials Day 29-42: Python Day 43-56: Traffic Analysis Day 57-63: Git Day 64-70: ELK Day 71-77: GCP or AWS or Azure Day 85-90: Hacking ๐Ÿ“˜ Introduction Welcome to the  90 Days of Cybersecurity  challenge! This repository provides a structured, 90-day self-paced study plan designed to help learners build a strong foundation in cybersecurity. Whether you're a beginner looking to break into the field or a professional aiming to sharpen your skills, this roadmap offers a wide range of curated resources, hands-on tasks, and learning materials. The daily modules cover essential and advanced topics, including: Networking fundamentals (Network+) Security principles (Security+) Linux basics and shell scripting Python programming for security tasks Traffic analysis and packet inspection Version control with Git SIEM t...
Read More >>

Comprehensive Metasploitable2 Exploitation Walkthrough

Image
Comprehensive Metasploitable2 Exploitation Walkthrough This educational walkthrough demonstrates how to identify and exploit common vulnerabilities in the Metasploitable2 virtual machine using tools like Nmap, Telnet, FTP, VNC, PostgreSQL, and Apache Tomcat via Metasploit. Designed for ethical hacking practice, it guides learners through real-world exploitation techniques to highlight the importance of securing exposed services. Introduction: Metasploitable2 , developed by Rapid7 , is a valuable tool designed for developing and executing exploits against vulnerable systems. This walkthrough outlines the step-by-step process of exploiting different ports on Metasploitable2 for educational purposes. Discovery Phase: The default login credentials for the Metasploitable2 machine is msfadmin:msfadmin. Press enter or click to view image in full size Metasploitable2 Machine Identifying the victim’s IP address using the `ifconfig` command. Press enter or click to view image in full size Utiliz...
Read More >>