|
Nmap Cheat Sheet |
||
|
Target |
||
|
Scanning
subnet |
192.168.1.0/24 |
nmap
-p- 192.168.1.0/24 |
 |
||
|
Scanning
subnet |
192.168.1.* |
nmap
-p- 192.168.1.* |
 |
||
|
Range
of IP's |
192.168.1.1-50 |
nmap 192.168.1.1-50 |
 |
||
|
Scanning
input from list |
-iL
list.txt |
nmap -iL
list.txt |
|
||
|
Excluding
from range |
--exclude |
nmap
-p 192.168.1.* --exclude 192.168.1.10 |
 |
||
|
Ports |
||
|
Top
ports |
--top-ports |
nmap --top-ports
1000 192.168.1.106 |
 |
||
|
Range
of Ports |
-p 1-1024 |
nmap -p
1-65535 192.168.1.1 |
 |
||
|
Scan
Listed ports |
-p 21,22,443 |
nmap -p 1-100,443
8.8.8.8 |
 |
||
|
Exclude
Ports |
--exclude-ports
1-10 |
nmap
-p 1-1000 --exclue-ports 250-500 localhost |
 |
||
|
Host Discovery |
||
|
Treat
all host as online |
-Pn |
nmap -Pn
localhost |
 |
||
|
Ping
scan, no Port Scan |
-sn |
nmap -sn
192.168.0.0/24 |
 |
||
|
Never
Resolve DNS |
-n |
nmap -n
192.168.0.0/25 |
 |
||
|
Always
Resolve DNS |
-r |
nmap -r
192.168.0.0/26 |
 |
||
|
Scan Techniques |
||
|
Scan
TCP |
-sT |
nmap -sT
192.168.1.1 |
 |
||
|
Scan UDP |
-sU |
nmap -sU 192.168.1.2 |
 |
||
|
Scan
TCP Flags |
--scanflags |
nmap
-sS --scanflags SYNFIN -T4 localhost |
 |
||
|
Scan
Idle |
-sI |
Idle
Scan |
 |
||
|
Bounce
Scan |
-b |
|
 |
||
|
Service Version |
||
|
Detect
service/daemon versions |
-sV |
nmap -sV
localhost |
 |
||
|
Choose
intensity 0 to 9 |
--version-intensity |
|
 |
||
|
Try
every single proble (intensity 9) |
--version-all |
|
 |
||
|
OS Detection |
||
|
Enables
OS Detection |
-O |
nmap
-T4 -O localhost |
 |
||
|
OS,
Version, Script and Traceroute |
-A |
nmap
-T4 -A localhost |
 |
||
|
Performance |
||
|
Number
of hosts to be scanned simultaneously |
-iR |
-iR
10 |
 |
||
|
Fast Execution |
-T4 |
nmap
-A -T4 cloudflare.com |
 |
||
|
Output |
||
|
Output
scan result |
-oN
output.txt |
nmap -oN
output.txt cyberswats.com |
   |
||
|
Output
to xml |
-oX
output.xml |
nmap -oX
output.xml cyberswats.com |
   |
||
|
Misc |
||
|
CVE
Detection (Vulnerabilities) |
--script
vuln |
nmap
-Pn --script vuln 192.168.1.105 |
|
Diagram |
||
|
Dos
Attack |
|
nmap
192.168.80.1 -max-parallelism 800 -Pn --script http-slowloris --script-args
http-slowloris.runforever=true |
|
|
||
|
Brute
force attack |
|
nmap
-sV --script http-wordpress-brute --script-args
'userdb=users.txt,passdb=passwds.txt,http-wordpress-brute.hostname=domain.com,
http-wordpress-brute.threads=3,brute.firstonly=true' 192.168.1.1 |
|
Malware
Check |
|
nmap
-sV --script=http-malware-host 192.168.1.1 |
|
Malware
Google Check |
|
nmap
-p80 --script http-google-malware cyberswats.com |
|
S |
0 Comments