Thumbnail: nmap

Nmap Cheatsheet

by on under cheatsheets
5 minute read

A complete cheatsheet for the Nmap pentesting tool. Nmap (standing for Network Scanner) is a free and open-source tool used to discover hosts and services running on a machine’s ports or on a network.


Cheatsheet

Basic Usage

Syntax: nmap [SCAN TYPE] [OPTIONS] {TARGET}

Scan Types

Scan IP

nmap $IP

Scan Host

nmap hostname.com

Scan range of IPs

nmap IP-max

Ex.:

nmap 192.168.1.1-20

Scan Subnet

nmap IP/NUMBITS

Ex.:

nmap 192.168.1.0/24

Scan from file

nmap -iL list.txt

Port Selection

Single port

nmap -p 80 $IP

Most common ports (100)

nmap -F $IP

Range of ports

nmap -p min-max $IP

Ex.:

nmap -p 1-100 $IP

All ports

nmap -p- $IP

Port Scan Types

TCP Connect

nmap -sT $IP

TCP SYN scan

Set by default

nmap -sS $IP

UDP

nmap -sU $IP

Service and OS detection

Aggressive Scan

nmap -A $IP

Version Detection

nmap -sV $IP

Scripts

Scripts helps getting more specific results.

Syntax

nmap --script=SCRIPT $IP

OR

nmap --script=SCRIPT1,SCRIPT2,SCRIPT3 $IP

Most Used

Script’s name/ID Script’s Purpose
default (or -sC flag) Default
vuln Vulnerability Scan
http-enum HTTP Enumeration
http-grep HTTP Search
smb-enum-shares SMB Shares Enumeration
smb-enum-users SMB Users Enumeration
ftp-anon Detect FTP Anonymous Login
ssh-brute SSH Bruteforce
ftp-brute FTP Bruteforce
dns-brute DNS Discovery (Bruteforce)
http-wordpress-enum Enumerate WordPress Plugins and Themes
mysql-empty-password Detect If Login In MySQL Without Password Is Possible
mysql-users Enumerate MySQL Users
mysql-brute Bruteforce MySQL


Passing a Wordlist to Bruteforce Script

Ex.:

nmap --script=ssh-brute --script-args userdb=usernames.lst,passwd=passwords.lst $IP

IP Address Information

nmap --script=asn-query,whois,ip-geolocation-maxmind $IP

Set of Scripts

Ex.:

nmap --script=smb* $IP

Help

Ex.:

nmap --script-help=vuln $IP

Output to a File

Default

nmap -oN OUTPUT_FILE $IP

XML

nmap -oX OUTPUT_FILE $IP

Grep ready

nmap -oG OUTPUT_FILE $IP

All

nmap -oA OUTPUT_FILE $IP

Bypass Firewall (Windows)

nmap -Pn $IP

Verbosity

Verbose

nmap -v $IP

Very Verbose

nmap -vv $IP

Personnal Favorites

Default Scan

nmap -vv -sC -sV -oN nmap.log $IP

Complete Scan

nmap -vv -A -p- -oN nmap-complete.log $IP

Vulnerability Scan

nmap -vv --script vuln -oN nmap-vuln.log $IP

HTTP Scan

nmap -vv --script http* -oN nmap-http.log $IP

MySQL Scan

nmap -vv --script mysql* -oN nmap-mysql.log $IP

FTP Scan

nmap -vv --script ftp* -oN nmap-ftp.log $IP

SMB Scan

nmap -vv --script smb* -oN nmap-smb.log $IP

SSH Scan

nmap -vv --script ssh* -oN nmap-ssh.log $IP
comments powered by Disqus