NMAP CheatSheet - Networks Professionals
NMAP CheatSheet - Networks Professionals
NMAP CheatSheet - Networks Professionals
Cheat Sheets
Table of Content
● Introduction to Nmap
● Target Selection
● Port Selection
● Scan Types
● Output Formats
● NSE Scripting
Target Selection
Port Selection
By default, Nmap scans the 1,000 most popular ports. You can specify a
different range of ports to scan using the -p flag. For example, to scan
the ports 22, 80, and 443, you would use the following command:
Code snippet
nmap -p 22,80,443 192.168.1.1
You can also scan all 65,535 ports by using the -p- flag.
Scan Types
Nmap supports a variety of scan types. The default scan type is a TCP
SYN scan. This type of scan is relatively fast and stealthy. Other scan
types include:
Nmap can detect the services and operating systems running on a host.
This information can be useful for security auditing and penetration
testing. To detect services, Nmap uses a database of known services.
To detect operating systems, Nmap uses a variety of methods, including
fingerprinting.
Output Formats
● Text
● XML
● HTML
● CSV
● Markdown
● Port scanning
● Service detection
● Operating system detection
● Vulnerability detection
● Intrusion detection
NSE scripts can be loaded into Nmap using the -sC flag.
Nmap can be configured to evade firewalls and IDS systems. This can
be done by using a variety of techniques, such as:
Here are some miscellaneous Nmap flags that you may find useful:
A TCP SYN scan is a stealthier scan type than a TCP connect scan. A
TCP SYN scan does not actually establish a full TCP connection with
the target host. Instead, it sends a SYN packet and waits for a response.
If the target host responds with a SYN-ACK packet, then the port is
considered to be open. A TCP connect scan, on the other hand, does
establish a full TCP connection with the target host. This makes it a less
stealthy scan type, but it also allows Nmap to gather more information
about the target host, such as the service running on the port.
You can scan a range of ports with Nmap by using the -p flag. For
example, to scan the ports 22, 80, and 443, you would use the following
command:
Code snippet
nmap -p 22,80,443 192.168.1.1
You can also scan all 65,535 ports by using the -p- flag.
This script will scan the target host for the Heartbleed vulnerability.
There are a number of ways to evade firewalls and IDS systems with
Nmap. One way is to use stealth scan types, such as the TCP SYN
scan. Another way is to spoof the source IP address of your Nmap
scans. You can also use random source ports to make it more difficult
for firewalls and IDS systems to detect your scans.
Conclusion
This cheat sheet has covered the basics of Nmap. For more information,
please refer to the Nmap documentation: https://nmap.org/docs.html
Follow Us
Networks Professionals
Linkedin : https://www.linkedin.com/company/networksprofessionals
Linkedin : https://www.linkedin.com/in/aditrimukti
Contact Us