{"id":1703,"date":"2021-04-04T19:23:27","date_gmt":"2021-04-04T19:23:27","guid":{"rendered":"https:\/\/dft.wiki\/?p=1703"},"modified":"2023-07-18T14:45:45","modified_gmt":"2023-07-18T18:45:45","slug":"nmap-cheat-sheet","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=1703","title":{"rendered":"Nmap Cheat Sheet"},"content":{"rendered":"<p>Search for connected devices in the network or all the open ports on the device:<\/p>\n<pre><strong>sudo<\/strong> nmap <strong>-sV -sC -oN<\/strong> scan.output 10.10.10.10<\/pre>\n<p><strong>SCANING<\/strong><\/p>\n<ul>\n<li>nmap <strong>-sP<\/strong> 192.168.0.0\/24\n<ul>\n<li><strong>Ping<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sT<\/strong> 10.0.0.1,10.0.0.2\n<ul>\n<li>scan most common <strong>TCP<\/strong> ports<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sU<\/strong> 192.168.0.1\n<ul>\n<li>scan most common <strong>UDP<\/strong> ports<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sS<\/strong> 192.168.0.1\n<ul>\n<li>scan ports <strong>Stealth<\/strong> mode<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sA<\/strong> 192.168.0.1\n<ul>\n<li><strong>ACK<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sF<\/strong> 192.168.0.1\n<ul>\n<li><strong>FIN<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sI<\/strong> 192.168.0.1\n<ul>\n<li><strong>IDLE<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sL<\/strong> 192.168.0.1\n<ul>\n<li><strong>DNS<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sN<\/strong> 192.168.0.1\n<ul>\n<li><strong>NULL<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sO<\/strong> 192.168.0.1\n<ul>\n<li><strong>Protocol<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sR<\/strong> 192.168.0.1\n<ul>\n<li><strong>RPC<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sW<\/strong> 192.168.0.1\n<ul>\n<li><strong>Windows<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sX<\/strong> 192.168.0.1\n<ul>\n<li><strong>XMAS<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-p-<\/strong> 192.168.0.1\n<ul>\n<li>scan <strong>all<\/strong> 65535 ports (takes some time)<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-p2000-3000<\/strong> 192.168.0.1\n<ul>\n<li>scan <strong>range<\/strong> of ports<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-O<\/strong> 192.168.0.1\n<ul>\n<li>guess the <strong>Operating<\/strong> System<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-A<\/strong> 192.168.0.1\n<ul>\n<li>series (<strong>All<\/strong>) of tests (takes a lot of time)<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-F<\/strong> 192.168.0.1\n<ul>\n<li><strong>Fast<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sV<\/strong>\u00a0192.168.0.1\n<ul>\n<li>service <strong>Version<\/strong> detection<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sn<\/strong> 192.168.0.1\n<ul>\n<li><strong>Ping only<\/strong> scan<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-Pn<\/strong> 192.168.0.1\n<ul>\n<li>Do <strong>not ping<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>&#8211;traceroute<\/strong> 192.168.0.1\n<ul>\n<li>Traceroute<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-R<\/strong>\u00a0192.168.0.1\n<ul>\n<li>force <strong>Reverse<\/strong> DNS<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sL<\/strong>\u00a0192.168.0.1\n<ul>\n<li>create a host <strong>List<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-T4<\/strong>\u00a0192.168.0.1\n<ul>\n<li>fast <strong>parallel<\/strong> speed (0 to 4)<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-oA outputFile<\/strong>\u00a0192.168.0.1\n<ul>\n<li><strong>All<\/strong> outputs<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-oX outputFile<\/strong>\u00a0192.168.0.1\n<ul>\n<li><strong>XML<\/strong> output format<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-oN outputFile<\/strong>\u00a0192.168.0.1\n<ul>\n<li>Normal output<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-oN outputFile<\/strong> 192.168.0.1\n<ul>\n<li>Saves the output to a file using normal output.<\/li>\n<li>Alternatively <strong>-oX<\/strong> for XML, <strong>-oS<\/strong> for script-kiddie type, <strong>-oS<\/strong> for grepable output, and <strong>-oA<\/strong> for all types.<\/li>\n<\/ul>\n<\/li>\n<li>nmap <strong>-sC<\/strong> 192.168.0.1\n<ul>\n<li>Script scan using <strong>default<\/strong>, equivalent to &#8211;script=default.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Nmap Script Engine (NSE)<\/strong><\/p>\n<ul>\n<li>safe:- Won&#8217;t affect the target<\/li>\n<li>intrusive:- Not safe: likely to affect the target<\/li>\n<li>vuln:- Scan for vulnerabilities<\/li>\n<li>exploit:- Attempt to exploit a vulnerability<\/li>\n<li>auth:- Attempt to bypass authentication for running services (e.g. Log in to an FTP server anonymously)<\/li>\n<li>brute:- Attempt to brute force credentials for running services<\/li>\n<li>discovery:- Attempt to query running services for further information about the network (e.g. query an SNMP server).<\/li>\n<\/ul>\n<p><strong>COMPARING SCANS<\/strong><\/p>\n<ul>\n<li>ndiff -v scan2.xml scan1.xml\n<ul>\n<li>verbosely compares output files<\/li>\n<\/ul>\n<\/li>\n<li>ndiff &#8211;xml scan2.xml scan1.xml\n<ul>\n<li>output the comparison to XML<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Take a list of networks from a file and Nmap them all using <strong>10<\/strong> parallel threads:<\/p>\n<pre>cat <strong>networks_list.txt<\/strong> | xargs -I CMD -P <strong>10<\/strong> nmap -sT -sV -sC -n -vvv -Pn -oX - CMD<\/pre>\n<p>Check for vulnerabilities using Nmap Scripting Engine:<\/p>\n<pre><strong>sudo<\/strong> nmap --script <strong>vuln<\/strong> 192.168.0.1<\/pre>\n<p>ZenMap is the official GUI for NMAP. See at [<a href=\"https:\/\/nmap.org\/zenmap\/\">Link<\/a>]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Search for connected devices in the network or all the open ports on the device: [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-1703","post","type-post","status-publish","format-standard","hentry","category-hacking"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1703","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1703"}],"version-history":[{"count":9,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1703\/revisions"}],"predecessor-version":[{"id":3704,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1703\/revisions\/3704"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}