Nmap (Network Mapper) is a free and open-source network detection and security scanning utility. Many network and system administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring server or service availability. Nmap uses raw IP packets in a novel way to determine the hosts available on the network, the services they offer (application name and version), and the operating systems they are running (and operating systems). version). It’s designed to scan large networks quickly but works well with a single host.
In this Nmap Cheat Sheet, You’ll learn all the basics to advanced like basic scanning techniques, discovery options in Nmap, Firewall evasion techniques, version detection, output options, scripting engines and more.
Usage of Nmap
- Auditing the security of a device or firewall by identifying the network connections that can be made to or through it.
- In preparation for auditing, identify open ports on a target host.
- Network inventory, network mapping, asset and maintenance management are all examples of network services.
- Identifying additional servers to test the network’s security.
- Creating network traffic, analysing responses, and measuring response time.
- Used to Finding and exploiting vulnerabilities in a network.
- DNS queries and subdomain search
Usage:
nmap [<Scan Type>] [<Options>] {<target specification>}
NMAP Commands Cheat Sheet 2023
Basic Scanning Techniques
|
Nmap Query |
Nmap Command |
|---|---|
|
nmap [target] |
|
|
nmap [target1,target2,etc] |
|
|
nmap -iL [list.txt] |
|
|
nmap [range of IP addresses] |
|
|
nmap [IP address/cdir] |
|
|
nmap -iR [number] |
|
|
nmap [targets] –exclude [targets] |
|
|
nmap [targets] –excludefile [list.txt] |
|
|
nmap -A [target] |
|
|
nmap -6 [target] |
Discovery Options
|
Nmap Query |
Nmap Command |
|---|---|
| Perform a ping scan only | nmap -sP [target] |
| Don’t ping | nmap -PN [target] |
| TCP SYN Ping | nmap -PS [target] |
| TCP ACK ping | nmap -PA [target] |
| UDP ping | nmap -PU [target] |
| SCTP Init Ping | nmap -PY [target] |
| ICMP echo ping | nmap -PE [target] |
| ICMP Timestamp ping | nmap -PP [target] |
| ICMP address mask ping | nmap -PM [target] |
| IP protocol ping | nmap -PO [target] |
| ARP ping | nmap -PR [target] |
| Traceroute | nmap –traceroute [target] |
| Force reverse DNS resolution | nmap -R [target] |
| Disable reverse DNS resolution | nmap -n [target] |
| Alternative DNS lookup | nmap –system-dns [target] |
| Manually specify DNS servers | nmap –dns-servers [servers] [target] |
| Create a host list | nmap -sL [targets] |
Firewall Evasion Techniques
|
Nmap Query |
Nmap Command |
|---|---|
| nmap -f [target] | |
| nmap –mtu [MTU] [target] | |
| nmap -D RND: [number] [target] | |
| Idle zombie scan | nmap -sI [zombie] [target] |
| Manually specify a source port | nmap –source-port [port] [target] |
| Append random data | nmap –data-length [size] [target] |
| Randomize target scan order | nmap –randomize-hosts [target] |
| Spoof MAC Address | nmap –spoof-mac [MAC|0|vendor] [target] |
| Send bad checksums | nmap –badsum [target] |
Version Detection
|
Nmap Query |
Nmap Command |
|---|---|
| Operating system detection | nmap -O [target] |
| Attempt to guess an unknown | nmap -O –osscan-guess [target] |
| Service version detection | nmap -sV [target] |
| Troubleshooting version scans | nmap -sV –version-trace [target] |
| Perform a RPC scan | nmap -sR [target] |
Output Options
|
Nmap Query |
Nmap Command |
|---|---|
| Save output to a text file | nmap -oN [scan.txt] [target] |
| Save output to a xml file | nmap -oX [scan.xml] [target] |
| Grepable output | nmap -oG [scan.txt] [target] |
| Output all supported file types | nmap -oA [path/filename] [target] |
| Periodically display statistics | nmap –stats-every [time] [target] |
| 133t output | nmap -oS [scan.txt] [target] |
Scripting Engine
|
Nmap Query |
Nmap Command |
|---|---|
| Execute individual scripts | nmap –script [script.nse] [target] |
| Execute multiple scripts | nmap –script [expression] [target] |
| Execute scripts by category | nmap –script [cat] [target] |
| Execute multiple scripts categories | nmap –script [cat1,cat2, etc] |
| Troubleshoot scripts | nmap –script [script] –script-trace [target] |
| Update the script database | nmap –script-updatedb |
Nmap Cheat Sheet – FAQs
1. What is Nmap, and why is it used?
Nmap is a free network scanning tool used to discover hosts and services on a network by analyzing responses to various packets and requests.
2. What is the Nmap command used for?
Nmap is a free network scanning application that analyses replies to various packets and requests to discover hosts and services on a network.
3. How do I scan an IP with Nmap?
A simple scan of a single IP address is as simple as: nmap <ip>
This will tell you whether the host is online and responding to pings, what ports are open, and what services are running on it. The cheat sheet above contains more sophisticated commands.
4 Is it OK to Nmap Google?
The long answer is that it is determined by your jurisdiction. The short answer is no, and you should not do it. Even if it isn’t illegal in your country, it will undoubtedly violate Google’s terms of service.
