{"id":358,"date":"2023-05-30T17:21:55","date_gmt":"2023-05-30T15:21:55","guid":{"rendered":"https:\/\/linowebserver.org\/?p=358"},"modified":"2023-05-30T18:32:10","modified_gmt":"2023-05-30T16:32:10","slug":"nmap-cheat-sheet","status":"publish","type":"post","link":"https:\/\/linowebserver.org\/index.php\/2023\/05\/30\/nmap-cheat-sheet\/","title":{"rendered":"NMAP Cheat Sheet v1"},"content":{"rendered":"\n
Port Specification Options<\/u><\/strong><\/th><\/tr><\/thead>
Syntax<\/strong><\/td>Example<\/strong><\/td>Description<\/strong><\/td><\/tr>
-p<\/td>nmap -p 23 192.168.1.1<\/td>scanning port 23 of host<\/td><\/tr>
-p<\/td>nmap -p 23-100 192.168.1.1<\/td>scanning port range 23-100<\/td><\/tr>
-pU: , -T:<\/td>nmap -pU:110,T:23-25 192.168.1.1<\/td>scanning UDP 110 and range 23-25 TCP<\/td><\/tr>
-p-<\/td>nmap -p- 192.168.1.1<\/td>scanning all ports<\/td><\/tr>
-F<\/td>nmap -F 192.168.1.1<\/td>fast port scan<\/td><\/tr>
-r<\/td>nmap -r 192.168.1.1<\/td>sequencial port scan<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Scanning Types (-s \/ -S)<\/u><\/strong><\/th><\/tr><\/thead>
Syntax<\/strong><\/td>Example<\/strong><\/td>Description<\/strong><\/td><\/tr>
-sS<\/td>nmap -sS 192.168.1.1<\/td>TCP SYN port Scan<\/td><\/tr>
-sT<\/td>nmap -sT 192.168.1.1<\/td>TCP Connet port scan<\/td><\/tr>
-sA<\/td>nmap -sA 192.168.1.1<\/td>TCP ACK port scan<\/td><\/tr>
-sU<\/td>nmap -sU 192.168.1.1<\/td>UDP port scan<\/td><\/tr>
-Sf<\/td>nmap -Sf 192.168.1.1<\/td>TCP FIN scan<\/td><\/tr>
-Su<\/td>nmap -Su 192.168.1.1<\/td>UDP scan<\/td><\/tr>
-sL<\/td>nmap -sL 192.168.1.1-253<\/td>List scan<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Discovery Scan (-s \/ -P -n)<\/u><\/strong><\/th><\/tr><\/thead>
Syntax<\/strong><\/td>Example<\/strong><\/td>Description<\/strong><\/td><\/tr>
-sL<\/td>nmap -sL 192.168.1.1-254<\/td>list x.1-x.254 withour scan<\/td><\/tr>
-sn<\/td>nmap -sn 192.168.1.1\/24<\/td>disable port scan<\/td><\/tr>
-Pn<\/td>nmap -Pn 192.168.1.1\/24<\/td>only portscan without host discovery<\/td><\/tr>
-PS<\/td>nmap 192.168.1.1 -PS22-25,80,443<\/td>SYN specified port scan 22-25,80,443<\/td><\/tr>
-PA<\/td>nmap 192.168.1.1 -PA22-25,80,443<\/td>ACK specified port scan 22-25,80,443<\/td><\/tr>
-PU<\/td>nmap 191.68.1.1 -PU53<\/td>UDP specified port scan<\/td><\/tr>
-PR<\/td>nmap 192.168.1.1-255<\/td>ARP discovery<\/td><\/tr>
-n<\/td>nmap 192.168.1.1 -n<\/td>no DNS reselution<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Version Detection<\/u><\/strong><\/th><\/tr><\/thead>
Syntax<\/strong><\/td>Example<\/strong><\/td>Description<\/strong><\/td><\/tr>
-sV<\/td>nmap -sV 192.168.1.1<\/td>try to find the version of Service<\/td><\/tr>
-sV –version-all<\/td>nmap -sV –version-all 192.168.1.<\/td>Set intensily level to 9<\/td><\/tr>
-sV –version-light<\/td>nmap -sV –version-light 192.168.<\/td>enable light mode<\/td><\/tr>
-A<\/td>nmap -A 192.168.1.1<\/td>enable all detections (OS,ver,script)<\/td><\/tr>
-O<\/td>nmap -O 192.168.1.1<\/td>OS-Detection<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Scan options<\/u><\/strong><\/th><\/tr><\/thead>
<\/td><\/tr>
Syntax<\/strong><\/td>Description<\/strong><\/td><\/tr>
nmap -sP 192.168.1.1<\/td>Ping Scan only<\/td><\/tr>
nmap 192.168.1.1 192.168.1.100<\/td>Scan specific Ips<\/td><\/tr>
nmap 192.168.1.1-253<\/td>scan a range of Ips<\/td><\/tr>
nmap test.de<\/td>scan a domain<\/td><\/tr>
nmap 192.168.1.0\/24<\/td>scan using CIDR<\/td><\/tr>
nmap -iL targets.txt<\/td>scan from target file<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Specification<\/u><\/strong><\/th><\/tr><\/thead>
Syntax<\/strong><\/td>description<\/strong><\/td><\/tr>
nmap 192.178.1.1<\/td>single IP scan<\/td><\/tr>
nmap 192.178.1.1 192.168.100.1<\/td>scan specific Ips<\/td><\/tr>
nmap 192.168.1.254<\/td>scan a range of IPs<\/td><\/tr>
nmap test.com<\/td>scan a domain<\/td><\/tr>
nmap 192.168.1.0\/24<\/td>scan CIDR notation<\/td><\/tr>
nmap -iL scan.txt<\/td>scan from files<\/td><\/tr>
nmap –execlude 192.168.1.2<\/td>exclude a specified IP<\/td><\/tr>
nmap –traceroute 192.168.1.1<\/td>traceroute 192.168.1.1<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
nmap Output Formats (-o)<\/u><\/strong><\/th><\/tr><\/thead>
Syntax<\/strong><\/td>description<\/strong><\/td><\/tr>
Default \/normal output<\/td>nmap -oN rs.txt 192.168.1.1<\/td><\/tr>
XML<\/td>nmap -oX rs.xml 192.168.1.<\/td><\/tr>
Grepable<\/td>nmap -oG gp.txt 192.168.1.<\/td><\/tr>
All formats<\/td>nmap -oA all.txt 192.168.1.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Firewall Proofing<\/u><\/strong><\/th><\/tr><\/thead>
Syntax<\/strong><\/td>description<\/strong><\/td><\/tr>
nmap -f 192.168.1.1<\/td>scan fragment packets<\/td><\/tr>
nmap -sTU 1490 192.168.1.1<\/td>scan with specified MTU (1490)<\/td><\/tr>
nmap -sI 5 192.168.2.2<\/td>scan ZOMBIE<\/td><\/tr>
nmap -source-port 22 192.168.1.1<\/td>manual source port -specifiy scan<\/td><\/tr>
nmap -data-length 1400 192.168.1.1<\/td>randomly appended data 1400<\/td><\/tr>
nmap -randomize-hosts192.168.1.0\/25<\/td>randomly scan of hosts<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Timing Options<\/u><\/strong><\/th><\/tr><\/thead>
Syntax<\/strong><\/td>description<\/strong><\/td><\/tr>
nmap -T0 192.168.1.1<\/td>slowest<\/td><\/tr>
nmap -T1 192.168.1.1<\/td>tricky Scan to avoid IDS<\/td><\/tr>
nmap -T2 192.168.1.1<\/td>timely scan<\/td><\/tr>
nmap -T3 192.168.1.1<\/td>default scan timer<\/td><\/tr>
nmap -T4 192.168.1.1<\/td>aggresive scan timer<\/td><\/tr>
nmap -T5 192.168.1.1<\/td>avery aggresive scan timer<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Use of nmap Scipts NSE<\/u><\/strong><\/th><\/tr><\/thead>
Syntax<\/strong><\/td>description<\/strong><\/td><\/tr>
nmap –script= test script 192.168.1.0\/24<\/td>execute script against target IP<\/td><\/tr>
nmap –script-updatedb<\/td>update\/adding new scripts<\/td><\/tr>
nmap -sV -sC 192.168.1.1<\/td>safe default Scripts<\/td><\/tr>
nmao –script-help=“Test Script“<\/td>get help for script<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Mscellaneous Commands<\/u><\/strong><\/th><\/tr><\/thead>
<\/td><\/tr>
Syntax<\/strong><\/td>description<\/strong><\/td><\/tr>
nmap -6<\/td>scan IP-V6 targets<\/td><\/tr>
nmap -proxies<\/td>run with proxies<\/td><\/tr>
nmap -open<\/td>show open ports only<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"

Port Specification Options Syntax Example Description -p nmap -p 23 192.168.1.1 scanning port 23 of host -p nmap -p 23-100 192.168.1.1 scanning port range 23-100 -pU: , -T: nmap -pU:110,T:23-25 192.168.1.1 scanning UDP 110 and range 23-25 TCP -p- nmap -p- 192.168.1.1 scanning all ports -F nmap -F 192.168.1.1 fast port scan -r nmap -r […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,33,13,66,9,1,34],"tags":[86,21,23,45,49,25,47,42,84],"class_list":["post-358","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-howto-2","category-kali-linux","category-linux-3","category-linux","category-uncategorized","category-windows","tag-cheetsheet","tag-cybersecurity","tag-cybersecuritytraining-2","tag-ethicalhacking","tag-hacking","tag-informationsecurity-2","tag-informationtechnology","tag-infosec","tag-nmap"],"_links":{"self":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts\/358","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/comments?post=358"}],"version-history":[{"count":11,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts\/358\/revisions"}],"predecessor-version":[{"id":377,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/posts\/358\/revisions\/377"}],"wp:attachment":[{"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/media?parent=358"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/categories?post=358"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linowebserver.org\/index.php\/wp-json\/wp\/v2\/tags?post=358"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}