Scribd
Upload
91 views

Network Enumeration With Nmap Module Cheat Sheet

This document provides a cheat sheet of common Nmap scanning options for network enumeration. It describes options for scanning targets and ports, performing OS detection and version scanning, setting performance parameters like timeouts and packet rates, and outputting results in normal, XML, and grepable formats. The options allow configuring what gets scanned, how it is scanned, and how the results are reported.

Uploaded by

skttoan1223
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
91 views

Network Enumeration With Nmap Module Cheat Sheet

This document provides a cheat sheet of common Nmap scanning options for network enumeration. It describes options for scanning targets and ports, performing OS detection and version scanning, setting performance parameters like timeouts and packet rates, and outputting results in normal, XML, and grepable formats. The options allow configuring what gets scanned, how it is scanned, and how the results are reported.

Uploaded by

skttoan1223
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

NETWORK ENUMERATION WITH

NMAP

CHEAT SHEET
Scanning Options

Nmap Option Description

10.10.10.0/24 Target network range.

-sn Disables port scanning.

-Pn Disables ICMP Echo Requests

-n Disables DNS Resolution.

-PE Performs the ping scan by using ICMP Echo Requests against the
target.

--packet-trace Shows all packets sent and received.

--reason Displays the reason for a specific result.

--disable-arp- Disables ARP Ping Requests.


ping

--top-ports= Scans the specified top ports that have been defined as most
<num> frequent.

-p- Scan all ports.

-p22-110 Scan all ports between 22 and 110.


Nmap Option Description

-p22,25 Scans only the specified ports 22 and 25.

-F Scans top 100 ports.

-sS Performs an TCP SYN-Scan.

-sA Performs an TCP ACK-Scan.

-sU Performs an UDP Scan.

-sV Scans the discovered services for their versions.

-sC Perform a Script Scan with scripts that are categorized as


"default".

--script Performs a Script Scan by using the specified scripts.


<script>

-O Performs an OS Detection Scan to determine the OS of the


target.

-A Performs OS Detection, Service Detection, and traceroute scans.

-D RND:5 Sets the number of random Decoys that will be used to scan the
target.

-e Specifies the network interface that is used for the scan.

-S 10.10.10.200 Specifies the source IP address for the scan.

-g Specifies the source port for the scan.

--dns-server DNS resolution is performed by using a specified name server.


<ns>

Output Options

Nmap Description
Option
Nmap Description
Option

-oA Stores the results in all available formats starting with the name of
filename "filename".

-oN Stores the results in normal format with the name "filename".
filename

-oG Stores the results in "grepable" format with the name of "filename".
filename

-oX Stores the results in XML format with the name of "filename".
filename

Performance Options

Nmap Option Description

--max-retries <num> Sets the number of retries for scans of specific ports.

--stats-every=5s Displays scan's status every 5 seconds.

-v/-vv Displays verbose output during the scan.

--initial-rtt-timeout Sets the specified time value as initial RTT timeout.


50ms

--max-rtt-timeout 100ms Sets the specified time value as maximum RTT timeout.

--min-rate 300 Sets the number of packets that will be sent


simultaneously.

-T <0-5> Specifies the specific timing template.

You might also like