Scribd
Upload
23 views5 pages

ED Nmap 110223 1642

Uploaded by

Murilo Zanardo Reis Nogueira
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views5 pages

ED Nmap 110223 1642

Uploaded by

Murilo Zanardo Reis Nogueira
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Nmap

Often used flags


The specific Nmap scans you should execute will depend on your specific needs and requirements. However, here are some commonly used
Nmap scans:

1. SYN scan (-sS): This is a stealthy scan that sends a SYN packet to the target host to determine if a port is open. This is the most
commonly used scan type in Nmap.
2. TCP connect scan (-sT): This is a basic scan that establishes a full TCP connection to the target host and port. This scan is less stealthy
than a SYN scan, but it can be useful for determining the state of a port.
3. UDP scan (-sU): This scan is used to determine if a UDP port is open on the target host. UDP scans can be slow and unreliable, as many
systems will simply drop UDP packets that are not recognized.
4. Version detection scan (-sV): This scan is used to determine the version of software running on a target host. Version detection is useful
for determining if a host is vulnerable to known exploits.
5. OS detection scan (-O): This scan is used to determine the type of operating system running on the target host. OS detection can be
useful in identifying known vulnerabilities and in developing a more effective penetration testing plan.
6. Script scan (-sC): This scan allows you to run custom scripts against the target host. Scripts can be used to gather additional information
about the target host and its services.
7. Ping scan (-sn): This scan is used to determine if a host is online and responding to network requests. This scan is a good starting point
when performing network reconnaissance.

Different run modes


The specific flags you should use when using Nmap will depend on your specific needs and requirements. However, here are some commonly
used flags that can make Nmap scans more effective:

1. -sS (SYN scan): This is a stealthy scan that sends a SYN packet to the target host to determine if a port is open. This is the most
commonly used scan type in Nmap.
2. -p (specify ports): This flag allows you to specify which ports you want to scan. For example, -p 1-1024 will scan the first 1024 ports.
3. -O (OS detection): This flag enables Nmap to perform OS detection on the target host. This can be useful in identifying the type of
operating system running on the host and determining if there are any known vulnerabilities.
4. -A (enable OS detection, version detection, script scanning, and traceroute): This flag enables Nmap to perform multiple tasks, including
OS detection, version detection, script scanning, and traceroute. This flag can save time by performing multiple tasks in a single scan.
5. -T (timing template): This flag allows you to specify the timing template for the scan. The timing templates range from -T0 (paranoid) to -
T5 (insane). The timing template controls the speed of the scan and can help evade firewalls and intrusion detection systems.
6. -v (verbose output): This flag increases the verbosity of the output, providing more detailed information about the scan.
7. -oN (output to a file): This flag allows you to save the output of the scan to a file, making it easier to review and analyze the results.

These are just a few of the most commonly used flags when using Nmap. It is important to understand the capabilities of Nmap and the specific
flags you need to achieve your goals. Also, be aware of the potential legal and ethical implications of using Nmap and other port scanners, and
always make sure you have permission to scan the target systems.

Some examples
Here are some examples of Nmap scans that you can run on your own server:

1. Basic host discovery scan:

nmap -sn 192.168.0.1

This scan will only determine if your server is online and responding to network requests.

1. Basic port scan:

nmap -p 1-65535 192.168.0.1

This scan will determine which ports are open on your server.
1. Version detection scan:

nmap -sV -p 1-65535 192.168.0.1

This scan will determine the version of software running on your server and the services it is running.

1. OS detection scan:

nmap -O 192.168.0.1

This scan will determine the type of operating system running on your server.

1. Scan all TCP ports with version and OS detection:

nmap -p- -sV -O 192.168.0.1

This scan will perform a full TCP port scan, including version and OS detection.

1. Stealth scan:

nmap -sS 192.168.0.1

This scan is a type of "half-open" scan that attempts to evade firewalls and intrusion detection systems by only completing the first stage of a
TCP handshake.

1. UDP scan:

nmap -sU 192.168.0.1

This scan will determine which UDP ports are open on your server.

1. Scripted scan:

nmap --script=default 192.168.0.1

This scan will run the Nmap Scripting Engine (NSE) and perform a variety of tests and probes, such as banner grabbing and vulnerability
detection.

1. Customized scan:

mmap -p 22,80,443 -sV -O -T4 192.168.0.1


This scan will scan the specified ports (22, 80, 443), perform version detection, OS detection, and use the aggressive timing option (-T4) to speed
up the scan.

1. Ping sweep scan:

nmap -sP 192.168.0.0/24

This scan will perform a ping sweep and determine which hosts in the specified subnet (192.168.0.0/24) are online.

It is important to note that Nmap scans can be resource-intensive, and running large or frequent scans on your own server can negatively impact
its performance. It is recommended to limit the scope and frequency of your scans and to avoid running scans against systems that you do not
own or have permission to scan.

More input
Here are a few examples of different inputs you can use when running Nmap scans:

1. Single IP address:

nmap 192.168.0.1

This scan will target a single IP address, in this case 192.168.0.1.

1. IP range:

nmap 192.168.0.1-100

This scan will target a range of IP addresses, in this case from 192.168.0.1 to 192.168.0.100.

1. IP subnet:

nmap 192.168.0.0/24

This scan will target an entire subnet, in this case 192.168.0.0/24, which includes 256 IP addresses.

1. Hostname or domain name:

nmap example.com

This scan will target a hostname or domain name, in this case example.com, and will resolve the hostname to an IP address before running the
scan.

1. Input file:

nmap -iL targets.txt


This scan will take the targets from an input file, in this case targets.txt, which can contain a list of IP addresses, hostnames, or domain
names.

1. List of IP addresses separated by commas:

nmap 192.168.0.1,192.168.0.2,192.168.0.3

This scan will target multiple IP addresses separated by commas.

1. Exclude specific IP addresses or ranges:

nmap 192.168.0.0/24 --exclude 192.168.0.1,192.168.0.10-20

This scan will target an entire subnet, but exclude specific IP addresses or ranges.

1. Load balanced IP addresses:

nmap 192.168.0.1-100 --randomize-hosts

This scan will target a range of IP addresses, but randomize the order in which they are scanned to help distribute the load.

1. Read targets from a file:

nmap -iL targets.txt --exclude-file exclude.txt

This scan will take the targets from an input file and exclude specific targets specified in another file.

Output
1. Normal Output:

nmap 192.168.0.1

This command will produce a normal Nmap output, showing the hosts and services discovered during the scan, along with their states.

1. XML Output:

nmap 192.168.0.1 -oX scan.xml

This command will produce an Nmap output in XML format, which can be saved to a file or further processed using XML parsing tools.

1. Greppable Output:
nmap 192.168.0.1 -oG scan.txt

This command will produce an Nmap output in a format that can be easily searched using grep, awk, or other text processing tools.

1. Here is an example of using the -oA (Output in all formats) flag in Nmap:

nmap 192.168.0.1 -oA scan_results

The -oA flag causes Nmap to produce output in all three of its major output formats: Normal, XML, and Greppable. The name provided after the -
oA option (in this case scan_results) is used as the base filename for the output files. So, in this example, Nmap will generate three files: scan
_results.nmap, scan_results.xml, and scan_results.gnmap.

This option is useful if you want to produce output in multiple formats for later analysis or processing, as it saves you from having to run the scan
multiple times with different output options. The Normal output file scan_results.nmap provides a human-readable report of the scan results,
while the XML output file scan_results.xml is suitable for further processing with other tools, and the Greppable output file scan_results.
gnmap is suitable for easy searching and filtering of the scan data.

You might also like