Scribd
Upload
54 views17 pages

NMAP Cheat Sheet

Uploaded by

uvm8455
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
54 views17 pages

NMAP Cheat Sheet

Uploaded by

uvm8455
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Cyber

Public
School

CYBER PUBLIC SCHOOL

Cheat
Sheet
HTTPS://CYBERPUBLICSCHOOL.COM/
NAMP Cheat Sheet

Cheat
Sheet
CYBER PUBLIC SCHOOL

https://cyberpublicschool.com/ PAGE||02
NAMP Cheat Sheet

Table of Contents
● Introduction to Nmap

● Target Selection
● Port Selection
● Scan Types
● Service and Operating System Detection
● Output Formats
● NSE Scripting
● Firewall / IDS Evasion and Spoofing
CYBER PUBLIC SCHOOL
● Helpful Nmap Output Examples
● Miscellaneous Nmap Flags
● Other Useful Nmap Commands
● Frequently Asked Questions

https://cyberpublicschool.com/ PAGE||03
NAMP Cheat Sheet

Introduction to Nmap
Nmap (Network Mapper) is a free and open-source utility for
network discovery and security auditing. It is used to scan
large networks, single hosts, or ranges of IP addresses to
identify active hosts and the services they are offering. Nmap
can also be used to detect operating systems, device types,
and open ports.

Target Selection

Specifying individual targets: You can specify individual


targets by IP address, hostname, or CIDR range. For example,
to scan the IP address 192.168.1.100, you would use the
following command:
nmap 192.168.1.100
CYBER PUBLIC SCHOOL
To scan the hostname example.com, you would use the
following command:
nmap example.com
To scan the CIDR range 192.168.1.0/24, you would use the
following command:
nmap 192.168.1.0/24

Using target selection scripts: Nmap includes a number of


target selection scripts that can be used to select targets
based on specific criteria, such as IP address range, operating
system, or service type. For example, to scan all hosts on a

https://cyberpublicschool.com/ PAGE||04
NAMP Cheat Sheet
network that are running Windows, you would use the
following command:
nmap -sV -iL nmap-os-detect.nse .
To scan all hosts on a network that are offering the HTTP
service, you would use the following command:
nmap -sV -iL nmap-services.nse .

Reading targets from a file: You can also read targets from a
file. To do this, use the -iL option. The file should contain a list
of targets, one per line. For example, to scan all hosts in the
file targets.txt, you would use the following command:
nmap -iL targets.txt

Scanning random targets: Nmap can also be used to scan


random targets. To do this, use the -iR option. The number of
targets to scan is specified as an argument to the -iR option.
For example, toCYBER
scan 100PUBLIC SCHOOL
random targets on the internet, you
would use the following command:
nmap -iR 100

https://cyberpublicschool.com/ PAGE||05
NAMP Cheat Sheet
Port Selection

Specifying individual ports: You can specify individual ports to


scan by port number or port name. For example, to scan port
80, you would use the following command:
nmap -p 80 <target>
To scan port 22, you would use the following command:
nmap -p ssh <target>

Using port ranges: You can also specify port ranges to scan. To
do this, use the -p option with a hyphen (-) to separate the
beginning and end ports of the range. For example, to scan
ports 80 to 443, you would use the following command:
nmap -p 80-443 <target>

Using port lists: You can also specify port lists to scan. To do
this, use the -p CYBER PUBLIC
option with a commaSCHOOL
(,) to separate the port
numbers in the list. For example, to scan ports 80, 443, and
8080, you would use the following command:
nmap -p 80,443,8080 <target>

Scanning all ports: You can also scan all ports on a target. To
do this, use the -p- option. This will scan all 65,535 TCP ports
and UDP ports.

https://cyberpublicschool.com/ PAGE||06
NAMP Cheat Sheet
Using port selection scripts: Nmap includes a number of port
selection scripts that can be used to select ports based on
specific criteria, such as service type or operating system. For
example, to scan all ports that are associated with web
services, you would use the following command:
nmap -sV -iL nmap-top-ports-web.nse .

To scan all ports that are associated with SSH services, you
would use the following command:
nmap -sV -iL nmap-services.nse ssh

Once you have selected the ports to scan, you can start your
scan. Nmap will scan the specified ports on the target host
and report back on the results.

Scan Types
CYBER PUBLIC SCHOOL
TCP SYN scan (default): This is the most common scan type
and is relatively stealthy. It sends a SYN (synchronize) packet
to the target host and then waits for a response. If the port is
open, the target host will respond with a SYN-ACK
(synchronize/acknowledge) packet. If the port is closed, the
target host will respond with a RST (reset) packet. If the port is
filtered, the target host will not respond at all.

https://cyberpublicschool.com/ PAGE||07
NAMP Cheat Sheet
TCP FIN scan: This scan type is similar to the TCP SYN scan, but
it sends a FIN (finish) packet instead of a SYN packet. This scan
type is more stealthy than the TCP SYN scan, but it can also be
less reliable.

TCP NULL scan: This scan type sends a TCP packet with all of
the flags set to zero. This scan type is very stealthy, but it can
also be very unreliable.

UDP scan: This scan type sends a UDP packet to the target
host and then waits for a response. If the port is open, the
target host will respond with a UDP packet. If the port is
closed, the target host will not respond at all. UDP scans are
less reliable than TCP scans because UDP is a connectionless
protocol.

ICMP ping scan: CYBER PUBLIC


This scan SCHOOL
type sends an ICMP ping packet to
the target host and then waits for a response. If the host is
alive, it will respond with an ICMP ping response packet. If the
host is not alive, it will not respond at all.

Nmap also offers a variety of other scan types, such as OS


detection, version detection, and NSE scripting.

https://cyberpublicschool.com/ PAGE||08
NAMP Cheat Sheet
Service and Operating System Detection

Service Detection

Nmap can perform service detection by sending probes to


open ports and analyzing the responses. Nmap has a database
of probes for over 6,000 services.

For example, to detect the service running on port 80, Nmap


would send a probe that is specific to HTTP servers. If the
server responds with a valid HTTP response, Nmap will report
that the HTTP service is running on port 80.

Operating system Detection

Nmap can perform operating system detection by sending


probes to openCYBER PUBLIC
ports and SCHOOL
analyzing the responses. Nmap has
a database of fingerprints for over 2,600 operating systems.

For example, to detect the operating system running on a


host, Nmap would send a probe that is specific to the TCP/IP
stack of that operating system. If the host responds with a
packet that matches the fingerprint, Nmap will report that the
operating system is running on that host.

https://cyberpublicschool.com/ PAGE||09
NAMP Cheat Sheet
Output Formats

Nmap can output its results in a variety of formats, including:


● Text
● XML
● HTML
● CSV
● Markdown
The output format can be specified using the -o flag.

NSE Scripting

Nmap Scripting Engine (NSE) is a powerful tool that allows


users to write (and share) simple scripts to automate a wide
variety of networking tasks. Those scripts are then executed in
parallel with the speed and efficiency you expect from Nmap.
CYBER PUBLIC SCHOOL
NSE scripts can be used for a variety of purposes, including:

Vulnerability detection: NSE scripts can be used to detect


known vulnerabilities on networks and devices. For example,
there is an NSE script that can be used to detect the
Heartbleed vulnerability in OpenSSL.
Network discovery: NSE scripts can be used to discover
information about networks and devices, such as operating
systems, services, and devices. For example, there is an NSE
script that can be used to discover all of the devices on a
network that are running Windows.

https://cyberpublicschool.com/ PAGE||10
NAMP Cheat Sheet
Network troubleshooting: NSE scripts can be used to
troubleshoot network problems, such as connectivity issues
and performance problems. For example, there is an NSE
script that can be used to test the performance of a web
server.
Penetration testing: NSE scripts can be used to perform
penetration tests on networks and devices. For example, there
is an NSE script that can be used to brute-force the password
to a SSH server.

NSE scripts can be loaded into Nmap using the -sC flag.

Firewall / IDS Evasion and Spoofing

Nmap can be configured to evade firewalls and IDS systems.


This can
CYBER
be done by using PUBLIC
a variety SCHOOL
of techniques, such as:
● Using stealth scan types
● Spoofing the source IP address
● Using random source ports

https://cyberpublicschool.com/ PAGE||11
NAMP Cheat Sheet
Helpful Nmap Output Examples

Here are some helpful examples of Nmap output:

● Host is up (0.000007s latency). This line indicates that the


host is up and running.

● PORT STATE SERVICE This line indicates that the port is open
and the service running on it is identified.

● OS: Linux 2.6.32-431.11.1.el6.x86_64 (CentOS) This line


indicates the operating system running on the host.

Miscellaneous Nmap Flags

Here are some miscellaneous Nmap flags that you may find
useful: CYBER PUBLIC SCHOOL
● -T4 This flag specifies a faster scan.
● -A This flag enables all Nmap's OS detection capabilities.
● -v This flag increases the verbosity of Nmap's output.
● -d This flag enables debug output.

https://cyberpublicschool.com/ PAGE||12
NAMP Cheat Sheet
Other Useful Nmap Commands

Here are some other useful Nmap commands:


● nmap --help This command displays a list

Frequently Asked Questions

• What is the difference between a TCP SYN scan and a TCP


connect scan?
A TCP SYN scan is a stealthier scan type than a TCP connect
scan. A TCP SYN scan does not actually establish a full TCP
connection withthe target host. Instead, it sends a SYN packet
and waits for a response. If the target host responds with a
SYN-ACK packet, then the port is considered to be open. A TCP
connect scan, on the other hand, does establish a full TCP
connection with the target host. This makes it a less stealthy
CYBER
scan type, but it PUBLIC
also allows SCHOOL
Nmap to gather more information
about the target host, such as the service running on the port.

https://cyberpublicschool.com/ PAGE||13
NAMP Cheat Sheet
• What are some common Nmap commands?

Here are some common Nmap commands:


nmap -A <target>: Performs a comprehensive scan of the
target, including OS detection, service version detection, and
NSE script scanning.
nmap -sS <target>: Performs a TCP SYN scan of the target.
This is the most common type of scan and is relatively
stealthy.
nmap -sU <target>: Performs a UDP scan of the target. This
type of scan is less common, but can be useful for detecting
certain types of services.
nmap -p <port range> <target>: Scans only the specified port
range on the target.
nmap -Pn <target>: Assumes that the target is up and does
not send a ping request. This can be useful for scanning
targets that are CYBER PUBLIC SCHOOL
behind firewalls.

https://cyberpublicschool.com/ PAGE||14
NAMP Cheat Sheet
• What are some tips for using Nmap?

Here are some tips for using Nmap:


• Start with a simple scan, such as nmap -sS <target>. This
will give you a good overview of the target's open ports
and services.
• If you need more information, you can use the -A flag to
perform a comprehensive scan.
• You can also use NSE scripts to perform additional tasks,
such as detecting vulnerabilities or testing for specific
services.
• Be careful when scanning targets on the public internet.
Some organizations may not appreciate being scanned
without permission.

• What are some common Nmap errors?


CYBER PUBLIC SCHOOL
Here are some common Nmap errors:
Host is down or No response from host: This means that
Nmap was unable to reach the target host. This could be
because the host is offline, or because it is blocking Nmap
scans.
Port is filtered: This means that Nmap was unable to
determine whether the port is open or closed. This is often
because the target is using a firewall or other filtering device.
Port is open; service unknown: This means that Nmap
detected an open port, but could not identify the service

https://cyberpublicschool.com/ PAGE||15
NAMP Cheat Sheet
running on that port. This could be because the service is new
or unusual, or because Nmap does not have a signature for
that service.

• Where can I learn more about Nmap?

The Nmap website is a great resource for learning more about


Nmap, including documentation, tutorials, and examples.
There are also many third-party resources available, such as
books and online courses.

CYBER PUBLIC SCHOOL

https://cyberpublicschool.com/ PAGE||16
Contacts us
https://cyberpublicschool.com/

https://www.instagram.com/cyberpublicschool/

Phone no.: +91 9631750498 India


+61 424866396 Australia

CYBER PUBLIC SCHOOL

Our Successful Oscp Student.

https://cyberpublicschool.com/ PAGE||17

You might also like