NMAPs Commands

Nmap (Network Mapper) is a powerful tool for network discovery and security
auditing. In penetration testing, Nmap is commonly used for port scanning, service
detection, and vulnerability assessment. Here are some of the most used Nmap
commands for penetration testing:

1. Basic Ping Scan:

- nmap -sn 192.168.1.1
- Performs a ping scan to check which hosts are up (alive).

2. Basic Port Scan:

- nmap 192.168.1.1
- Scans 1,000 commonly used ports on a target.

3. Scan Specific Ports:

- nmap -p [port] 192.168.1.1
- Scans specific ports (e.g., nmap -p 22,80,443 192.168.1.1).

4. Service Version Detection:

- nmap -sV 192.168.1.1
- Identifies the version of services running on open ports.

5. Operating System Detection:

- nmap -O 192.168.1.1
- Tries to determine the target’s operating system.

6. Aggressive Scan:
- nmap -A 192.168.1.1
- Enables OS detection, version detection, script scanning, and traceroute in
one command.

7. Full TCP Connect Scan:

- nmap -sT 192.168.1.1
- Performs a full TCP connection scan (useful for detecting firewalled systems).

8. SYN Scan (Stealth Scan):

- nmap -sS 192.168.1.1
- Performs a SYN scan, a faster and stealthier method than a full connect scan.

9. UDP Scan:
- nmap -sU 192.168.1.1
- Scans UDP ports (typically slower but useful for identifying UDP services).

10. Scan for Specific Vulnerabilities:

- nmap --script [vuln_script] 192.168.1.1
- Executes a specific vulnerability script. For example: nmap --script vuln
192.168.1.1.

11. Scan Multiple Targets:

- nmap [target1,target2...]
- Scan multiple targets separated by commas or using ranges (e.g., nmap
192.168.1.1-10).

12. Scan an Entire Subnet:

- nmap [subnet]
- Scans all devices on a subnet (e.g., nmap 192.168.1.0/24).
 13. Scan with Output to File:
- nmap -oN [filename] 192.168.1.1
- Saves the scan results to a file (e.g., nmap -oN scan_results.txt
192.168.1.1).

14. Use Decoys for Anonymity:

- nmap -D RND:10 192.168.1.1
- Sends decoy packets to obscure the scan's origin, making detection harder.

15. Scan for Open Ports Only:

- nmap --open 192.168.1.1
- Shows only open ports in the scan output.

16. Scan with Timing Templates:

- nmap -T[0-5] 192.168.1.1
- Adjusts the speed of the scan, from T0 (slowest) to T5 (fastest), e.g., nmap -
T4 192.168.1.1.

17. Detect Firewall Rules (Idle Scan):

- nmap -sI [zombie_ip] 192.168.1.1
- Uses a third-party host (zombie) to scan without revealing the attacker's IP.

18. Scan with NSE Scripts for Vulnerability Detection:

- nmap --script=vuln 192.168.1.1
- Runs Nmap's default vulnerability scripts against the target to check for
known vulnerabilities.
19. Scan All Ports:
- nmap -p- 192.168.1.1
- Scans all 65,535 TCP ports on the target.
20. Scan for Default Credentials:
- nmap --script=http-default-accounts 192.168.1.1
- Tries to identify default login credentials for services on the target.
These Nmap commands are commonly used in penetration testing to identify open
ports, services, operating systems, and potential vulnerabilities within a network.
Each command can be fine-tuned with additional options depending on the specific
needs of the penetration test.