The gMan nixWiki

Because the mind is made of Teflon...

User Tools

Site Tools

You are here: start » cheat_sheets_nmap
cheat_sheets_nmap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cheat_sheets_nmap [2022/11/06 20:11] – [Scan Target IPs] gmancheat_sheets_nmap [2023/11/05 21:38] (current) – [Common Switches] gman
Line 5: Line 5:
   * **Find scripts on your system:** ''locate *.nse''   * **Find scripts on your system:** ''locate *.nse''
  
-====== Scan Target IPs ======+====== General Use ======
  
-**Usage:**+===== Syntax =====
  
 <code> <code>
Line 14: Line 14:
 </code> </code>
  
-**Standard Go-To Examples:** +===== Standard Go-To Examples =====
-  * Note: ''-vv'' and ''--reason'' are added for more verbosity (more is often better)+
  
 <code> <code>
Line 27: Line 26:
 </code> </code>
  
-**Common Switches:**+===== Common Switches =====
  
 ^  Switch  ^  Description  ^ ^  Switch  ^  Description  ^
Line 34: Line 33:
 |  **-sT**  | scan TCP | |  **-sT**  | scan TCP |
 |  **-sU**  | scan UDP | |  **-sU**  | scan UDP |
-|  **-sV**  | scan  +|  **-sV**  | scan Versions (on specified ports) 
-|  **-T[0-5]**  | Timing Template |+|  **-T[0-5]**  | [[https://nmap.org/book/performance-timing-templates.html | Timing Templates]] (higher is faster) |
 |  **-p-**  | Ports, scan all | |  **-p-**  | Ports, scan all |
 |  **-p [csv]**  | Ports, scan specified | |  **-p [csv]**  | Ports, scan specified |
 |  **-O**  | OS Fingerprinting | |  **-O**  | OS Fingerprinting |
-|  **-A**  | Aggressive Scan (multiple functions) |+|  **-A**  | Aggressive Scan (multiple functions; noisy!) |
 |  **-vv**  | Very Verbose | |  **-vv**  | Very Verbose |
 |  **--reason**  | Reason a port is in said state | |  **--reason**  | Reason a port is in said state |
 |  **--script=vuln**  | NSE Scripts, RE: vulnerabilities | |  **--script=vuln**  | NSE Scripts, RE: vulnerabilities |
  
 +----
 +
 +====== Most Common Commands ======
  
 The following is a list and description of the 30 most common basic commands in nmap (for beginners). The following is a list and description of the 30 most common basic commands in nmap (for beginners).
   * **Source:** [[https://www.yeahhub.com/top-30-basic-nmap-commands-beginners/ | Top 30 Basic NMAP Commands for Beginners]]   * **Source:** [[https://www.yeahhub.com/top-30-basic-nmap-commands-beginners/ | Top 30 Basic NMAP Commands for Beginners]]
  
----- 
  
 ===== Target Selection ===== ===== Target Selection =====
Line 58: Line 59:
 | 04 | Scan a subnet | ''nmap 192.168.20.2/24'' | | 04 | Scan a subnet | ''nmap 192.168.20.2/24'' |
 | 05 | Scan targets from text file | ''nmap -iL ips.txt'' | | 05 | Scan targets from text file | ''nmap -iL ips.txt'' |
- 
----- 
  
 ===== Port Selection ===== ===== Port Selection =====
Line 69: Line 68:
 | 09 | Scan all ports| ''nmap -p- 192.168.20.128'' | | 09 | Scan all ports| ''nmap -p- 192.168.20.128'' |
 | 10 | Specify UDP or TCP scan| ''nmap -p U:137,T:139 192.168.20.128'' | | 10 | Specify UDP or TCP scan| ''nmap -p U:137,T:139 192.168.20.128'' |
- 
----- 
  
 ===== Scan Types ===== ===== Scan Types =====
Line 79: Line 76:
 | 13 | Scan UDP ports| ''nmap -sU -p 123,161,162 192.168.20.128'' | | 13 | Scan UDP ports| ''nmap -sU -p 123,161,162 192.168.20.128'' |
 | 14 | Scan, Ignore Discovery (Ping not)| ''nmap -Pn -F 192.168.20.128'' | | 14 | Scan, Ignore Discovery (Ping not)| ''nmap -Pn -F 192.168.20.128'' |
- 
----- 
  
 ===== Service and OS Detection ===== ===== Service and OS Detection =====
Line 88: Line 83:
 | 16 | Standard service detection| ''nmap -sV 192.168.20.128'' | | 16 | Standard service detection| ''nmap -sV 192.168.20.128'' |
 | 17 | Aggressive service detection| ''nmap -sV –version-intensity 5 192.168.20.128'' | | 17 | Aggressive service detection| ''nmap -sV –version-intensity 5 192.168.20.128'' |
- 
----- 
  
 ===== Output Formats ===== ===== Output Formats =====
Line 101: Line 94:
 ---- ----
  
-====== Common Switches ====== 
- 
-^  Switch  ^  Description  ^ 
-|  **-Pn**  | Ping not; disable host discovery | 
-|  **-sS**  | scan Stealth/SYN (default) | 
-|  **-sT**  | scan TCP | 
-|  **-sU**  | scan UDP | 
-|  **-sV**  | scan  | 
-|  **-T[0-5]**  | Timing Template | 
-|  **-p-**  | Ports, scan all | 
-|  **-p [csv]**  | Ports, scan specified | 
-|  **-O**  | OS Fingerprinting | 
-|  **-A**  | Aggressive Scan (multiple functions) | 
-|  **-vv**  | Very Verbose | 
-|  **--reason**  | Reason a port is in said state | 
-|  **--script=vuln**  | NSE Scripts, RE: vulnerabilities | 
- 
----- 
  
 ====== Nmap Scripting Engine ====== ====== Nmap Scripting Engine ======
Line 132: Line 107:
 | 24 | Scan using a specific script| ''nmap -sV -p 443 -script=ssl-heartbleed 192.168.20.133'' | | 24 | Scan using a specific script| ''nmap -sV -p 443 -script=ssl-heartbleed 192.168.20.133'' |
 | 25 | Update script database| ''nmap –script-updatedb'' | | 25 | Update script database| ''nmap –script-updatedb'' |
- 
----- 
  
 ===== Useful NSE Scripts ===== ===== Useful NSE Scripts =====
Line 144: Line 117:
 | 30 | Find exposed Netbios servers| ''nmap -sU –script nbtstat.nse -p 137 192.168.20.128'' | | 30 | Find exposed Netbios servers| ''nmap -sU –script nbtstat.nse -p 137 192.168.20.128'' |
  
----- 
 ===== Script Categories ===== ===== Script Categories =====
  
Line 164: Line 136:
 |  **version**  | Scripts for advanced version detection. | |  **version**  | Scripts for advanced version detection. |
 |  **vuln**  | Scripts related to detecting and exploiting security vulnerabilities. | |  **vuln**  | Scripts related to detecting and exploiting security vulnerabilities. |
- 
-**Example:** 
- 
-<code> 
-nmap -Pn -p [csv,ports,to,scan] --script safe,discovery,vuln,exploit -T4 -vv --reason [target IP] 
-</code> 
- 
-----  
  
 ===== Examples & Reference ===== ===== Examples & Reference =====
Line 222: Line 186:
 # script scan without host discovery or a port scan. # script scan without host discovery or a port scan.
 # All hosts are assumed up and only host scripts are eligible to run. # All hosts are assumed up and only host scripts are eligible to run.
-</code> 
  
-----+## Common Go-To Example: 
 +nmap -Pn -p [csv,ports,to,scan] --script safe,discovery,vuln,exploit -T4 -vv --reason [target IP] 
 + 
 +</code>
  
cheat_sheets_nmap.1667765514.txt.gz · Last modified: by gman