The gMan nixWiki

Because the mind is made of Teflon...

User Tools

Site Tools

You are here: start » cheat_sheets_nmap
cheat_sheets_nmap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cheat_sheets_nmap [2022/11/06 20:14] – [General Use] gmancheat_sheets_nmap [2023/11/05 21:38] (current) – [Common Switches] gman
Line 7: Line 7:
 ====== General Use ====== ====== General Use ======
  
-**Usage:**+===== Syntax =====
  
 <code> <code>
Line 14: Line 14:
 </code> </code>
  
-**Standard Go-To Examples:** +===== Standard Go-To Examples =====
-  * Note: ''-vv'' and ''--reason'' are added for more verbosity (more is often better)+
  
 <code> <code>
Line 27: Line 26:
 </code> </code>
  
-**Common Switches:**+===== Common Switches =====
  
 ^  Switch  ^  Description  ^ ^  Switch  ^  Description  ^
Line 34: Line 33:
 |  **-sT**  | scan TCP | |  **-sT**  | scan TCP |
 |  **-sU**  | scan UDP | |  **-sU**  | scan UDP |
-|  **-sV**  | scan  +|  **-sV**  | scan Versions (on specified ports) 
-|  **-T[0-5]**  | Timing Template |+|  **-T[0-5]**  | [[https://nmap.org/book/performance-timing-templates.html | Timing Templates]] (higher is faster) |
 |  **-p-**  | Ports, scan all | |  **-p-**  | Ports, scan all |
 |  **-p [csv]**  | Ports, scan specified | |  **-p [csv]**  | Ports, scan specified |
 |  **-O**  | OS Fingerprinting | |  **-O**  | OS Fingerprinting |
-|  **-A**  | Aggressive Scan (multiple functions) |+|  **-A**  | Aggressive Scan (multiple functions; noisy!) |
 |  **-vv**  | Very Verbose | |  **-vv**  | Very Verbose |
 |  **--reason**  | Reason a port is in said state | |  **--reason**  | Reason a port is in said state |
Line 60: Line 59:
 | 04 | Scan a subnet | ''nmap 192.168.20.2/24'' | | 04 | Scan a subnet | ''nmap 192.168.20.2/24'' |
 | 05 | Scan targets from text file | ''nmap -iL ips.txt'' | | 05 | Scan targets from text file | ''nmap -iL ips.txt'' |
- 
----- 
  
 ===== Port Selection ===== ===== Port Selection =====
Line 71: Line 68:
 | 09 | Scan all ports| ''nmap -p- 192.168.20.128'' | | 09 | Scan all ports| ''nmap -p- 192.168.20.128'' |
 | 10 | Specify UDP or TCP scan| ''nmap -p U:137,T:139 192.168.20.128'' | | 10 | Specify UDP or TCP scan| ''nmap -p U:137,T:139 192.168.20.128'' |
- 
----- 
  
 ===== Scan Types ===== ===== Scan Types =====
Line 81: Line 76:
 | 13 | Scan UDP ports| ''nmap -sU -p 123,161,162 192.168.20.128'' | | 13 | Scan UDP ports| ''nmap -sU -p 123,161,162 192.168.20.128'' |
 | 14 | Scan, Ignore Discovery (Ping not)| ''nmap -Pn -F 192.168.20.128'' | | 14 | Scan, Ignore Discovery (Ping not)| ''nmap -Pn -F 192.168.20.128'' |
- 
----- 
  
 ===== Service and OS Detection ===== ===== Service and OS Detection =====
Line 90: Line 83:
 | 16 | Standard service detection| ''nmap -sV 192.168.20.128'' | | 16 | Standard service detection| ''nmap -sV 192.168.20.128'' |
 | 17 | Aggressive service detection| ''nmap -sV –version-intensity 5 192.168.20.128'' | | 17 | Aggressive service detection| ''nmap -sV –version-intensity 5 192.168.20.128'' |
- 
----- 
  
 ===== Output Formats ===== ===== Output Formats =====
Line 116: Line 107:
 | 24 | Scan using a specific script| ''nmap -sV -p 443 -script=ssl-heartbleed 192.168.20.133'' | | 24 | Scan using a specific script| ''nmap -sV -p 443 -script=ssl-heartbleed 192.168.20.133'' |
 | 25 | Update script database| ''nmap –script-updatedb'' | | 25 | Update script database| ''nmap –script-updatedb'' |
- 
----- 
  
 ===== Useful NSE Scripts ===== ===== Useful NSE Scripts =====
Line 128: Line 117:
 | 30 | Find exposed Netbios servers| ''nmap -sU –script nbtstat.nse -p 137 192.168.20.128'' | | 30 | Find exposed Netbios servers| ''nmap -sU –script nbtstat.nse -p 137 192.168.20.128'' |
  
----- 
 ===== Script Categories ===== ===== Script Categories =====
  
Line 148: Line 136:
 |  **version**  | Scripts for advanced version detection. | |  **version**  | Scripts for advanced version detection. |
 |  **vuln**  | Scripts related to detecting and exploiting security vulnerabilities. | |  **vuln**  | Scripts related to detecting and exploiting security vulnerabilities. |
- 
-**Example:** 
- 
-<code> 
-nmap -Pn -p [csv,ports,to,scan] --script safe,discovery,vuln,exploit -T4 -vv --reason [target IP] 
-</code> 
- 
-----  
  
 ===== Examples & Reference ===== ===== Examples & Reference =====
Line 206: Line 186:
 # script scan without host discovery or a port scan. # script scan without host discovery or a port scan.
 # All hosts are assumed up and only host scripts are eligible to run. # All hosts are assumed up and only host scripts are eligible to run.
-</code> 
  
-----+## Common Go-To Example: 
 +nmap -Pn -p [csv,ports,to,scan] --script safe,discovery,vuln,exploit -T4 -vv --reason [target IP] 
 + 
 +</code>
  
cheat_sheets_nmap.1667765659.txt.gz · Last modified: by gman