Nmap Basics Cheat Sheet

Nmap Fundamentals Listing open ports on a remote host Exclude a host from scan Use custom DNS Server Scan - no ping targets Scan - no DNS resolve Scan specific port Scanning Port Ranges Scan specific port list nmap -p80,443,23 <target> Scan specific port range nmap -p1-100 <ta rget> Scan all ports Scan specific ports by protocol nmap -p- <target> nmap -pT:25,U:53 <target> Scan by Service name nmap -p smtp <ta rget> Scan Service name wildcards nmap -p smtp* <ta rget> Scan only port registered in Nmap services Scanning Large Networks Skipping tests to speed up long scans Arguments: No Ping No reverse resolution No port scanning Timing Templates Arguments Scanning is not supposed to interfere with the target system Recommended for broadband and Ethernet connections Normal Scan Template Not Recommended Cheatographer RomelSan (RomelSan) cheatography.com/romelsan/ www.romelsan.com -T3 -T5 or T1 or T0 Cheat Sheet -T4 -T2 -Pn -n -sn nmap -T4 -n -Pn -p- <target> nmap -p[1-65535] <target> nmap --exclude <excluded ip> <target> nmap --dns-servers [DNS1] ,[DNS2] <target> nmap -PN <target> nmap -n <target> nmap -p80 <target> Finding alive hosts Save as xml (export) nmap <target> Nmap Specifics

by RomelSan (RomelSan) via cheatography.com/3953/cs/830/

Fingerprinting the operating system of a host nmap -e <INTERFACE> <target> nmap -oN <filename> <ta rget> nmap -oX <filename> <ta rget> Detect Operating System (Verbose ) Listing protocols supported by a remote host Discovering stateful firewalls nmap -sP <target> nmap -sP -PS <ta rget> nmap -sP -PS80 <ta rget> nmap -sP --send-ip <target> IP Protocol ping scan (IGMP, IPin-IP, ICMP) ARP Scan nmap -sP -PO <ta rget> nmap -sP -PR <ta rget> Fingerprinting services of a remote host Display service version Set probes nmap -sV --version-intensity 9 <target> Aggressive detection nmap -A <target> nmap -sV <target> Discover host using Broadcast pings Brute force DNS records Nmap Examples Detect Service versions and OS Detect Web Servers nmap -sV --script httptitle <target> nmap --script broadcastping nmap --script dns-brute <target> nmap -sV -O <target> by using a TCP ACK scan nmap -sA <target> nmap -sO <target> Detect Operating System Guess Operating System nmap -O <target> nmap -O -p- --ossc an-guess <target> nmap -O -v <target>

Select Interface to make scans Save Normal method

Default ping scan mode Discovering hosts with TCP SYN ping scans Specific Port using TCP SYN ping scans Ping No arp

Sponsor FeedbackFair , increase your conversion rate today! Try it free! http://www.FeedbackFair.com

This cheat sheet was published on 9th February, 2013 and was last updated on 9th February, 2013.