Nmap

Description

Nmap is a free and open source tool used for vulnerability checking, port scanning and, of course, network mapping.

Target

Scan a single IPScan a range of IPsScan a subnetScan from a file

nmap 10.10.10.10

nmap 10.10.10.1-20

nmap 10.10.10.0/24

nmap -iL list-of-ips.txt

Ports Scan

Scan a single portScan a range of portsScan 100 most common ports (Fast)Scan all 65535 ports

nmap -p 22 10.10.10.10

nmap -p 1-100 10.10.10.10

nmap -F 10.10.10.10

nmap -p- 10.10.10.10

Scan Types

Treat all hosts as onlineScan using TCP connectScan using TCP SYN scan (default)Scan UDP ports

nmap -Pn 10.10.10.10
# Skip host discovery   

nmap -sT 10.10.10.10

nmap -sS 10.10.10.10

nmap -sU 10.10.10.10

Services & OS Detection

Detect OS and Services (Aggressive)Scripts ScanService Version Detection

nmap -A 10.10.10.10
# -O -sC -sV --traceroute

nmap -sC 10.10.10.10

nmap -sV 10.10.10.10

Output Formats

Save default output to fileSave results as XMLSave results in a format for grepSave in all formats

nmap -oN target.txt 10.10.10.10

nmap -oX target.xml 10.10.10.10

nmap -oG target.txt 10.10.10.10

nmap -oA nmap/target 10.10.10.10

Scripts

Scan using default scriptsGet help for a scriptScan using a specific NSE scriptScan with a set of scripts

nmap -sC -sV 10.10.10.10

nmap --script-help=ssl-heartbleed   

nmap -–script=ssl-heartbleed.nse 10.10.10.10

nmap --script=smb* 10.10.10.10

References

• Hacktricks - Tcp Port Discovery
• Hacktricks - Udp Port Discovery
• Stationx - CheatSheet
• Nmap - Official Website
• Hackertarget - CheatSheet