Sunday, July 8, 2018

Nmap Basics And The Ultimate Cheat Sheet

WHAT IS NMAP?

Nmap is a security scanner abbreviated for network Mapper, originally written by Gordon Lyon in C, C++, Python, Lua and is used to discover hosts and services on a computer network, thus building a "map" of the network. To do this Nmap sends specially crafted packets to the target host and then analyzes the responses.

The software provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection and other features.

NMAP CHEAT SHEET:

nmap [Scan type] [Options]<host or net #l...[#N[>
source: nmap.org


Scan Options:

-sT : Tcp connect
-sX : Xmas scan
-sU : UDP scans
-sA : Ack scan
-sL : List/DNS scan
-sS : SYN scan
-sN : Null scan
-sO : Protocol scan
-sW : Window scan
-sF : Fin scan
-sP : Ping scan
-sI  : Idle scan
-sR : RPC scan

Ping Detection:

-P0 : Don't ping
-PI :  ICMP ping
-PP : ICMP timestamp
-PT : TCP ping
-PS : SYN ping
-PB : PT+PI
-PM : ICMP netmask

Timing:

-T Paranoid - Serial scan and 300 seconds wait
-T Sneaky   - Serialize scan and 15 seconds wait
-T Polite - Serialize scan and 0.4 seconds wait
-T Normal - Parallel scan
-T Aggressive - Parallel scan and 300 seconds timeout and 1.25 second per probe
-T Insane - Parallel scan and 75 seconds and 0.3 second per probe
--host_timeout                                 --max_rtt_timeout(default -9000)
--min_rtt_timeout                            --initial_rtt_timeout(default -6000)
--max_parallelism                           --scan_delay(between probes)

--resume(scan)                                --append_output
-iL<target_filename>                      -p<port ranges>
-F (Fast scan mode)                         -D<decoy][,decoy2][,ME],>
-S<SRC_IP_Address>                    -e (interface)
-g<portnumber>                              --data_length<number>

--randomize_host                 -O(OS fingerprint)            -I(dent-scan)
-r(fragmentation)                 -v(verbose)                        -h(help)
-n(no reverse lookup)          -R(do reverse lookup)       -r(don't randomize port scan)
-b<ftp relay host> (FTP bounce)

No comments:

Post a Comment