Today’s topic is the Nmap Command list. Nmap, which stands for Network Mapper, is a free and open-source vulnerability evaluation and network discovery application. Nmap is used by network administrators to determine which devices are operating on their systems, debug networks, identify available hosts, find open ports, identify network security issues, and determine network device operating system and hardware characteristics.
Nmap can be used to monitor single hosts as well as large networks with hundreds of thousands of devices and subnets.
Below is the cheat sheet for Nmap that can be used for quick reference for commands.
Nmap Scanning command list
Scan a single target
nmap [IP address]
Scan multiple hosts within the same network
nmap [IP address1] [IP address2]
Scan a subnet
nmap [IP address/cidr]
Example:
nmap 192.168.1.1/24
Scanning an IPv6 address
nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2afe
Scanning a particular link or domain
nmap scan.nmap.com
Perform UDP power scan
nmap [IP address] -sU
Perform TCP window port scan
nmap [IP address] -sW
Perform TCP SYN port scan (default)
nmap [IP address] -sS
Scan by excluding a few hosts
nmap --exclude [IP address]
Implement TCP SYN scan
nmap -sS [IP address]
Implement TCP ACK scan
nmap -sA [IP address]
Implement UDP scan
Implement UDP scan
Implement IP protocol scan
nmap -sO [IP address]
Send IP packets to some host
nmap -send-ip [IP address]
Host discovery and ARP ping commands
Ping on scan
nmap -sP [IP address]
Discover ARP in the local network
nmap 192.168.1.1-1/24 -PR
Implement TCP SYN ping
nmap -PS [IP address]
Implement TCP ACK ping
nmap -PA [ip address]
Implement UDP ping
nmap -PU [IP address]
Implement ICMP echo ping
nmap -PE [IP address]
Implement IP protocol ping
nmap -PO [IP address]
Implementing tracerouting
nmap -traceroute [IP address]
Enforce reverse DNS resolution
nmap -R [IP address]
To disable reverse DNS resolution
nmap -n [IP address]
Port Scanning
Fast scan
nmap -F [IP address]
Specific ports’ scanning
nmap -p [port(s)] [IP address]
Implement scan on all the ports
nmap -p '*' [IP address]
Scan top k ports
nmap [IP address] --top-ports 10
Port scan a range
nmap [IP address] -p 1-100
Implement sequential port scanning
nmap -r [IP address]
Version and OS detection
OS detection
nmap -O [IP address]
Detect service version
nmap -sV [IP address]
OS detection, script scanning, version detection, and tracerouting
nmap 192.168.1.1 -A
Guess an unknown OS
nmap -O -osscan guess [IP address]
Implement Remote Procedure Call scan
nmap -sR [IP address]
Firewall/IDS Evasion techniques.
Spoofing a MAC-address
nmap -spoof-mac [MAC|0|vendor] [IP address]
Append some random data to delivered packets
nmap --data-length 100 [IP address]
Induce an invalid TCP/UDP checksum for the delivered packet
nmap --badsum [IP address]
Implement idle zombie scan
nmap -sI [zombie] [IP address]
Troubleshooting and debugging using outputs in Nmap
Implement packet tracing
nmap -packet-trace [IP address]
Enhance debugging level
nmap -d [IP address]
Show open ports
nmap --open [IP address]
Give the normal output of some file
nmap [IP address] -oN file.ext
Give XML output of the file
nmap [IP address] -oX file.ext
Display host interfaces and routes
nmap -iflist
Get Nmap version
nmap -V
To resume a scan
nmap --resume file.extension
Scripts
Run individual scripts
nmap -script [file.nse] [IP address]
To check for SQL injection attack
nmap -p80 --script http-sql-injection scan.domain.com
To update the script database
nmap -script-updatedb
Run multiple scripts using a wildcard
nmap -script [expression] [IP address]
Example
nmap -script 'http-*' 192.168.1.1
Conditions discussed in the command above
Ports
A port is a location on your computer where network services communicate with your computer. Ports are software-based tools managed by a computer’s operating system. Each port corresponds to a specific activity or service. Ports allow computers to easily distinguish between different types of traffic: emails, for example, travel to a different port than websites, even when both arrive at a computer over the same connection.
Ports are standardized across all network-connected devices, with each port assigned a unique number. For example, Standard Mail Transfer Protocol (SMTP) has port number 25 and HTTP has port number 80. Search for more port numbers & services on your end.
IP address
An IP address is a type of identifier for a device on the Internet or local network IP is an acronym for “Internet Protocol,” a collection of rules that govern the format of data distributed over the Internet or local network. The two different types of IP are IPv4 and IPv6.
TCP
TCP/IP allows you to specify how a particular computer should be linked to the Internet and how data should be sent between them. When numerous computer networks are connected, it helps to create a virtual network. It is a connection-based protocol which means it first establishes a connection between the server and the client and then transfers the data.
UDP
The datagram-based protocol is UDP. This is because there is no overhead to initiate, maintain or terminate a connection UDP is a good choice for broadcast and multicast network communications.
