Nmap Cheat Sheet

Nmap Target Selection

Scan a single IP nmap
Scan a host nmap www.testhost.com
Scan a range of IPs nmap
Scan a subnet nmap
Scan targets from a text file nmap -iL list-of-ips.txt

Nmap Port Selection

Scan a single Port nmap -p 22
Scan a range of ports nmap -p 1-100
Scan 100 most common ports (Fast) nmap -F
Scan all 65535 ports nmap -p-

Nmap Port Scan types

Scan using TCP connect nmap -sT
Scan using TCP SYN scan (default) nmap -sS
Scan UDP ports nmap -sU -p 123,161,162
Scan selected ports – ignore discovery nmap -Pn -F

Service and OS Detection

Detect OS and Services nmap -A
Standard service detection nmap -sV
More aggressive Service Detection nmap -sV –version-intensity 5
Lighter banner grabbing detection nmap -sV –version-intensity 0

Nmap Output Formats

Save default output to file nmap -oN outputfile.txt
Save results as XML nmap -oX outputfile.xml
Save results in a format for grep nmap -oG outputfile.txt
Save in all formats nmap -oA outputfile

Digging deeper with NSE Scripts

Scan using default safe scripts nmap -sV -sC
Get help for a script nmap –script-help=ssl-heartbleed
Scan using a specific NSE script nmap -sV -p 443 –script=ssl-heartbleed.nse
Scan with a set of scripts nmap -sV –script=smb*

A scan to search for DDOS reflection UDP services

Scan for UDP DDOS reflectors nmap –sU –A –PN –n –pU:19,53,123,161

HTTP Service Information

Gather page titles from HTTP services nmap –script=http-title
Get HTTP headers of web services nmap –script=http-headers
Find web apps from known paths nmap –script=http-enum

Detect Heartbleed SSL Vulnerability

Heartbleed Testing nmap -sV -p 443 –script=ssl-heartbleed

IP Address information

Find Information about IP address nmap –script=asn-query,whois,ip-geolocation-maxmind


Comments are closed.