Cheatsheets

Practical Security Tool Cheatsheet: Nmap

by n8n admin

🛠 Security Tool Cheatsheet

Alex Morgan — Senior Penetration Tester

What is Nmap?

Nmap (Network Mapper) is an open-source tool used for network exploration and security auditing. It is widely utilized by security professionals and penetration testers to discover hosts and services on a computer network, thus creating a ‘map’ of the network.

Installation

Nmap is available for various platforms including Windows, Linux, and MacOS. Follow these instructions to install Nmap:

  • Linux: Use the package manager. For Debian/Ubuntu: sudo apt install nmap
  • Windows: Download the installer from the official site.
  • MacOS: Install via Homebrew: brew install nmap

Basic Syntax

The basic command structure of Nmap is as follows:

nmap [options] [target]

Where options control the behavior of Nmap and the target can be a single IP, a range, or a hostname.

Discovery

Ping Scan

To check if a host is up without performing a port scan:

nmap -sn 192.168.1.1

Discover Live Hosts on a Subnet

To find all live hosts in a subnet:

nmap -sn 192.168.1.0/24

Scanning

Service Detection

To detect service versions running on open ports:

nmap -sV 192.168.1.1

Operating System Detection

To identify the OS of a host:

nmap -O 192.168.1.1

Exploitation

Nmap Scripting Engine (NSE)

To run targeted scripts against services:

nmap --script 192.168.1.1

Analysis

XML Output

To save scan results in an XML file:

nmap -oX output.xml 192.168.1.1

Evasion

Stealth Scan

This scan avoids common detection mechanisms:

nmap -sS 192.168.1.1

Reporting

Saving Human-Readable Output

To save output in a human-readable format:

nmap -oN output.txt 192.168.1.1

Quick Reference Table

Flag Description
-sP Ping scan (no port scan)
-sV Service version detection
-O OS detection
-oX XML output
-oN Human-readable output

Pro Tips

  • Utilize nmap -Pn to skip host discovery if you know your targets are live but may not respond to pings.
  • Use nmap -T4 to speed up the scan process, especially for larger networks.
  • Leverage custom scripts with the Nmap Scripting Engine (NSE) for vulnerability assessments.

Real-World Examples

Here are examples of practical Nmap usage in real-world scenarios:

Example 1: Assessing a Web Server

To scan a web server and identify services:

nmap -sV -p 80,443 192.168.1.10

Example 2: Scanning a Range of IPs

To analyze multiple IPs for any open ports:

nmap -p- 192.168.1.1-50

Related Posts

Practical Security Guide for Mobile Devices

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why This Matters As mobile devices become an integral part of our daily lives, ensuring their security is paramount. They hold personal and sensitive information,…

Nmap Security Tool Cheatsheet

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is Nmap? Nmap (Network Mapper) is a powerful open-source tool designed for network exploration and security auditing. It’s widely used by security professionals for…

AI Prompts Cheatsheet for Cybersecurity Analysts

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why AI Changes the Game for Cybersecurity Analysis AI tools have revolutionized the way cybersecurity analysts approach threat detection, incident response, and vulnerability management. By…