🛠Security Tool Cheatsheet
Alex Morgan — Senior Penetration Tester
What is Nmap?
Nmap (Network Mapper) is an open-source security tool designed for network discovery and security auditing. It is widely used for scanning and examining hosts to identify active devices, running services, and potential vulnerabilities.
Installation
Nmap can be installed on various operating systems. For example:
- Linux: Use package managers like
sudo apt install nmaporsudo yum install nmap. - macOS: Use Homebrew:
brew install nmap. - Windows: Download the installer from the official Nmap website.
Basic Syntax
The basic syntax for Nmap is:
nmap [options] [targets]
Discovery
Scan for Active Hosts
To discover live hosts in a subnet:
nmap -sn 192.168.1.0/24
Scan with Hostnames
Finding devices by DNS name:
nmap -sL 192.168.1.0/24
Scanning
Service Version Detection
To detect versions of services running on open ports:
nmap -sV 192.168.1.1
Operating System Detection
Identify the operating system of a host:
nmap -O 192.168.1.1
Exploitation
Scan for Vulnerabilities
Using a vulnerability script:
nmap --script=vuln 192.168.1.1
Analysis
Output Formats
Export results in various formats:
nmap -oA scan_results 192.168.1.1
Evasion
Stealthy Scan
Using SYN scan to avoid detection:
nmap -sS 192.168.1.1
Fragmented Packets
To evade firewalls:
nmap -f 192.168.1.1
Reporting
Generate Comprehensive Reports
Generate a detailed report:
nmap -oN detailed_report.txt 192.168.1.1
Quick Reference Table
| Flag | Description |
|---|---|
| -sP | Ping scan (no port scanning) |
| -sV | Service version detection |
| -O | OS detection |
| -p | Specify ports to scan |
Pro Tips
- Use
nmap -sS -p-to scan all ports stealthily. - Utilize the
--reasonflag to understand why ports are open or closed.
Real-World Examples
Consider Nmap’s effectiveness in real scenarios, such as:
- Identifying exposed services in a network assessment.
- Mapping out an organization’s assets for risk analysis.
- Utilizing scripting capabilities to automate vulnerability detection.