Cheatsheets

Comprehensive Guide to Nmap: The Essential Network Scanning Tool

by n8n admin

🤖 AI Prompts Cheatsheet

Daniel Osei — AI-Assisted Security Engineer

What is Nmap?

Nmap (Network Mapper) is a powerful open-source tool designed for network discovery and security auditing. It is widely used to discover hosts and services on a computer network, thus creating a ‘map’ of the network. Nmap can also be used to identify open ports, running services, operating system details, and security vulnerabilities.

Installation

Nmap can be installed on various operating systems, including Linux, Windows, and macOS. For Linux-based systems, you can generally install it via the package manager. For example:

# On Ubuntu/Debian
sudo apt update
sudo apt install nmap

# On CentOS/RHEL
sudo yum install nmap

# On macOS using Homebrew
brew install nmap

For Windows, download the installer from Nmap’s official site.

Basic Syntax

The basic command structure for using Nmap is as follows:

nmap [options] [target]

Options define the different types of scans and features to use, and the target can be an IP address, hostname, or subnet specification.

Discovery

Discovery scans are used to identify live hosts and services on a network.

Ping Scan

This scan identifies hosts that are online. It sends ICMP echo requests.

nmap -sn 192.168.1.0/24

Service Version Detection

This option attempts to determine the version of services running on open ports.

nmap -sV 192.168.1.1

Scanning

Scanning is used to find open ports and services running on those ports.

TCP Connect Scan

This is a basic scan where Nmap attempts to connect to all specified ports.

nmap -sT 192.168.1.1

Stealth Scan

This scan uses SYN packets to identify open ports without completing the TCP handshake.

nmap -sS 192.168.1.1

Exploitation

Nmap itself does not exploit vulnerabilities but can assist in identifying them.

Using Nmap NSE scripts

Nmap includes a powerful scripting engine (NSE) for exploiting vulnerabilities.

nmap --script=vuln 192.168.1.1

Analysis

Post-scan analysis can be performed using Nmap to assess network security.

OS Detection

This option detects operating system type and version.

nmap -O 192.168.1.1

Evasion

For stealthy operations, Nmap includes options to evade detection.

Fragmentation

Packet fragmentation can help evade intrusion detection systems.

nmap -f 192.168.1.1

Reporting

Nmap provides multiple options for output formats for reporting purposes.

Output to File

You can save the scan results in various formats.

nmap -oN output.txt 192.168.1.1

Quick Reference Table

Flag Description
-sV Service version detection
-sT TCP connect scan
-sS SYN stealth scan
-O OS detection
-f IP packet fragmenting
-oN Output in normal format

Pro Tips

  • Combine Options: You can combine options like -sV and -O for more comprehensive results: nmap -sV -O 192.168.1.1
  • Use Timing Templates: Control speed and stealthiness with timing templates. For example, nmap -T4 192.168.1.0/24 for faster scans.
  • Scan Multiple IPs: Easily scan multiple IP addresses or ranges by separating them with commas or use ranges: nmap 192.168.1.1,192.168.1.5-10

Real-World Examples

1. **Identify all active devices on a subnet:** 

nmap -sn 10.0.0.0/24

2. **Service and OS detection on a target machine:** 

nmap -sS -sV -O 10.0.0.2

3. **Scan multiple subnets:** 

nmap -T4 192.168.1.0/24,192.168.2.0/24

Related Posts

Practical Security Guide for Mobile Devices

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why This Matters As mobile devices become an integral part of our daily lives, ensuring their security is paramount. They hold personal and sensitive information,…

AI Prompts Cheatsheet for Cybersecurity Analysts

🤖 AI Prompts Cheatsheet Priya Nair — Prompt Engineering Expert Why AI Changes the Game for Cybersecurity Analysts In the fast-paced world of cybersecurity, having quick access to information and actionable insights can mean the…