Cheatsheets

Using Nmap for Advanced Network Discovery and Scanning

by n8n admin

🤖 AI Prompts Cheatsheet

Daniel Osei — AI-Assisted Security Engineer

What is Nmap?

Nmap (Network Mapper) is a powerful open-source tool designed for network discovery and security auditing. It is widely used by security analysts and penetration testers to discover hosts and services on a computer network by sending packets and analyzing the responses.

Installation

To install Nmap, you can use the package manager from your terminal:

# On Ubuntu/Debian
sudo apt install nmap

# On CentOS/RHEL
sudo yum install nmap

# On macOS (using Homebrew)
brew install nmap

Basic Syntax

The basic syntax of Nmap is as follows:

nmap [Scan Type(s)] [Options] [Target]

For example: nmap -sS -p 22,80,443 192.168.1.1

Discovery

To discover hosts and services on a network, you can use several Nmap commands.

# Discover Live Hosts
nmap -sn 192.168.1.0/24

# Discover Remote OS
nmap -O 192.168.1.1

Scanning

Nmap allows you to perform different types of scans to gather more detailed information about the target.

# TCP SYN Scan
nmap -sS 192.168.1.1

# TCP Connect Scan
nmap -sT 192.168.1.1

# UDP Scan
nmap -sU -p 53,67,123 192.168.1.1

Exploitation

Nmap can integrate with other tools to assist in exploiting discovered vulnerabilities.

# Export Nmap results to a format suitable for Metasploit
nmap -oG results.gnmap 192.168.1.0/24

# Using Nmap with Metasploit
msfconsole -r <(nmap -oG - 192.168.1.1 | grep -E "open|filtered")

Analysis

Analyzing scan results efficiently can be crucial for identifying security issues.

# Save output in XML format (for later analysis)
nmap -sS -oX scan.xml 192.168.1.1

Evasion

Evasion techniques in Nmap can help avoid detection by security systems.

# Randomizing the scan order
nmap --randomize-hosts 192.168.1.0/24

# Using decoy to hide source address
nmap -D RND:2 192.168.1.1

Reporting

Having properly formatted reports can help communicate findings with stakeholders.

# Output in HTML format
nmap -oX output.xml 192.168.1.1

# Output in normal format
nmap -oN output.txt 192.168.1.1

Quick Reference Table

Flag Description
-sS TCP SYN Scan (stealth scan)
-sT TCP Connect Scan
-sU UDP Scan
-O Enable OS detection
-p Specify ports
-oN Output in normal format
-oX Output in XML format
-sn No port scan (Ping Scan)

Pro Tips

  • Scan Multiple IPs using comma: nmap 192.168.1.1,192.168.1.2
  • Scan a Specific CIDR Notation: nmap 192.168.1.0/30
  • Use Scripting Engine for advanced scripts: nmap --script http-enum 192.168.1.1

Real-World Examples

Here are some practical examples of how Nmap can be used effectively:

  • Identify Open Ports: nmap -p- 192.168.1.1 will scan all 65535 ports on the target.
  • Service Version Detection: nmap -sV 192.168.1.1 will attempt to detect service versions running on open ports.
  • Aggressive Scan: nmap -A 192.168.1.1 performs an aggressive scan, combining OS detection, version detection, and script scanning.

Related Posts

Security Cheatsheet

📱 Mobile Security Tips Nina Kovacs — Consumer Security Analyst { “title”: “Essential Security Tool Cheatsheet for Nmap”, “content”: “ What is Nmap? Nmap (Network Mapper) is an open-source network scanning tool used for network…

Using ChatGPT for Threat Intelligence Analysis

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why AI Changes the Game for Threat Intelligence Analysis Threat intelligence analysis involves collecting, analyzing, and interpreting data about potential threats to inform decisions about…

Practical Security Guide for Mobile Devices

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why This Matters As mobile devices become an integral part of our daily lives, ensuring their security is paramount. They hold personal and sensitive information,…