Cheatsheets

Nmap Security Tool Cheatsheet

by n8n admin

🛠 Security Tool Cheatsheet

Alex Morgan — Senior Penetration Tester

What is Nmap?

Nmap (Network Mapper) is a versatile open-source tool used for network discovery and security auditing. It is widely favored by security analysts and penetration testers for its powerful scanning capabilities.

Installation

Nmap can be installed easily on various operating systems. Below are the commands for installation:

  • Linux (Debian-based): sudo apt-get install nmap
  • Linux (RPM-based): sudo yum install nmap
  • macOS: brew install nmap
  • Windows: Download and run the installer from the official Nmap site.

Basic Syntax

The basic command structure of Nmap is:

nmap [options] [target]

Discovery

Nmap can be utilized for discovering hosts and services on a network.

  • Ping Scan: nmap -sn 192.168.1.0/24 – This will identify live hosts in the subnet.

Scanning

Scanning networks can reveal open ports and services running on machines.

  • Full TCP Scan: nmap -sS -p 1-65535 192.168.1.1 – Conducts a SYN scan on all ports of the specified IP.
  • Service Version Detection: nmap -sV 192.168.1.1 – Detects service versions running on open ports.

Exploitation

Nmap can also assist in identifying vulnerabilities.

  • OS Detection: nmap -O 192.168.1.1 – Attempts to identify the operating system and hardware characteristics.

Analysis

Nmap provides detailed output that can be analyzed further.

  • Output to XML: nmap -oX scan.xml 192.168.1.1 – Exports the scan results in XML format for reporting.

Evasion

Leverage Nmap to avoid detection from firewalls or intrusion detection systems.

  • Decoy Scan: nmap -D RND:10 192.168.1.1 – Implements decoy IPs to make tracing the scan back to the source harder.

Reporting

Documenting scans is essential for audits and reporting.

  • Grepable Output: nmap -oG report.txt 192.168.1.1 – Offers output that can be easily parsed by other tools.

Quick Reference Table

Flag Description
-sS TCP SYN scan
-sn Ping scan to discover hosts
-sV Service version detection
-O Operating system detection
-oX Output results in XML
-D Decoy scan for evasion

Pro Tips

  • Use -T4 for faster scans.
  • If scanning a large network, use a faster timing template with -T5, but be cautious as it may trigger detection systems.
  • Combine scans by using multiple flags for comprehensive results: nmap -sS -O -sV 192.168.1.1.
  • Employ the --script option to leverage Nmap scripts for more advanced scanning techniques.

Real-World Examples

Here are some practical examples of using Nmap:

  • To scan a subnet quickly: nmap -sP 192.168.0.0/24.
  • To check for open HTTP ports and versions on a remote host: nmap -p 80,443 -sV 192.168.1.1.
  • For detailed service enumeration: nmap -sV -sC 192.168.1.1.

Related Posts

Using ChatGPT for Threat Intelligence Analysis

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why AI Changes the Game for Threat Intelligence Analysis Threat intelligence analysis involves collecting, analyzing, and interpreting data about potential threats to inform decisions about…

Practical Security Tool Cheatsheet: Nmap

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is Nmap? Nmap (Network Mapper) is an open-source tool used for network exploration and security auditing. It is widely utilized by security professionals and…