Cheatsheets

Nmap Security Tool Cheatsheet

by n8n admin

🛠 Security Tool Cheatsheet

Alex Morgan — Senior Penetration Tester

What is Nmap?

Nmap, short for Network Mapper, is an open-source tool used for network discovery and security auditing. It is widely utilized for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Installation

Nmap can be installed on various operating systems including Linux, Windows, and macOS. The following commands illustrate how to install Nmap on different platforms:

# On Debian/Ubuntu:
sudo apt install nmap

# On CentOS:
sudo yum install nmap

# On macOS (using Homebrew):
brew install nmap

# On Windows:
Download the installer from the official Nmap website

Basic Syntax

The basic syntax of Nmap is as follows:

nmap [options] {target}

Discovery

Discovery scans help identify live hosts and services on the network.

nmap -sn 192.168.1.0/24

This command performs a ping scan to discover live hosts in the subnet 192.168.1.0/24.

Scanning

Scanning provides detailed information about the ports and services running on the host.

nmap -sS -sV -p 1-65535 192.168.1.10

This command performs a stealth SYN scan with service version detection for all ports on the target.

Exploitation

Exploitation scans help identify vulnerabilities that can be exploited.

nmap –script vuln 192.168.1.10

This uses Nmap scripts to automatically check for known vulnerabilities on the target.

Analysis

Analysis tools provide additional information to assist in security assessments.

nmap -oA scan_output 192.168.1.10

This saves the results in three formats (normal, XML, and grepable) for later analysis.

Evasion

Evasion techniques help avoid detection by firewalls and intrusion detection systems.

nmap -D RND:5 -sS 192.168.1.10

This command utilizes decoy scanning, making it harder for the target to detect the scanning source.

Reporting

Reporting options help generate readable scan reports.

nmap -oN report.txt 192.168.1.10

This saves the scan results in a simple plain-text report.

Quick Reference Table

Flag Description
-sn Ping scan (no port scan)
-sS SYN scan
-sV Service version detection
-p Specify port range
–script Run Nmap scripts

Pro Tips

  • Use the -T option: Adjust timing templates (0-5) if scans are being detected or slowing your scan.
  • Save your scan results: Regularly output results to files using -oA or -oN to maintain a history.
  • Combine scripts: To run multiple scripts efficiently, combine them with commas (e.g., –script=safe,discovery).

Real-World Examples

1. To quickly scan for live hosts, use:

nmap -sn 10.0.0.0/24

2. For a full TCP connect scan, run:

nmap -sT 10.0.0.10

3. For service enumeration on a specific host:

nmap -sV -p22,80,443 10.0.0.10

Related Posts

Nmap Security Tool Cheatsheet

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is Nmap? Nmap (Network Mapper) is a versatile open-source tool used for network discovery and security auditing. It is widely favored by security analysts…