Cheatsheets

Practical Security Tool Cheatsheet: Nmap

by n8n admin

🛠 Security Tool Cheatsheet

Alex Morgan — Senior Penetration Tester

What is Nmap?

Nmap (Network Mapper) is an open-source tool used for network exploration and security auditing. It is widely utilized by security professionals and penetration testers to discover hosts and services on a computer network, thus creating a ‘map’ of the network.

Installation

Nmap is available for various platforms including Windows, Linux, and MacOS. Follow these instructions to install Nmap:

  • Linux: Use the package manager. For Debian/Ubuntu: sudo apt install nmap
  • Windows: Download the installer from the official site.
  • MacOS: Install via Homebrew: brew install nmap

Basic Syntax

The basic command structure of Nmap is as follows:

nmap [options] [target]

Where options control the behavior of Nmap and the target can be a single IP, a range, or a hostname.

Discovery

Ping Scan

To check if a host is up without performing a port scan:

nmap -sn 192.168.1.1

Discover Live Hosts on a Subnet

To find all live hosts in a subnet:

nmap -sn 192.168.1.0/24

Scanning

Service Detection

To detect service versions running on open ports:

nmap -sV 192.168.1.1

Operating System Detection

To identify the OS of a host:

nmap -O 192.168.1.1

Exploitation

Nmap Scripting Engine (NSE)

To run targeted scripts against services:

nmap --script 192.168.1.1

Analysis

XML Output

To save scan results in an XML file:

nmap -oX output.xml 192.168.1.1

Evasion

Stealth Scan

This scan avoids common detection mechanisms:

nmap -sS 192.168.1.1

Reporting

Saving Human-Readable Output

To save output in a human-readable format:

nmap -oN output.txt 192.168.1.1

Quick Reference Table

Flag Description
-sP Ping scan (no port scan)
-sV Service version detection
-O OS detection
-oX XML output
-oN Human-readable output

Pro Tips

  • Utilize nmap -Pn to skip host discovery if you know your targets are live but may not respond to pings.
  • Use nmap -T4 to speed up the scan process, especially for larger networks.
  • Leverage custom scripts with the Nmap Scripting Engine (NSE) for vulnerability assessments.

Real-World Examples

Here are examples of practical Nmap usage in real-world scenarios:

Example 1: Assessing a Web Server

To scan a web server and identify services:

nmap -sV -p 80,443 192.168.1.10

Example 2: Scanning a Range of IPs

To analyze multiple IPs for any open ports:

nmap -p- 192.168.1.1-50

Related Posts

Essential Security Settings for Mobile Devices

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why This Matters In today’s digital world, mobile devices serve as central hubs for our personal and professional lives. Given the sensitive information stored on…

Using ChatGPT for Threat Intelligence Analysis

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why AI Changes the Game for Threat Intelligence Analysis Threat intelligence analysis involves collecting, analyzing, and interpreting data about potential threats to inform decisions about…

Nmap Security Tool Cheatsheet

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is Nmap? Nmap (Network Mapper) is a versatile open-source tool used for network discovery and security auditing. It is widely favored by security analysts…