Cheatsheets

Nmap Security Tool Cheatsheet

by n8n admin

🛠 Security Tool Cheatsheet

Alex Morgan — Senior Penetration Tester

What is Nmap?

Nmap (Network Mapper) is an open-source tool for network exploration and security auditing. It is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap is widely used by network administrators and security professionals for its versatility, speed, and capability to perform complex scans.

Installation

Nmap can be installed on various operating systems. Here are the instructions for the most common platforms:

  • Windows: Download the installer from nmap.org and follow the installation wizard.
  • Linux: Use the package manager. For example, on Ubuntu:
    • sudo apt-get install nmap
  • macOS: Use Homebrew:
    • brew install nmap

Basic Syntax

The basic syntax for using Nmap is:

nmap [options] [targets]

Where [options] are the flags you provide to customize the scan, and [targets] is the target IP address or range.

Discovery

Simple Ping Scan

nmap -sn 192.168.1.0/24

This command performs a ping scan to discover active hosts in the subnet.

Service Version Detection

nmap -sV 192.168.1.1

Detects versions of services running on discovered hosts.

Scanning

Port Scan

nmap -p 1-65535 192.168.1.1

This scans all TCP ports from 1 to 65535.

TCP SYN Scan (Stealth Scan)

nmap -sS 192.168.1.1

This is a stealth scan that sends SYN packets. Useful for avoiding detection.

Exploitation

Script Scan

nmap --script=vuln 192.168.1.1

Runs vulnerability scripts against the target IP.

Analysis

Output Formats

nmap -oA output 192.168.1.1

This saves the scan results in all formats (XML, grepable, normal) with a base filename output.

Evasion

Fragmentation

nmap -f 192.168.1.1

This command fragments packets to evade detection by IDS/IPS.

Reporting

Verbose Output

nmap -v 192.168.1.1

Provides a verbose output, useful for detailed analysis.

Quick Reference Table

Flag Description
-sn Ping scan, skip port scan
-sV Service version detection
-p Specify port range
-sS TCP SYN scan
–script Specify Nmap scripts to run
-oA Save output in all formats
-f Fragment packets
-v Verbose output

Pro Tips

  • Use -T4 for faster scans without losing accuracy.
  • Combine Nmap with grep to filter results (e.g., nmap 192.168.1.1 | grep 'open' for open ports).
  • Using –source-port can help bypass firewall rules if specific ports are allowed.
  • Remember to check for IP spoofing techniques to avoid detection while scanning.

Real-World Examples

Scanning a Subnet

nmap -sP 192.168.1.0/24

Identifying Services

nmap -sV -p 22,80,443 192.168.1.1

Vulnerability Scanning

nmap --script=vuln 192.168.1.1

Related Posts

AI Prompts Cheatsheet for Cybersecurity Analysts

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why AI Changes the Game for Cybersecurity Analysis AI tools have revolutionized the way cybersecurity analysts approach threat detection, incident response, and vulnerability management. By…

Security Cheatsheet

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester { “title”: “Comprehensive Guide to Nmap for Security Analysts”, “content”: “ What is Nmap? Nmap (Network Mapper) is an open-source network scanning tool widely used…