Nmap Security Tool Cheatsheet

🛠 Security Tool Cheatsheet

Alex Morgan — Senior Penetration Tester

What is Nmap?

Nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. It can be used to discover hosts and services on a computer network, thus providing a comprehensive map of the network.

Installation

Nmap can be installed on various operating systems. For example, on Ubuntu, you can install it using:

sudo apt install nmap

For Windows, you can download the installer from the official Nmap website.

Basic Syntax

The basic syntax of Nmap is:

nmap [options] target

Where target can be a single IP address, a CIDR block, or a hostname.

Discovery

Ping Scan

To quickly discover live hosts:

nmap -sn 192.168.1.0/24

Service Version Detection

Find out service versions running on open ports:

nmap -sV 192.168.1.1

Scanning

TCP SYN Scan

Perform a stealth SYN scan to identify open ports:

nmap -sS 192.168.1.1

All TCP Ports

Scan all TCP ports:

nmap -p- 192.168.1.1

Exploitation

OS Detection

Determine operating system details:

nmap -O 192.168.1.1

Script Scanning

Use Nmap scripts for specific testing:

nmap --script vuln 192.168.1.1

Analysis

Aggressive Scan

Provides extensive information including OS detection and service versions:

nmap -A 192.168.1.1

Evasion

Timing Options

Control the timing to avoid detection:

nmap -T0 192.168.1.1

Reporting

Output Formats

Output results to XML, grepable, or normal formats:

nmap -oA output 192.168.1.1

Quick Reference Table

Flag	Description
-sS	SYN Scan
-sP	Ping Scan
-p	Specify ports
-oA	Output in all formats
-O	OS Detection

Pro Tips

Combine multiple flags for more detailed scans, e.g., nmap -sS -O -p- 192.168.1.1.
Consider using Nmap’s GUI frontend, Zenmap, for ease of use and visualization.
Regularly update Nmap to ensure you’re using the most recent scripts and features.

Real-World Examples

1. Basic Network Inventory:

nmap -sP 10.0.0.0/24

2. Identifying vulnerabilities with scripts:

nmap --script http-vuln-cve2010-2861 192.168.1.1

3. Outputting results for later analysis:

nmap -oN myscan.txt 192.168.1.1

Nmap Security Tool Cheatsheet

What is Nmap?

Installation

Basic Syntax

Discovery

Ping Scan

Service Version Detection

Scanning

TCP SYN Scan

All TCP Ports

Exploitation

OS Detection

Script Scanning

Analysis

Aggressive Scan

Evasion

Timing Options

Reporting

Output Formats

Quick Reference Table

Pro Tips

Real-World Examples

Categories

Recent Posts

What is Nmap?

Installation

Basic Syntax

Discovery

Ping Scan

Service Version Detection

Scanning

TCP SYN Scan

All TCP Ports

Exploitation

OS Detection

Script Scanning

Analysis

Aggressive Scan

Evasion

Timing Options

Reporting

Output Formats

Quick Reference Table

Pro Tips

Real-World Examples

Related Posts

Burp Suite: Security Tool Cheatsheet for Penetration Testing

Nmap Security Tool Cheatsheet

Comprehensive Nmap Cheatsheet for Security Analysts and Penetration Testers