Cheatsheets

Security Tool Cheatsheet: Nmap

by n8n admin

🛠 Security Tool Cheatsheet

Priya Nair — Cybersecurity Engineer

What is Nmap?

Nmap (Network Mapper) is an open-source tool for network discovery and security auditing. It can be used to discover hosts and services on a computer network, thus creating a ‘map’ of the network.

Installation

To install Nmap, use the following commands based on your operating system:

# For Debian and Ubuntu
sudo apt update && sudo apt install nmap

# For CentOS and Fedora
sudo yum install nmap

# For macOS
brew install nmap

Basic Syntax

The basic command for Nmap is as follows:

nmap [options] [target]

Discovery

Ping Scan

To quickly discover live hosts in a network:

nmap -sn 192.168.1.0/24

This command sends ICMP echo requests to all addresses in the specified subnet.

OS Detection

To determine the operating system of the targets:

nmap -O 192.168.1.1

This uses various techniques to detect the OS.

Scanning

Port Scanning

To scan for open ports on a target:

nmap -p 1-65535 192.168.1.1

This scans all ports from 1 to 65535.

Service Version Detection

To find out more about the services running on open ports:

nmap -sV 192.168.1.1

This command helps in identifying versions of services.

Exploitation

Scripting Engine

Use Nmap scripts to automate various tasks, including detection of vulnerability:

nmap --script=vuln 192.168.1.1

This runs vulnerability scripts against the target.

Analysis

Output Formats

Exporting scan results to XML:

nmap -oX scan.xml 192.168.1.1

This formats the output as XML for further analysis.

Evasion

Stealth Scanning

To evade detection by firewalls and intrusion detection systems:

nmap -sS 192.168.1.1

This is a TCP SYN scan which is less likely to be logged.

Reporting

Summary Reports

Generate a summary report of the scan:

nmap -oN report.txt 192.168.1.1

This creates a human-readable report of the scan results.

Quick Reference Table

Flag Description
-sn Ping Scan
-p Specify ports
-O OS Detection
-sV Service Version Detection
–script Run specified scripts
-oX Output in XML format
-sS TCP SYN Scan

Pro Tips

  • Combine Options: Nmap supports combining flags for more powerful scans, e.g., nmap -sV -O -p- 192.168.1.1 to detect services and OS on all ports.
  • Use Timing Options: Adjust timing templates with -T0 (paranoid) to -T5 (insane).
  • Scan Multiple Targets: Use comma-separated IPs or nmap 192.168.1.1,192.168.1.2.

Real-World Examples

Full Host Scan

Detailed host scan:

nmap -A -p 1-1000 192.168.1.50

Scan a Specific Service

To check for a web server:

nmap -p 80 --script=http-enum 192.168.1.50

Firewall Evasion

To evade detection by firewalls:

nmap -sS --data-length 100 192.168.1.50

Related Posts

Mobile Security Tips for iOS and Android Users

🛠 Security Tool Cheatsheet Nina Kovacs — Offensive Security Specialist Why This Matters In today’s digital world, mobile devices are a treasure trove of personal information, making them a prime target for cybercriminals. Ensuring your…

Nmap Security Tool Cheatsheet

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is Nmap? Nmap (Network Mapper) is a versatile open-source tool used for network discovery and security auditing. It is widely favored by security analysts…