Cheatsheets

Nmap Cheatsheet for Security Professionals

by n8n admin

๐Ÿ›  Security Tool Cheatsheet

Mike Torres — Red Team Operator

What is Nmap?

Nmap (Network Mapper) is an open-source tool used for network exploration and security auditing. Itโ€™s widely used by network administrators for tasks like network inventory, managing service upgrade schedules, and monitoring host or service uptime. In penetration testing, Nmap is often used for reconnaissance to identify live hosts, open ports, and services running on those ports.

Installation

Nmap can be installed on various operating systems. Below are instructions for different platforms:

  • Linux: Use your package manager (e.g., sudo apt install nmap on Ubuntu).
  • MacOS: Install via Homebrew with brew install nmap.
  • Windows: Download the installer from the official Nmap website.

Basic Syntax

The basic syntax for running Nmap is:

nmap [options] {target}

Discovery

Nmap is widely used for network discovery to enumerate devices, services, and versions.

Ping Scan

To discover live hosts:

nmap -sn 192.168.1.0/24

Service Version Detection

To determine service versions running on hosts:

nmap -sV 192.168.1.1

Scanning

Scanning allows you to actively probe ports for open services.

TCP Connect Scan

Use this to initiate a full TCP connection to services:

nmap -sT 192.168.1.0/24

Stealth SYN Scan

Commonly used for evading firewalls:

nmap -sS 192.168.1.0/24

Exploitation

Nmap can help identify vulnerabilities that might be exploitable.

Operating System Detection

To find the OS of the target:

nmap -O 192.168.1.1

Analysis

Nmap provides detailed information about target hosts.

Service and OS Detection

nmap -A 192.168.1.1

Evasion

Use evasive techniques to avoid detection during scans.

Fragmenting Packets

To evade IDS systems:

nmap -f 192.168.1.0/24

Using Decoy Scans

To obfuscate your real IP:

nmap -D RND:10 192.168.1.1

Reporting

Outputting results in various formats can assist in documentation.

XML Output for Parsing

nmap -oX results.xml 192.168.1.1

Grepable Output

nmap -oG results.gnmap 192.168.1.0/24

Quick Reference Table

Flag Description
-p Specify port range
-Pn Skip ping test
-sS Stealth SYN scan
-sV Service version detection
-A OS and service detection

Pro Tips

  • Use Nmap Scripting Engine (NSE): To automate tasks with scripts. For example, nmap --script vuln 192.168.1.1 scans for vulnerabilities.
  • Combine options: nmap -sS -sV -A 192.168.1.1 gives you service info and OS detection in one scan.
  • Time your scans: Use the -T flag for timing templates. Example: -T4 for faster scans.

Real-World Examples

Example 1: To scan a single domain with service detection:

nmap -sV scanme.nmap.org

Example 2: Performing a stealth scan on multiple IPs:

nmap -sS 192.168.1.1-10

Example 3: Saving detailed output to XML:

nmap -A -oX scan_results.xml 192.168.1.1

Related Posts

OpenVAS Security Tool Cheatsheet

๐Ÿ›  Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is OpenVAS? OpenVAS (Open Vulnerability Assessment System) is a powerful open-source vulnerability scanning tool that allows security professionals to perform comprehensive assessments of their…

AI Prompts Cheatsheet for Cybersecurity Analysts

๐Ÿ›  Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why AI Changes the Game for Cybersecurity Analysis AI tools have revolutionized the way cybersecurity analysts approach threat detection, incident response, and vulnerability management. By…