Cheatsheets

Mastering nmap: A Comprehensive Cheatsheet for Network Scanning

by n8n admin

πŸ“± Mobile Security Tips

Nina Kovacs — Consumer Security Analyst

What is nmap?

nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. It is commonly used to discover hosts and services on a computer network, thus creating a ‘map’ of the network. Its wide range of capabilities makes it a go-to for both security professionals and network administrators.

Installation

nmap can be installed on various operating systems including Linux, Windows, and macOS. To install on different systems:

  • Linux: Use your package manager. For Ubuntu: sudo apt install nmap
  • Windows: Download the installer from the official website nmap.org.
  • macOS: Use Homebrew: brew install nmap

Basic Syntax

The basic syntax of nmap is:

nmap [options]

Discovery

Host Discovery

This will help in finding live hosts in the network.

nmap -sn 192.168.1.0/24

Flags Explained:

Flag Description
-sn Ping scan – disable port scanning

ARP Ping Scan

To discover hosts using ARP requests (useful for local networks):

nmap -PR 192.168.1.0/24

Scanning

Service Version Detection

To identify service versions running on open ports:

nmap -sV 192.168.1.1

Flags Explained:

Flag Description
-sV Service/Version detection

Operating System Detection

To detect the OS of a target host:

nmap -O 192.168.1.1

Exploitation

While nmap is not an exploitation tool, its scanning capabilities are often used to prepare for exploitation. Integrate tools like Metasploit with nmap:

msfconsole -r nmap_scan.nmap

Analysis

Output Formats

nmap can output in various formats, useful for automation:

  • XML: nmap -oX output.xml 192.168.1.1
  • Grepable: nmap -oG output.gnmap 192.168.1.1

Evasion

Slow Scan

For evasion against IDS/IPS systems:

nmap -T1 192.168.1.1

Reporting

HTML Output

Generate HTML report for easy readability:

nmap -oX report.xml 192.168.1.1 && xsltproc -o report.html report.xml

Quick Reference Table

Here’s a summarized reference of commonly used flags:

Flag Description
-sP Ping scan (no port scan)
-sV Detect service versions
-O OS detection
-oX Output in XML
-T1 Slow scan

Pro Tips

  • Use nmap --script= to use nmap scripting engine (NSE) for advanced scanning.
  • To prioritize specific hosts in a scan, use -iL with a file of target IPs.

Real-World Examples

Scanning a Specific Port

nmap -p 22 192.168.1.1

Scan for Open Ports and Services

nmap -sS -sV -A 192.168.1.0/24

This scans for TCP SYN, detects service versions, and enables OS detection.

Scan with Timing Options

nmap -T4 -p- 192.168.1.1

T4 is faster but raises the chances of being detected by intrusion detection systems.

Related Posts

AI Prompts Cheatsheet for Cybersecurity Analysts

πŸ“± Mobile Security Tips Nina Kovacs — Consumer Security Analyst Why AI Changes the Game for Cybersecurity Analysts Artificial Intelligence (AI) has revolutionized the way cybersecurity analysts operate by providing tools that enhance threat detection,…

Nmap Security Tool Cheatsheet

πŸ›  Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is Nmap? Nmap (Network Mapper) is a powerful open-source tool designed for network exploration and security auditing. It’s widely used by security professionals for…

Nmap Security Tool Cheatsheet

πŸ“± Mobile Security Tips James Calloway — Mobile Device Management Lead What is Nmap? Nmap (Network Mapper) is a powerful open-source tool used for network discovery and security auditing. It can be used to discover…