Cheatsheets

Comprehensive Nmap Security Tool Cheatsheet for SOC Analysts and Pentesters

by n8n admin

๐Ÿค– AI Prompts Cheatsheet

Daniel Osei — AI-Assisted Security Engineer

What is Nmap?

Nmap (Network Mapper) is an open-source tool for network exploration and security auditing. It is widely used by network admins and penetration testers to discover hosts and services on a computer network, thus creating a โ€˜mapโ€™ of the network. Its versatility makes it a daily use tool for professionals involved in cybersecurity.

Installation

To install Nmap, you can use the package manager for your operating system:

  • Debian/Ubuntu: sudo apt install nmap
  • Fedora: sudo dnf install nmap
  • macOS: brew install nmap
  • Windows: Download the installer from the Nmap official website.

Basic Syntax

The basic syntax of Nmap is:

nmap [options] [target]

Network Discovery

Nmap is often used for discovering live hosts and their IP addresses on a given network:

nmap -sn 192.168.1.0/24

This command performs a ping sweep that identifies which hosts are up on the specified subnet.

Port Scanning

Nmap can be used to discover open ports on a target:

nmap -p 1-65535 -T4 -A -v

This command scans all ports (1-65535) quickly with service version detection, OS detection, and traceroute enabled.

Service Version Detection

To obtain version info about services running on open ports:

nmap -sV -p

This command checks the specified port on the target IP for the version of any service running there.

Operating System Detection

To identify the operating system of a target:

nmap -O

Vulnerability Scanning

To use Nmap for vulnerability scanning, you can use the nse (Nmap Scripting Engine):

nmap --script=vuln

Quick Reference Table

Flag Description
-sn Ping scan, does not port scan.
-p Specifies ports to scan.
-sV Service/version detection.
-O Operating system detection.
-A Enables OS detection, version detection, script scanning, and traceroute.

Pro Tips

  • Scan Multiple Targets: To scan multiple targets (IP ranges or lists), use nmap -p 80,443 192.168.1.1 192.168.1.2.
  • Save Scan Results: To save results to a file, you can use -oN filename.txt (normal format).
  • Include Script Scans: Nmap has powerful scripts available that can enhance your scans. Explore using --script for specific tasks.

Real-World Examples

  • Full Scan of a Host: 
    nmap -sS -sV -A -O
  • Scan a Specific Range: 
    nmap -p 21,22,80,443 192.168.1.0/24
  • Scan a Server with a Specific Script: 
    nmap --script=http-vuln*

Related Posts

Nmap Security Tool Cheatsheet

๐Ÿ›  Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is Nmap? Nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. It can be used to discover hosts and…