🤖 AI Prompts Cheatsheet
Daniel Osei — AI-Assisted Security Engineer
What is Nmap?
Nmap (Network Mapper) is a powerful open-source tool designed for network discovery and security auditing. It is widely used to discover hosts and services on a computer network, thus creating a ‘map’ of the network. Nmap can also be used to identify open ports, running services, operating system details, and security vulnerabilities.
Installation
Nmap can be installed on various operating systems, including Linux, Windows, and macOS. For Linux-based systems, you can generally install it via the package manager. For example:
# On Ubuntu/Debian
sudo apt update
sudo apt install nmap
# On CentOS/RHEL
sudo yum install nmap
# On macOS using Homebrew
brew install nmap
For Windows, download the installer from Nmap’s official site.
Basic Syntax
The basic command structure for using Nmap is as follows:
nmap [options] [target]
Options define the different types of scans and features to use, and the target can be an IP address, hostname, or subnet specification.
Discovery
Discovery scans are used to identify live hosts and services on a network.
Ping Scan
This scan identifies hosts that are online. It sends ICMP echo requests.
nmap -sn 192.168.1.0/24
Service Version Detection
This option attempts to determine the version of services running on open ports.
nmap -sV 192.168.1.1
Scanning
Scanning is used to find open ports and services running on those ports.
TCP Connect Scan
This is a basic scan where Nmap attempts to connect to all specified ports.
nmap -sT 192.168.1.1
Stealth Scan
This scan uses SYN packets to identify open ports without completing the TCP handshake.
nmap -sS 192.168.1.1
Exploitation
Nmap itself does not exploit vulnerabilities but can assist in identifying them.
Using Nmap NSE scripts
Nmap includes a powerful scripting engine (NSE) for exploiting vulnerabilities.
nmap --script=vuln 192.168.1.1
Analysis
Post-scan analysis can be performed using Nmap to assess network security.
OS Detection
This option detects operating system type and version.
nmap -O 192.168.1.1
Evasion
For stealthy operations, Nmap includes options to evade detection.
Fragmentation
Packet fragmentation can help evade intrusion detection systems.
nmap -f 192.168.1.1
Reporting
Nmap provides multiple options for output formats for reporting purposes.
Output to File
You can save the scan results in various formats.
nmap -oN output.txt 192.168.1.1
Quick Reference Table
| Flag | Description |
|---|---|
| -sV | Service version detection |
| -sT | TCP connect scan |
| -sS | SYN stealth scan |
| -O | OS detection |
| -f | IP packet fragmenting |
| -oN | Output in normal format |
Pro Tips
- Combine Options: You can combine options like -sV and -O for more comprehensive results:
nmap -sV -O 192.168.1.1 - Use Timing Templates: Control speed and stealthiness with timing templates. For example,
nmap -T4 192.168.1.0/24for faster scans. - Scan Multiple IPs: Easily scan multiple IP addresses or ranges by separating them with commas or use ranges:
nmap 192.168.1.1,192.168.1.5-10
Real-World Examples
1. **Identify all active devices on a subnet:**
nmap -sn 10.0.0.0/24
2. **Service and OS detection on a target machine:**
nmap -sS -sV -O 10.0.0.2
3. **Scan multiple subnets:**
nmap -T4 192.168.1.0/24,192.168.2.0/24