Cheatsheets

Security Cheatsheet

by n8n admin

πŸ€– AI Prompts Cheatsheet

Daniel Osei — AI-Assisted Security Engineer

{
“title”: “Comprehensive Nmap Cheatsheet for Security Analysts”,
“content”: “

What is Nmap?

Nmap (Network Mapper) is a powerful open-source tool used for network discovery and security auditing. It’s widely used by security professionals for discovering hosts and services on a network, identifying potential vulnerabilities, and performing various types of network attacks.

Installation

You can install Nmap on various platforms. Here are the instructions:

  1. Linux: Most distributions include Nmap in their repositories. Use sudo apt install nmap for Debian-based systems or sudo dnf install nmap for Fedora.
  2. Windows: Download the installer from the official Nmap website.
  3. macOS: Use Homebrew with brew install nmap.

Basic Syntax

The basic syntax for using Nmap is as follows:

nmap [options]

Discovery

Nmap is often used for network discovery to identify live hosts and their IP addresses.

nmap -sn

Use the above command to perform a ping scan to check which hosts are up without scanning ports. Replace with an IP address or range.

Scanning

This section covers various scanning techniques.

TCP Scan

nmap -sT

This performs a TCP connect scan; it’s the default scan method.

Stealth Scan

nmap -sS

The SYN scan (or stealth scan) is less detectable, as it doesn’t complete TCP handshakes.

Service Version Detection

nmap -sV

This collects service version information along with port scan results.

Exploitation

While Nmap itself is not an exploitation tool, it can aid in identifying vulnerabilities.

  • Use the -A flag to enable OS detection, version detection, script scanning, and traceroute:
    • nmap -A

Analysis

Nmap can generate various output formats for analysis.

XML Output

nmap -oX scan.xml

This command saves the scan results in XML format.

Grepable Output

nmap -oG scan.gnmap

Use this for output that is easy to parse with grep and other tools.

Evasion

To bypass firewall rules or IDS, use Nmap’s evasion tactics.

Fragmented Packets

nmap -f

This sends fragmented packets to evade detection.

Decoy Scan

nmap -D RND:10

Here, -D option randomizes decoy IPs to hide the actual source of the scan.

Reporting

For reporting, proper presentation of the results is crucial.

Text Output

nmap -oN scan.txt

This command saves the results in a basic text file.

Quick Reference Table

Flag Description
-sn Ping Scan
-sT TCP Connect Scan
-sS SYN Scan
-sV Service Version Detection
-A Aggressive Scan (OS Detection, etc.)
-oX Output in XML format
-f Send fragmented packets
-D Decoy IPs
-oN Output in normal format

Pro Tips

  • Use –script to run specific scripts from the Nmap Scripting Engine (NSE) for vulnerability detection.
    • nmap --script vuln
  • Utilize the -p flag to specify particular ports to scan:
    • nmap -p 80,443
  • Combine multiple options to refine scans based on specific needs, e.g., nmap -sS -sV -oN results.txt .

Real-World Examples

  • Identify Live Hosts (Ping Scan): 
    nmap -sn 192.168.1.0/24
  • Check Open Ports & Services on a Web Server: 
    nmap -sS -sV -p 80,443 192.168.1.10
  • Detection

Related Posts

DNSRecon Tool Cheatsheet

πŸ›  Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is DNSRecon? DNSRecon is a powerful tool for performing DNS enumeration and reconnaissance. It is essential for security analysts and penetration testers in discovering…