Cheatsheets

Nmap Security Tool Cheatsheet

by n8n admin

🤖 AI Prompts Cheatsheet

Daniel Osei — AI-Assisted Security Engineer

What is Nmap?

Nmap (Network Mapper) is a powerful open-source tool for network exploration and security auditing. It can discover hosts and services on a computer network, thus creating a ‘map’ of the network. Nmap is widely used by network administrators for tracking and managing network systems and by penetration testers and security analysts for evaluating network security.

Installation

Nmap can be installed on various platforms. Here are simple installation instructions:

  • For Windows: Download the installer from the official Nmap site.
  • For macOS: Use Homebrew by running brew install nmap.
  • For Linux: Use your package manager, for example: sudo apt-get install nmap.

Basic Syntax

nmap [options] [target]

Discovery

Nmap is commonly used for network discovery. Here are essential commands:

nmap -sn 192.168.1.0/24

This performs a ping scan of the subnet and lists all active hosts.

Scanning

Scanning includes port and service discovery:

nmap -sS -p 1-65535 -T4 192.168.1.1

The above command runs a SYN scan on all ports with a faster timing template.

Exploitation

Nmap is not directly an exploitation tool, but it can be used to gather information:

nmap -A -p 22,80,443 192.168.1.1

This command enables OS detection, service version detection, and script scanning on specified ports.

Analysis

Use the following for detailed analysis:

nmap -O -sV 192.168.1.1

In this command, -O enables OS detection while -sV performs service version detection.

Evasion

For evading detection, use the following:

nmap -D RND:5 192.168.1.1

This command runs a decoy scan using random decoys.

Reporting

Logging your scans is crucial for reporting:

nmap -oA myscan 192.168.1.1

The -oA option outputs to all available formats: XML, grepable, and normal.

Quick Reference Table

Flag Description
-sS SYN scan (stealth scan)
-O OS detection
-sV Service version detection
-A Aggressive scanning (OS + versions + scripts)
-oA Output to all formats

Pro Tips

  • Combine options to narrow down your scans, e.g., nmap -sS -p 1-1024 -T4 192.168.1.0/24 for fast scanning.
  • Use -Pn option if targeting a network that may have ping blocked: nmap -Pn 192.168.1.1.
  • Explore Nmap scripts with nmap --script-help.

Real-World Examples

Performing Nmap scans can provide invaluable data to security assessments. Here are real-world examples:

  • Scanning a corporate network: nmap -sS -A 10.0.0.0/24 which reveals all active hosts.
  • Identifying open ports on a target: nmap -p 22,80 -T4 192.168.1.5.

Related Posts

AI Prompts Cheatsheet for Cybersecurity Analysts

🤖 AI Prompts Cheatsheet Daniel Osei — AI-Assisted Security Engineer Why AI Changes the Game for Cybersecurity Analysts AI tools like ChatGPT and Claude are revolutionizing the way cybersecurity analysts operate, allowing for faster analysis,…