Cheatsheets

Using Nmap for Advanced Network Discovery and Scanning

by n8n admin

🤖 AI Prompts Cheatsheet

Daniel Osei — AI-Assisted Security Engineer

What is Nmap?

Nmap (Network Mapper) is a powerful open-source tool designed for network discovery and security auditing. It is widely used by security analysts and penetration testers to discover hosts and services on a computer network by sending packets and analyzing the responses.

Installation

To install Nmap, you can use the package manager from your terminal:

# On Ubuntu/Debian
sudo apt install nmap

# On CentOS/RHEL
sudo yum install nmap

# On macOS (using Homebrew)
brew install nmap

Basic Syntax

The basic syntax of Nmap is as follows:

nmap [Scan Type(s)] [Options] [Target]

For example: nmap -sS -p 22,80,443 192.168.1.1

Discovery

To discover hosts and services on a network, you can use several Nmap commands.

# Discover Live Hosts
nmap -sn 192.168.1.0/24

# Discover Remote OS
nmap -O 192.168.1.1

Scanning

Nmap allows you to perform different types of scans to gather more detailed information about the target.

# TCP SYN Scan
nmap -sS 192.168.1.1

# TCP Connect Scan
nmap -sT 192.168.1.1

# UDP Scan
nmap -sU -p 53,67,123 192.168.1.1

Exploitation

Nmap can integrate with other tools to assist in exploiting discovered vulnerabilities.

# Export Nmap results to a format suitable for Metasploit
nmap -oG results.gnmap 192.168.1.0/24

# Using Nmap with Metasploit
msfconsole -r <(nmap -oG - 192.168.1.1 | grep -E "open|filtered")

Analysis

Analyzing scan results efficiently can be crucial for identifying security issues.

# Save output in XML format (for later analysis)
nmap -sS -oX scan.xml 192.168.1.1

Evasion

Evasion techniques in Nmap can help avoid detection by security systems.

# Randomizing the scan order
nmap --randomize-hosts 192.168.1.0/24

# Using decoy to hide source address
nmap -D RND:2 192.168.1.1

Reporting

Having properly formatted reports can help communicate findings with stakeholders.

# Output in HTML format
nmap -oX output.xml 192.168.1.1

# Output in normal format
nmap -oN output.txt 192.168.1.1

Quick Reference Table

Flag Description
-sS TCP SYN Scan (stealth scan)
-sT TCP Connect Scan
-sU UDP Scan
-O Enable OS detection
-p Specify ports
-oN Output in normal format
-oX Output in XML format
-sn No port scan (Ping Scan)

Pro Tips

  • Scan Multiple IPs using comma: nmap 192.168.1.1,192.168.1.2
  • Scan a Specific CIDR Notation: nmap 192.168.1.0/30
  • Use Scripting Engine for advanced scripts: nmap --script http-enum 192.168.1.1

Real-World Examples

Here are some practical examples of how Nmap can be used effectively:

  • Identify Open Ports: nmap -p- 192.168.1.1 will scan all 65535 ports on the target.
  • Service Version Detection: nmap -sV 192.168.1.1 will attempt to detect service versions running on open ports.
  • Aggressive Scan: nmap -A 192.168.1.1 performs an aggressive scan, combining OS detection, version detection, and script scanning.

Related Posts

AI Prompts Cheatsheet for Security Analysts

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why AI Changes the Game for Security Analysts AI tools like ChatGPT, Claude, and others can significantly enhance a security analyst’s capabilities. They can automate…

DNSRecon Tool Cheatsheet

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is DNSRecon? DNSRecon is a powerful tool for performing DNS enumeration and reconnaissance. It is essential for security analysts and penetration testers in discovering…