Cheatsheets

Comprehensive Nmap Cheatsheet for Security Professionals

by n8n admin

🤖 AI Prompts Cheatsheet

Daniel Osei — AI-Assisted Security Engineer

What is Nmap?

Nmap (Network Mapper) is a powerful open-source tool for network discovery and security auditing. It is used by security analysts and penetration testers to discover hosts and services on a computer network, thus creating a ‘map’ of the network.

Installation

Nmap can be installed on various operating systems. Below are the instructions for some common platforms:

  • Linux (Debian/Ubuntu): sudo apt install nmap
  • Linux (CentOS/Fedora): sudo yum install nmap
  • Windows: Download and run the installer from the official Nmap website.
  • macOS: Use Homebrew: brew install nmap

Basic Syntax

The basic syntax for running Nmap is:

nmap [options] [targets]

Discovery

Use Nmap for discovering hosts and services:

Ping Scan

To quickly discover active hosts:

nmap -sn 192.168.1.0/24

Service Version Detection

Detect service versions running on open ports:

nmap -sV 192.168.1.1

Scanning

Options for in-depth scanning:

TCP Connect Scan

Use TCP connect to identify listening services:

nmap -sT 192.168.1.1

Stealth SYN Scan

A quicker and less detectable option:

nmap -sS 192.168.1.1

Exploitation

Exploitation phase tips:

OS Detection

To identify the operating system being used:

nmap -O 192.168.1.1

Analysis

Post-scanning analysis:

Verbose Output

To get detailed output:

nmap -v 192.168.1.1

Output to File

Save results for later analysis:

nmap -oN results.txt 192.168.1.0/24

Evasion

Techniques to avoid detection:

Fragment Packets

To fragment packets for stealth:

nmap -f 192.168.1.1

Reporting

Generate reports from scans:

XML Output

For easy integration with other tools:

nmap -oX results.xml 192.168.1.1

Quick Reference Table

Flag Description
-sn Ping scan (disables port scan)
-sS SYN scan (stealth)
-sV Service/version detection
-O Operating system detection
-oN Output normal format
-oX Output XML format
-f Fragment packets

Pro Tips

  • Combine flags for comprehensive scans. Example: nmap -sS -sV -O 192.168.1.1 for a stealth scan with version and OS detection.
  • Use –top-ports followed by a number to limit scans to most common ports.
  • Leverage scripts using the -sC flag for security checks: nmap -sC 192.168.1.1.

Real-World Examples

Example 1: Full Scan with OSD and Service Detection

nmap -sS -sV -O 192.168.1.0/24

Example 2: Stealth Scan with Output to File

nmap -sS -oN scan_results.txt 10.0.0.1

Related Posts

AI Prompts Cheatsheet for Cybersecurity Analysts

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why AI Changes the Game for Cybersecurity Analysts In the fast-paced world of cybersecurity, speed and efficiency are paramount. AI tools can streamline workflows, automate…

Nmap Cheatsheet for Security Professionals

🛠 Security Tool Cheatsheet Mike Torres — Red Team Operator What is Nmap? Nmap (Network Mapper) is an open-source tool used for network exploration and security auditing. It’s widely used by network administrators for tasks…

Essential Security Settings for Mobile Devices

🛠 Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester Why This Matters In today’s connected world, mobile devices are prime targets for hackers and data thieves. As they contain sensitive personal and professional information,…