Hack101

Nmap Cheat Sheet

Nmap is a network scanner created by Gordon Lyon. It is used to discover hosts and services on a computer network, thus creating a map of the network.

Contributors

  • mdobydullah

Share

Print

Nmap Basic

  • Scan open ports

    nmap [target ip/domain]

  • Scan IPv6

    nmap -6 [target ip/domain]

  • Select interface and scan

    nmap -e [INTERFACE] [target ip/domain]

  • Save output to a file

    nmap -oN [filename] [target ip/domain]

  • Selected port scan

    nmap -p[port number] [targer ip/domain]

  • Port range scan

    nmap -p[1-1000] [targer ip/domain]

  • Scan by service

    nmap -p smtp [target]

Nmap Script Engine

  • Run individual script

    nmap -script [script.nse] [target]

  • Execute script by category

    nmap -script [category] [target]

  • Update script database

    nmap -script-updatedb

Nmap Timing Options

  • Timing templates

    -T[0-5]

  • Set live from packet time

    -ttl

  • For minimum parallel operation

    -min-parallelism

  • For maximum parallel operation

    -max-parallelism

  • Minimal host group size

    -min-hostgroup

  • Maximum host group size

    -max-hostgroup

  • Maximum RTT timeout

    -max-rtt-timeout

  • Initial RTT timeout

    -initial-rtt-timeout

  • Maximum retries

    -max-retries

  • Host timeout

    -host-timeout

  • Minimal scan delay

    -scan-delay

  • Maximum scan delay

    -max-scan-delay

  • Minimum packet rate

    -min-rate

  • Maximum packet rate

    -max-rate

  • Default reset rate limit

    -defeat-rst-ratelimit

Nmap Time Specific Flags

  • Seconds

    s

  • Minutes

    m

  • Hours

    h

  • 60 seconds

    60s

  • 5 minutes

    5m

  • 1 hour

    1h

Fingerprinting with Nmap

  • Display service version

    nmap -sV [target]

  • Aggressive scan

    nmap -A [target]

  • Detect operating system

    nmap -O [target]

  • Detect operating system verbose

    nmap -O -v [target]

Some Examples

  • To detect service and operating system

    nmap -sV -O [target]

  • Detect web server

    nmap -sV --script http-title [target]

  • Scan common port

    nmap --top-ports 10 [target]

  • Brute force DNS records

    nmap --script dns-brute [target]

  • Detect sniffer

    nmap -sP --script sniffer-detect [target]

Nmap Timing Template

  • Timing template for very slow scan

    -T0

  • Effective timing template to avoid firewall

    -T1

  • Effective timing template for no obstruction in target system

    -T2

  • Default timing template

    -T3

  • Fastest timing template for LAN scan

    -T4

  • Timing template for a fast aggressive scan

    -T5

About

The goal of Hack101 is to build a big cheatsheet platform for ethical hackers, and cybersecurity researchers. It is an open-source project and anyone can contribute to it.

Sponsor