Sunday, April 6, 2025

Basic and Advance Nmap Commands list.

 Basic Nmap Commands

These commands are ideal for beginners or for quick scans.

Host Discovery

  • Scan a single target: nmap 192.168.0.1
  • Scan multiple targets: nmap 192.168.0.1 192.168.0.2
  • Scan a range of IPs: nmap 192.168.0.1-10
  • Scan an entire subnet: nmap 192.168.0.1/24
  • Ping scan only (no port scanning): nmap -sP 192.168.0.*
  • Disable ping (direct port scan): nmap -PN 192.168.0.1

Port Scanning

  • Scan specific ports: nmap -p 22,80,443 192.168.0.1
  • Scan a range of ports: nmap -p 20-100 192.168.0.1
  • Scan all ports (1–65535): nmap -p- 192.168.0.1
  • Fast scan (top 100 ports): nmap -F 192.168.0.1

Service and OS Detection

  • Detect service versions: nmap -sV 192.168.0.1
  • Detect operating system: nmap -O 192.168.0.1
  • Aggressive scan (OS + service detection + scripts): nmap -A 192.168.0.1

Output Options

  • Save output in normal format: nmap -oN output.txt 192.168.0.1
  • Save output in XML format: nmap -oX output.xml 192.168.0.1
  • Save greppable output: nmap -oG output.grep 192.168.0.1

Advanced Nmap Commands

These commands are suited for more complex scanning scenarios.

Advanced Port Scanning

  • SYN scan (stealth scan): nmap -sS 192.168.0.1
  • TCP connect scan: nmap -sT 192.168.0.1
  • UDP scan: sudo nmap -sU 192.168.0.1
  • Null scan (no TCP flags): nmap -sN 192.168.0.1
  • FIN scan: nmap -sF 192.168.0.1
  • Xmas scan: nmap -sX 192.168.0.1


Firewall Evasion and Spoofing

  • Use a decoy to hide your IP: nmap -D RND:10 192.168.0.*
  • Fragment packets to bypass firewalls: nmap -f 192.168.0.*
  • Manually set source port: nmap --source-port 53 192.168.*.*


Script Scanning

NSE (Nmap Scripting Engine) allows you to run custom scripts:

  • Detect vulnerabilities with built-in scripts:
  • Command: nmap --script vuln 192.168.*.*
  • Example scripts include checking for SMB vulnerabilities or HTTP misconfigurations.

Idle Scan (Zombie Scan)

  • Command: nmap -sI zombiehost.com target.com

This uses an idle host as a proxy to perform the scan, making it harder to trace back to the scanner.

IP Protocol Scanning

  • Command: nmap -sO 192.*.*.*

Identifies which IP protocols (e.g., ICMP, TCP, UDP) are supported by the target.

Specialized Scans

These scans are tailored for specific use cases:

  • Traceroute to map network paths: nmap --traceroute target.com
  • Scan IPv6 targets: nmap -6 [IPv6 address]
  • Top ports scan (e.g., top 200 ports):
  • Command: nmap --top-ports 200 target.com

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Splunk

Splunk  has three main components, namely Forwarder, Indexer, and Search Head. These components are explained below: Splunk  Forwarder Splun...

  • Email Header Analysis Tools:
      Email Header Analysis Tools: MXToolbox Email Header Analyzer:  https://mxtoolbox.com/EmailHeaders.aspx  - A very popular and user-friendly...
  • Network Mapper (Nmap)
     Understanding Nmap:  Nmap, short for Network Mapper, is a powerful open-source tool widely used by cybersecurity professionals for network ...