search
HomeTech JournalsPersonal ProjectsSysadmin Wiki

NMAP

hashtag
Usage:

hashtag
Command line:

sudo nmap <ip> <options>

If you don't run with sudo results will vary.

hashtag
Syntax:

hashtag
Extra:

  • -A

    • OS detection, Version detection, script scanning

  • DNS

Find dns server in a network:

sudo nmap -Pn --open <network ID>/<subnet #> -p T:53 -oG <file-name>.txt

Clean output of dns server

cat <file-name>.txt | grep -v Nmap | grep -v / | awk '{print $2}'

hashtag
Ports:

  • -p

    • Will scan specifed port

    • T: TCP only

    • U: UDP only

    • Can do a range and protocol specification:

      • nmap <ip> -p T:22,U:4000

  • -sP or -sn

    • No port scan

hashtag
Host Discovery:

  • -Pn

    • no ping / no host discovery

  • -sL

    • use the list of targets instead of dicovery

  • --traceroute

    • Enables traceroute functionality

hashtag
Timing:

  • T0-T5

    • The lower the slower T5 means you don't care if you set off alarms

    • T0 makes 1 request ~5 minutes

hashtag
Services:

  • -sV

    • perform the serice detection

hashtag
Scan Types:

  • -sT

    • TCP Connect

    • Completes 3 way handshake

  • -sU

    • UDP Scan

    • Fast

  • -O

    • Enables OS Detection

hashtag
Output:

  • -oG -

    • Makes the nmap output 'grepable'

hashtag
Scripts: https://www.redhat.com/sysadmin/nmap-scripting-enginearrow-up-right

  • --script

    • Allows you to specify the scripts

hashtag
Resources:

https://nmap.org/book/man-host-discovery.htmlarrow-up-right

PreviousMetasploitNextActive/Passive Reconnaissance

Last updated