diff --git a/nmap-cheatsheet.md b/nmap-cheatsheet.md index 6878dc4..30662cf 100644 --- a/nmap-cheatsheet.md +++ b/nmap-cheatsheet.md @@ -2,81 +2,118 @@ ```markdown # NMAP Cheat Sheet πŸ› οΈπŸ‘¨β€πŸ’» +A comprehensive guide to using Nmap for network scanning. + ## Table of Contents -1. [Ping Scanning](#ping-scanning) -2. [ARP Scanning](#arp-scanning) -3. [SYN Scanning](#syn-scanning) -4. [UDP Scanning](#udp-scanning) -5. [Useful Nmap Switches](#useful-nmap-switches) -6. [Identifying OS and Applications](#identifying-os-and-applications) -7. [Nmap Scripts](#nmap-scripts) -8. [Batch Scripts](#batch-scripts) +1. [Introduction](#introduction) +2. [Ping Scanning](#ping-scanning) +3. [ARP Scanning](#arp-scanning) +4. [SYN Scanning](#syn-scanning) +5. [UDP Scanning](#udp-scanning) +6. [Useful Nmap Switches](#useful-nmap-switches) +7. [Identifying OS and Applications](#identifying-os-and-applications) +8. [Nmap Scripts](#nmap-scripts) +9. [Batch Scripts](#batch-scripts) + +--- + +### Introduction πŸ“– + +Nmap ("Network Mapper") is an open-source tool for network exploration and security auditing. It was designed to rapidly scan large networks, but it also works well against single hosts. --- ### Ping Scanning πŸ“ +Ping scans are used for checking if the target is alive and responds to ICMP packets. + ```bash nmap -sn 192.168.10.1 nmap -sP 192.168.10.2 ``` +--- + ### ARP Scanning 🌐 +ARP (Address Resolution Protocol) scans are particularly effective in LAN environments. It is non-intrusive and fast. + ```bash nmap -sP -PR 192.168.10.1 ``` > **Tip**: Press the spacebar to show the current progression of the scan. +--- + ### SYN Scanning πŸš€ +Also known as half-open scanning, SYN scans are less likely to be detected compared to full TCP connection scans but still effective for port identification. + ```bash nmap -sS 192.168.10.1 ``` +--- + ### UDP Scanning 🚁 +UDP scans are used for identifying open UDP ports. Note that UDP scans are generally slower than TCP scans. + ```bash nmap -sU 192.168.10.1 ``` +--- + ### Useful Nmap Switches πŸŽ›οΈ -- `-h` help -- `-v` verbose -- `-vv` very verbose -- `-n` no DNS reverse lookup -- `-T` sets the speed of the scan (`-T5` being the fastest, `-T0` the slowest) -- `-p 80` specific port -- `-p 1-10` range of ports -- `-p-` all ports -- `-o` to output a file +Here are some Nmap switches for various purposes: + +- `-h`: Display help menu +- `-v`: Verbose output +- `-vv`: Very verbose output +- `-n`: No DNS resolution +- `-T`: Timing options (0-5) +- `-p`: Specify port or port range +- `-o`: Output scan to file + +--- ### Identifying OS and Applications πŸ–₯️ -- `-sV` enable version detection -- `-O` enables OS detection -- `-A` enables OS detection, Version detection, Script scanning, and traceroute -- `--osscan-guess` Aggressive OS guessing +Identifying the operating system and applications running on a network can provide valuable information during an assessment. + +- `-sV`: Version detection +- `-O`: OS detection +- `-A`: Advanced scan options +- `--osscan-guess`: More aggressive OS guessing + +--- ### Nmap Scripts πŸ“œ +Nmap has a powerful scripting engine that can perform a wide range of tasks. + **Syntax**: `nmap β€”script scriptname targetIP` ```bash nmap β€”script http-headers 192.168.10.1 nmap β€”script smtp-commands 192.168.10.1 ``` + > **More Info**: [How to Use Nmap Script Engine (NSE) Scripts in Linux](https://www.tecmint.com/use-nmap-script-engine-nse-scripts-in-linux/) +--- + ### Batch Scripts πŸ“š -**Steps**: +Automating Nmap scans can save a lot of time. Here's how you can create your own batch script for Nmap. -1. Download `neovim` or your favorite text editor. -2. Create a script file: `nvim nmapScan.sh` -3. Paste the following content: +1. Download and install `neovim` or your favorite text editor. +2. Create a script named `nmapScan.sh`. +3. Make the script executable. +4. Run the script. ```bash #!/bin/bash @@ -84,18 +121,6 @@ nmap β€”script smtp-commands 192.168.10.1 nmap -sT -p 1-10000 -v -v -T5 -sV -O --osscan-guess --script=banner -oN 192.168.10.1TCP.txt 192.168.10.1 nmap -sU -p 1-500 -v -v --scan-delay 1s -sV --script=banner -oN 192.168.10.1UDP.txt 192.168.10.1 ``` - -4. Save and exit. -5. Make the script executable: - -```bash -sudo chmod +x nmapScan.sh -``` - -6. Run the script: - -```bash -sudo ./nmapScan.sh -``` ``` +Feel free to copy this updated cheat sheet to your GitHub repository. Happy hacking! πŸ˜ŠπŸ‘¨β€πŸ’»πŸ“š