updating nmap cheatsheet

main
00xNetrunner 1 year ago
parent ce54308a0b
commit da286c80e8

@ -2,81 +2,118 @@
```markdown ```markdown
# NMAP Cheat Sheet 🛠️👨‍💻 # NMAP Cheat Sheet 🛠️👨‍💻
A comprehensive guide to using Nmap for network scanning.
## Table of Contents ## Table of Contents
1. [Ping Scanning](#ping-scanning) 1. [Introduction](#introduction)
2. [ARP Scanning](#arp-scanning) 2. [Ping Scanning](#ping-scanning)
3. [SYN Scanning](#syn-scanning) 3. [ARP Scanning](#arp-scanning)
4. [UDP Scanning](#udp-scanning) 4. [SYN Scanning](#syn-scanning)
5. [Useful Nmap Switches](#useful-nmap-switches) 5. [UDP Scanning](#udp-scanning)
6. [Identifying OS and Applications](#identifying-os-and-applications) 6. [Useful Nmap Switches](#useful-nmap-switches)
7. [Nmap Scripts](#nmap-scripts) 7. [Identifying OS and Applications](#identifying-os-and-applications)
8. [Batch Scripts](#batch-scripts) 8. [Nmap Scripts](#nmap-scripts)
9. [Batch Scripts](#batch-scripts)
---
### Introduction 📖
Nmap ("Network Mapper") is an open-source tool for network exploration and security auditing. It was designed to rapidly scan large networks, but it also works well against single hosts.
--- ---
### Ping Scanning 🏓 ### Ping Scanning 🏓
Ping scans are used for checking if the target is alive and responds to ICMP packets.
```bash ```bash
nmap -sn 192.168.10.1 nmap -sn 192.168.10.1
nmap -sP 192.168.10.2 nmap -sP 192.168.10.2
``` ```
---
### ARP Scanning 🌐 ### ARP Scanning 🌐
ARP (Address Resolution Protocol) scans are particularly effective in LAN environments. It is non-intrusive and fast.
```bash ```bash
nmap -sP -PR 192.168.10.1 nmap -sP -PR 192.168.10.1
``` ```
> **Tip**: Press the spacebar to show the current progression of the scan. > **Tip**: Press the spacebar to show the current progression of the scan.
---
### SYN Scanning 🚀 ### SYN Scanning 🚀
Also known as half-open scanning, SYN scans are less likely to be detected compared to full TCP connection scans but still effective for port identification.
```bash ```bash
nmap -sS 192.168.10.1 nmap -sS 192.168.10.1
``` ```
---
### UDP Scanning 🚁 ### UDP Scanning 🚁
UDP scans are used for identifying open UDP ports. Note that UDP scans are generally slower than TCP scans.
```bash ```bash
nmap -sU 192.168.10.1 nmap -sU 192.168.10.1
``` ```
---
### Useful Nmap Switches 🎛️ ### Useful Nmap Switches 🎛️
- `-h` help Here are some Nmap switches for various purposes:
- `-v` verbose
- `-vv` very verbose - `-h`: Display help menu
- `-n` no DNS reverse lookup - `-v`: Verbose output
- `-T` sets the speed of the scan (`-T5` being the fastest, `-T0` the slowest) - `-vv`: Very verbose output
- `-p 80` specific port - `-n`: No DNS resolution
- `-p 1-10` range of ports - `-T`: Timing options (0-5)
- `-p-` all ports - `-p`: Specify port or port range
- `-o` to output a file - `-o`: Output scan to file
---
### Identifying OS and Applications 🖥️ ### Identifying OS and Applications 🖥️
- `-sV` enable version detection Identifying the operating system and applications running on a network can provide valuable information during an assessment.
- `-O` enables OS detection
- `-A` enables OS detection, Version detection, Script scanning, and traceroute - `-sV`: Version detection
- `--osscan-guess` Aggressive OS guessing - `-O`: OS detection
- `-A`: Advanced scan options
- `--osscan-guess`: More aggressive OS guessing
---
### Nmap Scripts 📜 ### Nmap Scripts 📜
Nmap has a powerful scripting engine that can perform a wide range of tasks.
**Syntax**: `nmap —script scriptname targetIP` **Syntax**: `nmap —script scriptname targetIP`
```bash ```bash
nmap —script http-headers 192.168.10.1 nmap —script http-headers 192.168.10.1
nmap —script smtp-commands 192.168.10.1 nmap —script smtp-commands 192.168.10.1
``` ```
> **More Info**: [How to Use Nmap Script Engine (NSE) Scripts in Linux](https://www.tecmint.com/use-nmap-script-engine-nse-scripts-in-linux/) > **More Info**: [How to Use Nmap Script Engine (NSE) Scripts in Linux](https://www.tecmint.com/use-nmap-script-engine-nse-scripts-in-linux/)
---
### Batch Scripts 📚 ### Batch Scripts 📚
**Steps**: Automating Nmap scans can save a lot of time. Here's how you can create your own batch script for Nmap.
1. Download `neovim` or your favorite text editor. 1. Download and install `neovim` or your favorite text editor.
2. Create a script file: `nvim nmapScan.sh` 2. Create a script named `nmapScan.sh`.
3. Paste the following content: 3. Make the script executable.
4. Run the script.
```bash ```bash
#!/bin/bash #!/bin/bash
@ -84,18 +121,6 @@ nmap —script smtp-commands 192.168.10.1
nmap -sT -p 1-10000 -v -v -T5 -sV -O --osscan-guess --script=banner -oN 192.168.10.1TCP.txt 192.168.10.1 nmap -sT -p 1-10000 -v -v -T5 -sV -O --osscan-guess --script=banner -oN 192.168.10.1TCP.txt 192.168.10.1
nmap -sU -p 1-500 -v -v --scan-delay 1s -sV --script=banner -oN 192.168.10.1UDP.txt 192.168.10.1 nmap -sU -p 1-500 -v -v --scan-delay 1s -sV --script=banner -oN 192.168.10.1UDP.txt 192.168.10.1
``` ```
4. Save and exit.
5. Make the script executable:
```bash
sudo chmod +x nmapScan.sh
```
6. Run the script:
```bash
sudo ./nmapScan.sh
```
``` ```
Feel free to copy this updated cheat sheet to your GitHub repository. Happy hacking! 😊👨‍💻📚

Loading…
Cancel
Save