updating nmap cheatsheet... again

main
00xNetrunner 1 year ago
parent 6f838d6022
commit e2acc89bd9

@ -1,122 +1,117 @@
# NMAP Cheat Sheet 🛠️👨‍💻 Certainly, here's your Nmap cheat sheet in Markdown format. You can copy this and upload it to your GitHub repository.
A comprehensive guide to using Nmap for network scanning. ```markdown
# NMAP Cheat Sheet
## Table of Contents ## Table of Contents
1. [Introduction](#introduction) 1. [Ping Scanning](#ping-scanning)
2. [Ping Scanning](#ping-scanning) 2. [ARP Scanning](#arp-scanning)
3. [ARP Scanning](#arp-scanning) 3. [SYN Scanning](#syn-scanning)
4. [SYN Scanning](#syn-scanning) 4. [UDP Scanning](#udp-scanning)
5. [UDP Scanning](#udp-scanning) 5. [Useful Nmap Switches](#useful-nmap-switches)
6. [Useful Nmap Switches](#useful-nmap-switches) 6. [Identifying OS and Applications](#identifying-os-and-applications)
7. [Identifying OS and Applications](#identifying-os-and-applications) 7. [Nmap Scripts](#nmap-scripts)
8. [Nmap Scripts](#nmap-scripts) 8. [Batch Script for Nmap](#batch-script-for-nmap)
9. [Batch Scripts](#batch-scripts)
--- ---
### Introduction 📖 ## Ping Scanning
Nmap ("Network Mapper") is an open-source tool for network exploration and security auditing. It was designed to rapidly scan large networks, but it also works well against single hosts. - `nmap -sn 192.168.10.1`
- `nmap -sP 192.168.10.2`
--- ---
### Ping Scanning 🏓 ## ARP Scanning
Ping scans are used for checking if the target is alive and responds to ICMP packets. `nmap -sP -PR 192.168.10.1`
\`\`\`bash > **Note**: Press the spacebar to show the current progression of the scan.
nmap -sn 192.168.10.1
nmap -sP 192.168.10.2
\`\`\`
--- ---
### ARP Scanning 🌐 ## SYN Scanning
ARP (Address Resolution Protocol) scans are particularly effective in LAN environments. It is non-intrusive and fast. `nmap -sS 192.168.10.1`
\`\`\`bash
nmap -sP -PR 192.168.10.1
\`\`\`
> **Tip**: Press the spacebar to show the current progression of the scan.
--- ---
### SYN Scanning 🚀 ## UDP Scanning
Also known as half-open scanning, SYN scans are less likely to be detected compared to full TCP connection scans but still effective for port identification.
\`\`\`bash `nmap -sU 192.168.10.1`
nmap -sS 192.168.10.1
\`\`\`
--- ---
### UDP Scanning 🚁 ## Useful Nmap Switches
UDP scans are used for identifying open UDP ports. Note that UDP scans are generally slower than TCP scans. - `-h` : Help
- `-v` : Verbose
\`\`\`bash - `-vv` : Very Verbose
nmap -sU 192.168.10.1 - `-n` : No DNS Reverse Lookup
\`\`\` - `-T` : Sets the speed of the scan (`-T5` being the fastest, `-T0` the slowest)
- `-p` : Specify ports
- `-p 80` : Specific port
- `-p 1-10` : Range of ports
- `-p-` : All ports
- `-o` : To output a file
--- ---
### Useful Nmap Switches 🎛️ ## Identifying OS and Applications
Here are some Nmap switches for various purposes:
- `-h`: Display help menu - `-sV` : Enable Version Detection
- `-v`: Verbose output - `-O` : Enable OS Detection
- `-vv`: Very verbose output - `-A` : Enable OS Detection, Version Detection, Script Scanning, and Traceroute
- `-n`: No DNS resolution - `--osscan-guess` : Aggressive OS guessing
- `-T`: Timing options (0-5)
- `-p`: Specify port or port range
- `-o`: Output scan to file
--- ---
### Identifying OS and Applications 🖥️ ## Nmap Scripts
Identifying the operating system and applications running on a network can provide valuable information during an assessment. **Syntax**: `nmap —script scriptname targetIP`
- `-sV`: Version detection Examples:
- `-O`: OS detection
- `-A`: Advanced scan options
- `--osscan-guess`: More aggressive OS guessing
--- - `nmap —script http-headers 192.168.10.1`
- `nmap —script smtp-commands 192.168.10.1`
- `nmap -sV --script=banner 192.168.10.1`
- `nmap -sV --script=smb* 192.168.10.1`
- `nmap --script=http-title 192.168.10.1`
- `nmap --script=http-enum 192.168.10.0/24`
### Nmap Scripts 📜 > [How to Use Nmap Script Engine (NSE) Scripts in Linux](https://www.tecmint.com/use-nmap-script-engine-nse-scripts-in-linux/)
Nmap has a powerful scripting engine that can perform a wide range of tasks. ---
**Syntax**: `nmap —script scriptname targetIP` ## Batch Script for Nmap
\`\`\`bash 1. First, download Neovim or your favorite text editor.
nmap —script http-headers 192.168.10.1 2. Create a file named `nmapScan.sh`.
nmap —script smtp-commands 192.168.10.1
\`\`\`
> **More Info**: [How to Use Nmap Script Engine (NSE) Scripts in Linux](https://www.tecmint.com/use-nmap-script-engine-nse-scripts-in-linux/) ```bash
#!/bin/bash
--- nmap -sT -p 1-10000 -v -v -T5 -sV -O --osscan-guess --script=banner -oN 192.168.10.1TCP.txt 192.168.10.1
nmap -sU -p 1-500 -v -v --scan-delay 1s -sV --script=banner -oN 192.168.10.1UDP.txt 192.168.10.1
nmap -sT -p 1-10000 -v -v -T5 -sV -O --osscan-guess --script=banner -oN 192.168.10.2TCP.txt 192.168.10.2
nmap -sU -p 1-500 -v -v --scan-delay 1s -sV --script=banner -oN 192.168.10.2UDP.txt 192.168.10.2
```
### Batch Scripts 📚 3. Save and exit.
4. Make the script executable:
Automating Nmap scans can save a lot of time. Here's how you can create your own batch script for Nmap. ```bash
sudo chmod +x nmapScan.sh
```
1. Download and install `neovim` or your favorite text editor. 5. Run the script:
2. Create a script named `nmapScan.sh`.
3. Make the script executable.
4. Run the script.
\`\`\`bash ```bash
#!/bin/bash sudo ./nmapScan.sh
```
nmap -sT -p 1-10000 -v -v -T5 -sV -O --osscan-guess --script=banner -oN 192.168.10.1TCP.txt 192.168.10.1 ---
nmap -sU -p 1-500 -v -v --scan-delay 1s -sV --script=banner -oN 192.168.10.1UDP.txt 192.168.10.1 ```
\`\`\`
Feel free to modify or add any additional information!

Loading…
Cancel
Save