# NMAP Cheat Sheet ๐Ÿ–ฅ๏ธ ## Table of Contents ๐Ÿ“‹ 1. [Ping Scanning](#ping-scanning) ๐Ÿ“ก 2. [ARP Scanning](#arp-scanning) ๐Ÿ“ถ 3. [SYN Scanning](#syn-scanning) ๐Ÿ‘พ 4. [UDP Scanning](#udp-scanning) ๐Ÿ’พ 5. [Useful Nmap Switches](#useful-nmap-switches) โš™๏ธ 6. [Identifying OS and Applications](#identifying-os-and-applications) ๐Ÿค– 7. [Nmap Scripts](#nmap-scripts) ๐Ÿ“œ 8. [Batch Script for Nmap](#batch-script-for-nmap) ๐Ÿ’ป ## Ping Scanning ๐Ÿ“ก ```bash nmap -sn 192.168.10.1 nmap -sP 192.168.10.2 ``` ## ARP Scanning ๐Ÿ“ถ ```bash nmap -sP -PR 192.168.10.1 ``` > **Note**: Press the spacebar to show the current progression of the scan. ## SYN Scanning ๐Ÿ‘พ ```bash nmap -sS 192.168.10.1 ``` ## UDP Scanning ๐Ÿ’พ ```bash nmap -sU 192.168.10.1 ``` ## Useful Nmap Switches โš™๏ธ - `-h` : Help - `-v` : Verbose - `-vv` : Very Verbose - `-n` : No DNS Reverse Lookup - `-T` : Sets the speed of the scan (`-T5` being the fastest, `-T0` the slowest) - `-p` : Specify ports - `-p 80` : Specific port - `-p 1-10` : Range of ports - `-p-` : All ports - `-o` : To output a file ## Identifying OS and Applications ๐Ÿค– - `-sV` : Enable Version Detection - `-O` : Enable OS Detection - `-A` : Enable OS Detection, Version Detection, Script Scanning, and Traceroute - `--osscan-guess` : Aggressive OS guessing ## Nmap Scripts ๐Ÿ“œ **Syntax**: `nmap โ€”script scriptname targetIP` Examples: ```bash nmap โ€”script http-headers 192.168.10.1 nmap โ€”script smtp-commands 192.168.10.1 nmap -sV --script=banner 192.168.10.1 nmap -sV --script=smb* 192.168.10.1 nmap --script=http-title 192.168.10.1 nmap --script=http-enum 192.168.10.0/24 ``` > [How to Use Nmap Script Engine (NSE) Scripts in Linux](https://www.tecmint.com/use-nmap-script-engine-nse-scripts-in-linux/) ## Batch Script for Nmap ๐Ÿ’ป 1. First, download Neovim or your favorite text editor. ๐Ÿ“ 2. Create a file named `nmapScan.sh`. ```bash #!/bin/bash nmap -sT -p 1-10000 -v -v -T5 -sV -O --osscan-guess --script=banner -oN 192.168.10.1TCP.txt 192.168.10.1 nmap -sU -p 1-500 -v -v --scan-delay 1s -sV --script=banner -oN 192.168.10.1UDP.txt 192.168.10.1 nmap -sT -p 1-10000 -v -v -T5 -sV -O --osscan-guess --script=banner -oN 192.168.10.2TCP.txt 192.168.10.2 nmap -sU -p 1-500 -v -v --scan-delay 1s -sV --script=banner -oN 192.168.10.2UDP.txt 192.168.10.2 ``` 3. Save and exit. ๐Ÿ’พ 4. Make the script executable: ```bash sudo chmod +x nmapScan.sh ``` 5. Run the script: ```bash sudo ./nmapScan.sh ```