nmap Cheat Sheet All in One

Posted by Riino on

nmap

nmap offical reference guide: https://nmap.org/book/man.html

Offical Doc : https://nmap.org/book/man.html Offical Doc CN : https://nmap.org/man/zh/index.html Offical Doc JP : https://nmap.org/man/ja/

Cheat Sheet by Nathan House https://www.stationx.net/nmap-cheat-sheet/

Macros (WIP)

#Stay low (IDS Evasion command)
nmap -f -t 0 -n -Pn –data-length 200 -D 192.168.1.101,192.168.1.102,192.168.1.103,192.168.1.23 192.168.1.1
#Get target OS and ports
nmap -sS -P0 -sV -O <target>
#Find every host under a LAN MASK
nmap -sP 192.168.0.*
#Batch Ping
nmap -sP 192.168.1.100-254
#Count Win/Linux devices
sudo nmap -F -O 192.168.0.1-255 | grep “Running: ” > /tmp/os; echo$(cat /tmp/os | grep Linux \
| wc -l) Linux device(s); echo$(cat /tmp/os | grep Windows | wc -l) Window(s) device”
#Find unused IPs
nmap -T4 -sP 192.168.2.0/24 && egrep “00:00:00:00:00:00″ /proc/net/arp

Cheat Sheat

modifyIP?
SCAN NOTHING!
enable ipv6
random 100
from file
exclude
discover any?
discover any?
No ping
TCP SYN ping
TCP ACK ping
UDP ping
ARP ping
SCTP INIT ping
ICMP ping
IP P ping
scan port?
scan port?
is TCP?
TCP
TCP SYN
TCP ACK
TCP Window
TCP maimon
is UDP?
Check Service Version?
guess OS?
Be gentle?
Paranoid for IDS
Sneaky for IDS
Polite
Normal
Aggressive
Insane
Custom
trickery
split package
custom offset
spoofed IP
spoofed MAC
spoofed Port
fake origin IP
random scan sequence
I WANT EVERYTHING
save file
xml
normal
nmap 192.168.1.1
nmap 192.168.1-254
nmap 192.168.1.1 riino.site
Yes
-SL
-6
iR 100
iL list.txt
--exclude
YES
No
-Pn
-PS
-PA
-PU
-PR
-PY
-PE
-PP
-PM
-P0
Yes
No
-sn
Yes
-sT
-sS
-sA
-sW
-sM
-sU
which port?
-p 21
-p 21-100
-p U:53,T:21-25,80
-p http,https
--top-ports 2000
-F
-p-65535
-p0-
Yes
-sV
-sV --version-all
-A
-O
Sure
-T0
-T1
-T2
-T3
-T4
-T5
--host-timeout 30s
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout 100s
--min-hostgroup/max-hostgroup 1024
--min-parallelism/max-parallelism 10
--scan-delay/--max-scan-delay 2s
--max-retries 3
--min-rate 100
--max-rate 100
YES
-f
-mtu 32
-D 192.168.1.101,192.168.1.102
--spoof-mac apple
--spoof-mac 0
--spoof-mac 01:02:03:04:05:06
--spoof-mac 0020F2
-g 53
-S scanner.example.com
--randomize-hosts
-A
YES
-oX output.xml
-oN output.txt