nmap

  • Single target scan: nmap [target]

  • Scan from a list of targets: nmap -iL [list.txt]

  • Scan port for all available A records (useful when multiple A records are returned by the DNS server) nmap --script resolveall --script-args newtargets,resolveall.hosts=[target] -p [port]

  • iPv6: nmap -6 [target]

  • OS detection: nmap -O --osscan_guess [target]

  • Save output to text file: nmap -oN [output.txt] [target]

  • Save output to xml file: nmap -oX [output.xml] [target]

  • Scan a specific port: nmap -p [port] [target]

  • Do an aggressive scan: nmap -A [target]

  • Speedup your scan:

  • -n => disable ReverseDNS
  • --min-rate=X => min X packets / sec nmap -T5 --min-parallelism=50 -n --min-rate=300 [target]

  • Traceroute: nmap -traceroute [target]

  • Ping scan only: -sP

  • Don't ping: -PN <- Use full if a host don't reply to a ping.
  • TCP SYN ping: -PS
  • TCP ACK ping: -PA
  • UDP ping: -PU
  • ARP ping: -PR

  • Example: Ping scan all machines on a class C network nmap -sP 192.168.0.0/24

  • Force TCP scan: -sT

  • Force UDP scan: -sU

  • Use some script: nmap --script default,safe

Comments