nmap¶
-
Single target scan: nmap [target]
-
Scan from a list of targets: nmap -iL [list.txt]
-
Scan port for all available A records (useful when multiple A records are returned by the DNS server) nmap --script resolveall --script-args newtargets,resolveall.hosts=[target] -p [port]
-
iPv6: nmap -6 [target]
-
OS detection: nmap -O --osscan_guess [target]
-
Save output to text file: nmap -oN [output.txt] [target]
-
Save output to xml file: nmap -oX [output.xml] [target]
-
Scan a specific port: nmap -p [port] [target]
-
Do an aggressive scan: nmap -A [target]
-
Speedup your scan:
- -n => disable ReverseDNS
-
--min-rate=X => min X packets / sec nmap -T5 --min-parallelism=50 -n --min-rate=300 [target]
-
Traceroute: nmap -traceroute [target]
-
Ping scan only: -sP
- Don't ping: -PN <- Use full if a host don't reply to a ping.
- TCP SYN ping: -PS
- TCP ACK ping: -PA
- UDP ping: -PU
-
ARP ping: -PR
-
Example: Ping scan all machines on a class C network nmap -sP 192.168.0.0/24
-
Force TCP scan: -sT
-
Force UDP scan: -sU
-
Use some script: nmap --script default,safe