Nmap Cheatsheet

Abstract blue cyber digital technology graphic background Premium Photo

apt-get update && apt-get install nmap

Single scan: nmap
Scan a range: nmap
Scan from a file containing IPs: nmap -iL targets.txt
Scan a subnet: nmap

Scan certain port: nmap -p 21
TCP and UDP ports: nmap -p U:138,T:80,389
Port range: nmap -p 21-100
Scan service: nmap -p http,https

Version of service lookup: nmap -sV
OS, version detection and script scanning: nmap -A
Remote OS detection using TCP/IP stack fingerprinting: nmap -O
Timing Scans (Slow: T0-5 : Fast): nmap -T0

Brute force DNS hostnames: nmap -Pn –script=dns-brute domain.com
SQL Injection check: nmap -p80 –script http-sql-injection scanme.nmap.org
Stealth Scan: nmap -sS
Improved UDP version scan: nmap -sUV -T4

Fragment packets (Firewall/IDS Evasion): nmap -f
Send scans from spoofed IPs: nmap -D,

Save default output to file: nmap -oN outputfile.txt
Heartbleed Testing: nmap -sV -p 443 –script=ssl-heartbleed

Some useful scripts:

Web application firewall check
nmap -p80,443 –script http-waf-detect –script-args=”http-waf-detect.aggro,http-waf-detect.detectBodyChanges” targetWebsite.com

Exract EXIF data from photos found on the website
nmap -p80,443 –script http-exif-spider –script-args=”http.max-cache-size=99999999″ targetwebsite.com

Source: https://null-byte.wonderhowto.com/how-to/advanced-nmap-top-5-intrusive-nmap-scripts-hackers-pentesters-should-know-0187287/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: