Nmap cheat sheet
$ nmap <scan types> <options> <target>
-snDisables port scanning.
-oA tnetStores the results in all formats starting with the name ’tnet'.
-iLPerforms defined scans against targets in provided ‘hosts.lst’ list.
| -PE | Performs the ping scan by using ‘ICMP Echo requests’ against the target. |
|---|---|
| –packet-trace | Shows all packets sent and received |
--reasonDisplays the reason for specific result.
--top-ports=10Scans the specified top ports that have been defined as most frequent.
| -p 21 | Scans only the specified port. |
|---|---|
| –packet-trace | Shows all packets sent and received. |
| -n | Disables DNS resolution. |
| –disable-arp-ping | Disables ARP ping. |
-PnDisables ICMP Echo requests.
| -F | Scans top 100 ports. |
|---|---|
| -sU | Performs a UDP scan. |
-sVPerforms a service scan.
xsltproc target.xml -o target.html
-p-Scans all ports.
--stats-every=5sShows the progress of the scan every 5 seconds.
--script banner,smtp-commandsUses specified NSE scripts.
-APerforms service detection, OS detection, traceroute and uses defaults scripts to scan the target.
| -sV | Performs service version detection on specified ports. |
|---|---|
| –script vuln | Uses all related scripts from specified category. |
-sS SYN scan
| -sS | Performs SYN scan on specified ports. |
|---|---|
| -Pn | Disables ICMP Echo requests. |
| -n | Disables DNS resolution. |
| –disable-arp-ping | Disables ARP ping. |
| –packet-trace | Shows all packets sent and received. |
| -D RND:5 | Generates five random IP addresses that indicates the source IP the connection comes from. |
| -O | Performs operation system detection scan. |
|---|---|
| -S | Scans the target by using different source IP address. |
| 10.129.2.200 | Specifies the source IP address. |
| -e tun0 | Sends all requests through the specified interface. |