Software: nmap

Most overviews of the most useful options I found so far are too bloated. So here is my “yet another nmap options overview”

scan one host

nmap 192.168.1.1 
nmap -v 192.168.1.1
nmap --reason 192.168.1.1

default settings = ping, TCP SYN scan the 1000 most common ports, DNS reverse lookup

quick scan

nmap -F 192.168.1.1

scans the 100 most common ports

nmap --top-ports 10 192.168.1.1

scans the 10 most common ports

skip ping before port scan

nmap -Pn 192.168.1.1

usually nmap sends an ICMP echo request and after the reply it starts the port scan. So if the host is blocking the ping request nmap would not scan. -Pn will tell nmap to scan without checking the host first.

scan specific TCP ports

nmap 192.168.1.1 -p 8080
nmap 192.168.1.1 -p 8080,8443
nmap 192.168.1.1 -p 8000-9000
nmap 192.168.1.1 -p "*"

scan UDP ports

sudo nmap -sU 192.168.1.1
sudo nmap -sU -p U:53 8.8.8.8
sudo nmap -sU -sT 192.168.1.1

scan multiple IP addresses

nmap 192.168.1.1 192.168.1.50
nmap 192.168.1.0/24 
nmap 192.168.*.1
nmap 192.168.1.1-50
nmap -iL /tmp/hosts.txt
nmap 192.168.1.0/24 --exclude 192.168.1.100,192.168.1.250
nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt

ping scan only

nmap -sP 192.168.1.0/24

send pings to a whole subnet

identify OS and versions

sudo nmap -A 192.168.1.1
sudo nmap -A --osscan-guess 192.168.1.1

without sudo the OS fingerprint detection will not run
Other options:
-O for OS fingerprint scanning only
-sV for version detection only

scan TCP and UDP

sudo nmap -sS -sU -PN 192.168.1.1
sudo nmap -sS -sU -PN -p 1-65535 192.168.1.1

aggressive scan

nmap -T4 192.168.1.1

IPv6 scan

nmap -6 hostname

show local network config

nmap --iflist
Tagged