Software: nmap
2015-02-02
Most overviews of the most useful options I found so far are too bloated. So here is my “yet another nmap options overview”
scan one host
nmap 192.168.1.1 nmap -v 192.168.1.1 nmap --reason 192.168.1.1
default settings = ping, TCP SYN scan the 1000 most common ports, DNS reverse lookup
quick scan
nmap -F 192.168.1.1
scans the 100 most common ports
nmap --top-ports 10 192.168.1.1
scans the 10 most common ports
skip ping before port scan
nmap -Pn 192.168.1.1
usually nmap sends an ICMP echo request and after the reply it starts the port scan. So if the host is blocking the ping request nmap would not scan. -Pn will tell nmap to scan without checking the host first.
scan specific TCP ports
nmap 192.168.1.1 -p 8080 nmap 192.168.1.1 -p 8080,8443 nmap 192.168.1.1 -p 8000-9000 nmap 192.168.1.1 -p "*"
scan UDP ports
sudo nmap -sU 192.168.1.1 sudo nmap -sU -p U:53 8.8.8.8 sudo nmap -sU -sT 192.168.1.1
scan multiple IP addresses
nmap 192.168.1.1 192.168.1.50 nmap 192.168.1.0/24 nmap 192.168.*.1 nmap 192.168.1.1-50 nmap -iL /tmp/hosts.txt nmap 192.168.1.0/24 --exclude 192.168.1.100,192.168.1.250 nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt
ping scan only
nmap -sP 192.168.1.0/24
send pings to a whole subnet
identify OS and versions
sudo nmap -A 192.168.1.1 sudo nmap -A --osscan-guess 192.168.1.1
without sudo the OS fingerprint detection will not run
Other options:
-O for OS fingerprint scanning only
-sV for version detection only
scan TCP and UDP
sudo nmap -sS -sU -PN 192.168.1.1 sudo nmap -sS -sU -PN -p 1-65535 192.168.1.1
aggressive scan
nmap -T4 192.168.1.1
IPv6 scan
nmap -6 hostname
show local network config
nmap --iflist