Wiki
  • Glossary
  • License
  • Myles' Wiki
  • Meta
  • Status
  • Android
    • Fire OS
  • Computer Science
    • Artificial Intelligence
    • Machine Learning
  • Cooking
    • Recipies
      • Desserts
        • Peanut Butter Swirl Brownies
  • Dat Protocol
  • Databases
    • MySQL
    • Postgres
  • DevOps
    • Ansible
    • Docker
  • Graphic Design
    • Adobe Illustrator
    • Design Systems
    • Pen Plotters
    • SVG
    • Zine
  • iOS
  • Linux
  • Lists
    • Books to Read :open_book:
    • Film to Watch :film_projector:
    • TV Shows to Binge :television:
    • Video Games to Play :joystick:
  • Pentesting
    • Metasploit
    • nmap Cheat Sheet
  • Productivity
  • Programming
    • CSS
    • GitHub
    • Go
    • GraphQL
    • Methodology
    • R
    • Ruby
    • Data Science
      • Organizing Data Science Projects
    • JavaScript
      • Node.js
      • Vue.js
        • Nuxt.js
    • PHP
      • Laravel
      • WordPress
    • Python
      • Anaconda
      • Celery
      • django
      • Jupyter
      • pandas
      • Useful Regular Expression
      • Wagtail
      • Web Scraping in Python
    • Static Website Generators
      • Hugo
      • Jekyll
      • VuePress
  • Raspberry Pi
  • Selfhosted
  • Setup
    • Android
    • Bag
    • iOS Applications
    • macOS Setup
    • Microsoft Windows Setup
  • Startup
  • Text Editors
    • Visual Studio Code
  • UNIX
  • User Experience (UX)
  • Windows
Powered by GitBook
On this page
  • Cheat Sheet
  • Scan from file.
  • Output Formats
  • Netbios Examples
  • Nikto Scan
  1. Pentesting

nmap Cheat Sheet

nmap is used to discover hosts and services on a computer network, thus building a map of the network.

Cheat Sheet

Ping scans the network, listing machines that respond to ping:

nmap -sP 10.0.0.0/24

Full TCP port scan using with service version detection - usually my first scan, I find T4 more accurate than T5 and still pretty quick:

nmap -p 1-65535 -sV -sS -T4 target

Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + traceroute and scripts against target services:

nmap -v -sS -A -T4 target

Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + traceroute and scripts against target services:

nmap -v -sS -A -T5 target

Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection:

nmap -v -sV -O -sS -T5 target

Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + full port range scan:

nmap -v -p 1-65535 -sV -O -sS -T4 target

Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + full port range scan:

nmap -v -p 1-65535 -sV -O -sS -T5 target

Scan from file.

Scans a list of IP addresses, you can add options before / after.

nmap -iL ip-addresses.txt

Output Formats

Outputs grepable output to a file, in this example Netbios servers. E.g, The output file could be grepped for Open:

nmap -sV -p 139,445 -oG grep-output.txt 10.0.1.0/24

Export output to a HTML report:

nmap -sS -sV -T5 10.0.1.99 --webxml -oX - | xsltproc --output file.html -

Netbios Examples

Find all Netbios servers on a subnet:

nmap -sV -v -p 139,445 10.0.0.1/24

Display Netbios name:

nmap -sU --script nbstat.nse -p 137 target

Check if Netbios servers are vulnerable to MS08-067 (--script-args=unsafe=1 has the potential to crash servers / services).

Nikto Scan

Scans for http servers on port 80 and pipes into Nikto for scanning:

nmap -p80 10.0.1.0/24 -oG - | nikto.pl -h -

Scans for http/https servers on port 80, 443 and pipes into Nikto for scanning:

nmap -p80,443 10.0.1.0/24 -oG - | nikto.pl -h -
PreviousMetasploitNextProductivity

Last updated 2 years ago