Different usage options

  1. Port discovery and specification
  2. Host discovery and specification
  3. Vulnerability scanning
  4. Application and service version detection
  5. Software version detection against the ports
  6. Firewall / IDS Spoofing

Scanning command syntax

nmap [scan types] [options] { specification}

Port Specification options

-Pnmap –p 23 scanning port specific port
-Pnmap –p 23-100 scanning port specific port range
-pnmap -pU:110,T:23-25,443,T-TCP different port types scan
-p-nmap -p- scan for all ports
-pnmap -smtp,https scan from specified protocols
-Fnmap –F port scan for speed up
-P “*”namp -p “*” ftp scan using name
-rnmap -r port scan

Host / discovery

-sLnmap -sLList without scanning
-snnmap -snDisable port scanning
-Pnnmap -PnPort scans only and no host discovery
-PSnmap -PS22-25,80TCP SYN discovery on specified port
-PAnmap -PA22-25,80TCP ACK discovery on specified port
-PUnmap -PU53UDP discovery on specified port
-PRnmap -PRARP discovery within local network
-nnmap -nno DNS resolution

Scanning types

-sSnmap -sSTCP SYN port scan
-sTnmap -sTTCP connect port scan
-sAnmap -sATCP ACK port scan
-sUnmap -sUUDP port scan
-Sfnmap -Sf FIN scan
-sXnmap -SX scan
-Spnmap -Sp scan
-sUnmap -Su scan
-sAnmap -Sa ACK scan
-SLnmap -Sl scan

Version detection

-sVnmap -sVTry to find the version of the service running on port
-sV –version-intensitynmap -sV –version-intensity 6Intensity level range 0 to 9.
-sV –version-allnmap -sV –version-allSet intensity level to 9
-sV –version-lightnmap -sV –version-lightEnable light mode
-Anmap -AEnables OS detection, version detection, script scanning, and traceroute
-Onmap -ORemote OS detection specification

nmap IP scan
nmap specific IPs
nmap a range of IPs
nmap xyz.orgscan a domain
nmap using CIDR notation
nmap -iL scan.txtscan from a file
nmap –exclude IP s exclude from scan

Use of NMAP scripts NSE

nmap –script= test script thee listed script against target IP address
nmap –script-update-dbadding new scripts
nmap -sV -sCuse of safe default scripts for scan
nmap –script-help=”Test Script”get help for script

Firewall proofing

nmap -f []scan fragment packets
nmap –mtu [MTU] []specify MTU
nmap -sI [zombie] []scan idle zoombie
nmap –source-port [port] []manual source port – specify
nmap –data-length [size] []randomly append data
nmap –randomize-hosts [] scan order randomization
nmap –badsum []bad checksum

NMAP output formats

Default/normal outputnmap -oN scan.txt
XMLnmap -oX scanr.xml
Grepable formatsnmap -oG grep.txt
All formatsnmap -oA

Scan options

nmap -sP scan only
nmap -PU ping scan
nmap -PE echo ping
nmap -PO protocol ping
nmap -PR ping
nmap -Pn without pinging
nmap –traceroute

NMAP Timing options

nmap -T0 scan
nmap -T1 scan to avoid IDS
nmap -T2 scan
nmap -T3 scan timer
nmap -T4 scan
nmap -T5 aggressive scan

Miscellaneous commands

nmap -6scan IPV6 targets
nmap –proxies proxy 1 URL, proxy 2 URLRun in targets with proxies
nmap –openShow open ports only

By Abhishek

For learning more about these awesome tools, you can join ethical hacking course in Delhi by Craw Security on the contact details given below:-

First Floor, Plot no. 4, Lane no. 2 Kehar Singh Estate, Saket metro, Saidulajab, New Delhi 110030

Email: [email protected]

Phone: 011-40394315

Leave a Reply

Your email address will not be published. Required fields are marked *