top of page
Writer's pictureVishwanath Akuthota

What is NMap and Cheat Sheet

In the ever-evolving world of cybersecurity and network management, having the right tools in your arsenal is crucial. Among the most versatile and powerful tools available, Nmap stands as a stalwart choice. This open-source network scanning tool has been a favorite of security professionals, network administrators, and hackers alike for decades. In this blog, we'll delve into the world of Nmap, exploring its capabilities, use cases, and how it can be harnessed responsibly for enhancing network security and understanding.


Nmap

What is Nmap?

Nmap, short for Network Mapper, is a free and open-source network scanning utility renowned for its flexibility and robustness. Developed by Gordon Lyon, commonly known as "Fyodor," Nmap's primary purpose is to discover hosts and services on a computer network by sending packets and analysing their responses. However, its capabilities extend far beyond mere discovery.


Key Features and Use Cases

1. Host Discovery:

  • Nmap's basic function is host discovery. It can scan a range of IP addresses to determine which hosts are online, using methods such as ICMP echo requests, TCP SYN scans, and UDP scans.

2. Port Scanning:

  • Nmap excels in port scanning, allowing you to identify open ports on a target system. This is crucial for assessing network security and potential vulnerabilities.

3. Service and Version Detection:

  • Nmap can identify the services running on open ports and even attempt to determine their versions. This information is invaluable for security audits and patch management.

4. Scripting Engine:

  • Nmap's scripting engine enables the execution of custom scripts. These scripts can perform various tasks, from detecting vulnerabilities to automating common network administration tasks.

5. OS Fingerprinting:

  • Nmap can attempt to determine the operating system of a target system based on characteristics of its network responses. This helps in understanding the network's makeup.

6. Firewall Evasion:

  • Nmap offers techniques like IDLE scanning and fragmented packet scanning to bypass firewall rules and evade intrusion detection systems.

7. Output Formats:

  • Nmap provides various output formats, including plain text, XML, and even interactive graphical results. This flexibility is valuable for different use cases.

Responsible Use of Nmap

While Nmap is an incredibly powerful tool, it must be used responsibly and ethically. Unauthorized scanning of networks and systems can have legal and ethical implications. Always obtain proper authorization before conducting any network scans.

Cheat Sheet for NMap

Basic Scanning Techniques

Scan a single target 
nmap [target]
Scan multiple targets 
nmap [target1,target2,etc] 
Scan a list of targets 
nmap -iL [list.txt] 
Scan a range of hosts
nmap [range of IP addresses] 
Scan an entire subnet 
nmap [IP address/cdir]
Scan random hosts
nmap -iR [number]
Excluding targets from a scan
nmap [targets] –exclude [targets]
Excluding targets using a list 
nmap [targets] –excludefile [list.txt
Perform an aggressive scan
nmap -A [target]
Scan an IPv6 target
nmap -6 [target] 

Discovery Options

Perform a ping scan only
nmap -sP [target]
Don’t ping 
nmap -PN [target] 
TCP SYN Ping
nmap -PS [target] 
TCP ACK ping 
nmap -PA [target]
UDP ping
nmap -PU [target]
SCTP Init Ping
nmap -PY [target]
ICMP echo ping 
nmap -PE [target] 
ICMP Timestamp ping
nmap -PP [target] 
ICMP address mask ping
nmap -PM [target]
IP protocol ping 
nmap -PO [target]
ARP ping
nmap -PR [target] 
Traceroute
nmap –traceroute [target] 
Force reverse DNS resolution
nmap -R [target] 
Disable reverse DNS resolution
nmap -n [target]
Alternative DNS lookup
nmap –system-dns [target] 
Manually specify DNS servers
nmap –dns-servers [servers] [target]
Create a host list
nmap -sL [targets] 

Firewall Evasion Techniques

Fragment packets
nmap -f [target]
Specify a specific MTU
nmap –mtu [MTU] [target]
Use a decoy
nmap -D RND: [number] [target]
Idle zombie scan
nmap -sI [zombie] [target]
Manually specify a source port
nmap –source-port [port] [target] 
Append random data 
nmap –data-length [size] [target]
Randomize target scan order
nmap –randomize-hosts [target] 
Spoof MAC Address
nmap –spoof-mac [MAC|0|vendor] [target]
Send bad checksums
nmap –badsum [target]

Version Detection

Operating system detection
nmap -O [target]
Attempt to guess an unknown 
nmap -O –osscan-guess [target] 
Service version detection
nmap -sV [target] 
Troubleshooting version scans
nmap -sV –version-trace [target] 
Perform a RPC scan
nmap -sR [target] 

Output Options

Save output to a text file 
nmap -oN [scan.txt] [target] 
Save output to a xml file
nmap -oX [scan.xml] [target] 
Grepable output
nmap -oG [scan.txt] [target] 
Output all supported file types
nmap -oA [path/filename] [target] 
Periodically display statistics
nmap –stats-every [time] [target] 
133t output
nmap -oS [scan.txt] [target] 

Ndiff

Comparison using Ndiff 
ndiff [scan1.xml] [scan2.xml] 
Ndiff verbose mode 
ndiff -v [scan1.xml] [scan2.xml]
XML output mode
ndiff –xml [scan1.xm] [scan2.xml] 

Nmap Scripting Engine

Execute individual scripts
nmap –script [script.nse] [target]
Execute multiple scripts
nmap –script [expression] [target] 
Execute scripts by category
nmap –script [cat] [target] 
Execute multiple scripts categories
nmap –script [cat1,cat2, etc] 
Troubleshoot scripts
nmap –script [script] –script-trace [target]
Update the script database
nmap –script-updatedb 

Script categories

all
auth
default
discovery 
external 
intrusive 
malware 
safe
vuln 

References:


Conclusion

In the realm of cybersecurity and network management, Nmap is a stalwart tool, renowned for its versatility and reliability. From basic host discovery to complex vulnerability assessments, Nmap empowers security professionals and network administrators to understand and secure their networks effectively.

However, its power comes with great responsibility. Using Nmap without proper authorization can lead to legal consequences and ethical dilemmas. Therefore, whether you're a seasoned security expert or just starting on your journey, remember to use Nmap wisely, and always adhere to the principles of responsible hacking and ethical network scanning.


Dr. Pinnacle can help you implement AI/ML and information security solutions. We have a deep understanding of AI/ML/Information security solutions and the challenges that organisations face in implementing it. We have a proven track record of success in helping organisations implement AI/ML and information security solutions.

Contact us(info@drpinnacle.com) today to learn more about how we can help you implement AI/ML and information security solutions.


5 views0 comments

Comments


bottom of page