SlideShare a Scribd company logo

Nmap5.cheatsheet.eng.v1

Arduino Aficionado
Arduino Aficionado

OS Reference

Technology
1 of 1
Download to read offline
SecurityByDefault.com Target specification IP address, hostnames, networks, etc Example: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 -iL file input from list -iR n choose random targets, 0 never ending --exclude --excludefile file exclude host or list from file Port scanning techniques -sS tcp syn scan -sT tcp connect scan -sU udp scan -sY sctp init scan -sZ sctp cookie echo -sO ip protocol -sW tcp window -sN –sF -sX null, fin, xmas –sA tcp ack Port specification and scan order -p n-m range -p- all ports -p n,m,z individual -p U:n-m,z T:n,m U for udp T for tcp -F fast, common 100 --top-ports n scan the highest-ratio ports -r don’t randomize Host discovery -PS n tcp syn ping -PA n tcp ack ping -PU n udp ping -PM netmask req -PP timestamp req -PE echo req -sL list scan -PO protocol ping -PN no ping -n no DNS -R DNS resolution for all targets --traceroute: trace path to host (for topology map) -sP ping same as –PP –PM –PS443 –PA80 Service and version detection -sV: version detection --all-ports dont exclude ports --version-all try every single probe --version-trace trace version scan activity -O enable OS detection --fuzzy guess OS detection --max-os-tries set the maximum number of tries against a target Firewall/IDS evasion -f fragment packets -D d1,d2 cloak scan with decoys -S ip spoof source address –g source spoof source port --randomize-hosts order --spoof-mac mac change the src mac Timing and performance -T0 paranoid -T1 sneaky -T2 polite -T3 normal -T4 aggresive -T5 insane --min-hostgroup --max-hostgroup --min-rate --max-rate --min-parallelism --max-parallelism --min-rtt-timeout --max-rtt-timeout --initial-rtt-timeout --max-retries --host-timeout --scan-delay Output -oN normal -oX xml -oG grepable –oA all outputs Verbosity and debugging options -v Increase verbosity level --reason host and port reason -d (1-9) set debugging level --packet-trace trace packets Miscellaneous options --resume file resume aborted scan (from oN or oG output) -6 enable ipv6 scanning -A agressive same as -O -sV -sC --traceroute Interactive options v/V increase/decrease verbosity level d/D increase/decrease debugging level p/P turn on/off packet tracing Examples Quick scan nmap -T4 -F Fast scan (port80) nmap -T4 --max_rtt_timeout 200 --initial_rtt_timeout 150 --min_hostgroup 512 --max_retries 0 -n -P0 -p80 Pingscan nmap -sP -PE -PP -PS21,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 Slow comprehensive nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all Quick traceroute: nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute Scripts -sC perform scan with default scripts --script file run script (or all) --script-args n=v provide arguments --script-trace print incoming and outgoing communication

Recommended

Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Ravi Rajput
 
How to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsHow to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking Needs
DigitalOcean
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdump
Lev Walkin
 
SIP URI @ fscons 2009
SIP URI @ fscons 2009SIP URI @ fscons 2009
SIP URI @ fscons 2009
FSCONS
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filter
Giovanni Bechis
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
DefconRussia
 
2 netcat enum-pub
2 netcat enum-pub2 netcat enum-pub
2 netcat enum-pub
Cassio Ramos
 
Александр Зайцев - Port Knocking, short notes
Александр Зайцев - Port Knocking, short notes Александр Зайцев - Port Knocking, short notes
Александр Зайцев - Port Knocking, short notes
Positive Hack Days
 

Recommended

Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Nmap not only a port scanner by ravi rajput comexpo security awareness meet
Ravi Rajput
 
How to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking NeedsHow to Leverage Go for Your Networking Needs
How to Leverage Go for Your Networking Needs
DigitalOcean
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdump
Lev Walkin
 
SIP URI @ fscons 2009
SIP URI @ fscons 2009SIP URI @ fscons 2009
SIP URI @ fscons 2009
FSCONS
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filter
Giovanni Bechis
 
Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20Vm ware fuzzing - defcon russia 20
Vm ware fuzzing - defcon russia 20
DefconRussia
 
2 netcat enum-pub
2 netcat enum-pub2 netcat enum-pub
2 netcat enum-pub
Cassio Ramos
 
Александр Зайцев - Port Knocking, short notes
Александр Зайцев - Port Knocking, short notes Александр Зайцев - Port Knocking, short notes
Александр Зайцев - Port Knocking, short notes
Positive Hack Days
 
Tcpdump
TcpdumpTcpdump
Tcpdump
Mohamed Gamel
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub
Cassio Ramos
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 Mars
Rémi Dubois
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCC
Kernel TLV
 
0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions
Vlad Garbuz
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
DefconRussia
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commands
Rishu Seth
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
SSASIT
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
HackIT Ukraine
 
[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation
Florian Müller
 
Defeating the entropy downgrade attack
Defeating the entropy downgrade attackDefeating the entropy downgrade attack
Defeating the entropy downgrade attack
Seth Wahle
 
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Cisco Russia
 
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловПроблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Anthony Marchenko
 
Tcpdump
TcpdumpTcpdump
Tcpdump
Sourav Roy
 
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Cisco Russia
 
Nmap
NmapNmap
Nmap
Megha Sahu
 
Performance testing of microservices in Action
Performance testing of microservices in ActionPerformance testing of microservices in Action
Performance testing of microservices in Action
Alexander Kachur
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
 
maXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps TutorialmaXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps Tutorial
Max Kleiner
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet
Isham Rashik
 
Mac spoof avoider
Mac spoof avoiderMac spoof avoider
Mac spoof avoider
Shailesh Maurya
 
IP/MAC Addressing
IP/MAC AddressingIP/MAC Addressing
IP/MAC Addressing
Ankan Adhikari
 

More Related Content

What's hot

3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub
Cassio Ramos
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCC
Kernel TLV
 
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловПроблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Anthony Marchenko
 

What's hot (20)

Tcpdump
TcpdumpTcpdump
Tcpdump
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub
 
Humantalk Angers 14 Mars
Humantalk Angers 14 MarsHumantalk Angers 14 Mars
Humantalk Angers 14 Mars
 
Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCC
 
0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
 
Ngrep commands
Ngrep commandsNgrep commands
Ngrep commands
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
 
[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation[DSC] Introduction to Binary Exploitation
[DSC] Introduction to Binary Exploitation
 
Defeating the entropy downgrade attack
Defeating the entropy downgrade attackDefeating the entropy downgrade attack
Defeating the entropy downgrade attack
 
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
Пример отчета по анализу вредоносного кода Zeus, подготовленного Cisco AMP Th...
 
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловПроблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
Пример отчета по анализу вредоносного кода TeslaCrypt, подготовленного Cisco ...
 
Nmap
NmapNmap
Nmap
 
Performance testing of microservices in Action
Performance testing of microservices in ActionPerformance testing of microservices in Action
Performance testing of microservices in Action
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
maXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps TutorialmaXbox Starter 39 GEO Maps Tutorial
maXbox Starter 39 GEO Maps Tutorial
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet
 

Viewers also liked

A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
Mumbai Academisc
 

Viewers also liked (7)

Mac spoof avoider
Mac spoof avoiderMac spoof avoider
Mac spoof avoider
 
IP/MAC Addressing
IP/MAC AddressingIP/MAC Addressing
IP/MAC Addressing
 
Top 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to IgnoreTop 3 MAC Spoofing Challenges You Cannot Afford to Ignore
Top 3 MAC Spoofing Challenges You Cannot Afford to Ignore
 
Wlan mac-spoof
Wlan mac-spoofWlan mac-spoof
Wlan mac-spoof
 
Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6
Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6
Kendel Avaya-Fabric connect - Demo Lab Guide – Spoof Detect & SLPP-6
 
Wireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPSWireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPS
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
 

Similar to Nmap5.cheatsheet.eng.v1

Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
 

Similar to Nmap5.cheatsheet.eng.v1 (20)

Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
 
Scanning with nmap
Scanning with nmapScanning with nmap
Scanning with nmap
 
Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
 
NMAP1.ppt
NMAP1.pptNMAP1.ppt
NMAP1.ppt
 
Ethical hacking with Python tools
Ethical hacking with Python toolsEthical hacking with Python tools
Ethical hacking with Python tools
 
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
01204427-scanner.ppt
01204427-scanner.ppt01204427-scanner.ppt
01204427-scanner.ppt
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
NMap
NMapNMap
NMap
 
Network scanning
Network scanningNetwork scanning
Network scanning
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
 
Security Onion Advance
Security Onion AdvanceSecurity Onion Advance
Security Onion Advance
 
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
Nmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumerationNmap Scripting Engine and http-enumeration
Nmap Scripting Engine and http-enumeration
 
Using metasploit
Using metasploitUsing metasploit
Using metasploit
 
True stories on the analysis of network activity using Python
True stories on the analysis of network activity using PythonTrue stories on the analysis of network activity using Python
True stories on the analysis of network activity using Python
 

More from Arduino Aficionado

More from Arduino Aficionado (15)

Garagino doc
Garagino docGaragino doc
Garagino doc
 
Netfx4
Netfx4Netfx4
Netfx4
 
Ubunturef
UbunturefUbunturef
Ubunturef
 
Scala cheatsheet
Scala cheatsheetScala cheatsheet
Scala cheatsheet
 
Xm lquickref
Xm lquickrefXm lquickref
Xm lquickref
 
Html xhtml tag-sheet
Html xhtml tag-sheetHtml xhtml tag-sheet
Html xhtml tag-sheet
 
Unix command quickref
Unix command quickrefUnix command quickref
Unix command quickref
 
Ruby on rails_cheat_sheet
Ruby on rails_cheat_sheetRuby on rails_cheat_sheet
Ruby on rails_cheat_sheet
 
Pqrc 2.4-a4-latest
Pqrc 2.4-a4-latestPqrc 2.4-a4-latest
Pqrc 2.4-a4-latest
 
Matlab quickref
Matlab quickrefMatlab quickref
Matlab quickref
 
Java quickref
Java quickrefJava quickref
Java quickref
 
Eclipse emacskeybindings 3_1
Eclipse emacskeybindings 3_1Eclipse emacskeybindings 3_1
Eclipse emacskeybindings 3_1
 
Refcard en-a4
Refcard en-a4Refcard en-a4
Refcard en-a4
 
Cpp reference sheet
Cpp reference sheetCpp reference sheet
Cpp reference sheet
 
Core c sharp and .net quick reference
Core c sharp and .net quick referenceCore c sharp and .net quick reference
Core c sharp and .net quick reference
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Nmap5.cheatsheet.eng.v1

  • 1. SecurityByDefault.com Target specification IP address, hostnames, networks, etc Example: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 -iL file input from list -iR n choose random targets, 0 never ending --exclude --excludefile file exclude host or list from file Port scanning techniques -sS tcp syn scan -sT tcp connect scan -sU udp scan -sY sctp init scan -sZ sctp cookie echo -sO ip protocol -sW tcp window -sN –sF -sX null, fin, xmas –sA tcp ack Port specification and scan order -p n-m range -p- all ports -p n,m,z individual -p U:n-m,z T:n,m U for udp T for tcp -F fast, common 100 --top-ports n scan the highest-ratio ports -r don’t randomize Host discovery -PS n tcp syn ping -PA n tcp ack ping -PU n udp ping -PM netmask req -PP timestamp req -PE echo req -sL list scan -PO protocol ping -PN no ping -n no DNS -R DNS resolution for all targets --traceroute: trace path to host (for topology map) -sP ping same as –PP –PM –PS443 –PA80 Service and version detection -sV: version detection --all-ports dont exclude ports --version-all try every single probe --version-trace trace version scan activity -O enable OS detection --fuzzy guess OS detection --max-os-tries set the maximum number of tries against a target Firewall/IDS evasion -f fragment packets -D d1,d2 cloak scan with decoys -S ip spoof source address –g source spoof source port --randomize-hosts order --spoof-mac mac change the src mac Timing and performance -T0 paranoid -T1 sneaky -T2 polite -T3 normal -T4 aggresive -T5 insane --min-hostgroup --max-hostgroup --min-rate --max-rate --min-parallelism --max-parallelism --min-rtt-timeout --max-rtt-timeout --initial-rtt-timeout --max-retries --host-timeout --scan-delay Output -oN normal -oX xml -oG grepable –oA all outputs Verbosity and debugging options -v Increase verbosity level --reason host and port reason -d (1-9) set debugging level --packet-trace trace packets Miscellaneous options --resume file resume aborted scan (from oN or oG output) -6 enable ipv6 scanning -A agressive same as -O -sV -sC --traceroute Interactive options v/V increase/decrease verbosity level d/D increase/decrease debugging level p/P turn on/off packet tracing Examples Quick scan nmap -T4 -F Fast scan (port80) nmap -T4 --max_rtt_timeout 200 --initial_rtt_timeout 150 --min_hostgroup 512 --max_retries 0 -n -P0 -p80 Pingscan nmap -sP -PE -PP -PS21,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 Slow comprehensive nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all Quick traceroute: nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute Scripts -sC perform scan with default scripts --script file run script (or all) --script-args n=v provide arguments --script-trace print incoming and outgoing communication