2014-02-02 10:57:44 +01:00
|
|
|
# nmap
|
|
|
|
|
2015-12-29 16:28:01 +01:00
|
|
|
> Network exploration tool and security / port scanner.
|
|
|
|
> Some features only activate when Nmap is run with privileges.
|
2019-01-30 12:51:51 +01:00
|
|
|
> Homepage: <https://nmap.org>.
|
2014-02-02 10:57:44 +01:00
|
|
|
|
2016-01-07 18:31:27 +01:00
|
|
|
- Try to determine whether the specified hosts are up and what are their names:
|
2014-02-02 10:57:44 +01:00
|
|
|
|
2015-12-29 16:28:01 +01:00
|
|
|
`nmap -sn {{ip_or_hostname}} {{optional_another_address}}`
|
2014-02-02 10:57:44 +01:00
|
|
|
|
2016-01-07 18:31:27 +01:00
|
|
|
- Like above, but also run a default 1000-port TCP scan if host seems up:
|
2014-02-02 10:57:44 +01:00
|
|
|
|
2015-12-29 16:28:01 +01:00
|
|
|
`nmap {{ip_or_hostname}} {{optional_another_address}}`
|
2015-12-29 01:34:45 +01:00
|
|
|
|
2016-01-21 13:21:22 +01:00
|
|
|
- Also enable scripts, service detection, OS fingerprinting and traceroute:
|
2015-12-29 01:34:45 +01:00
|
|
|
|
2015-12-29 16:28:01 +01:00
|
|
|
`nmap -A {{address_or_addresses}}`
|
2015-12-29 01:34:45 +01:00
|
|
|
|
2016-01-21 13:21:22 +01:00
|
|
|
- Assume good network connection and speed up execution:
|
2015-12-29 01:34:45 +01:00
|
|
|
|
2015-12-29 16:28:01 +01:00
|
|
|
`nmap -T4 {{address_or_addresses}}`
|
|
|
|
|
2016-01-07 18:31:27 +01:00
|
|
|
- Scan a specific list of ports (use -p- for all ports 1-65535):
|
2015-12-29 16:28:01 +01:00
|
|
|
|
2019-02-01 18:17:21 +01:00
|
|
|
`nmap -p {{port1,port2,…,portN}} {{address_or_addresses}}`
|
2015-12-29 16:28:01 +01:00
|
|
|
|
2016-01-21 13:21:22 +01:00
|
|
|
- Perform TCP and UDP scanning (use -sU for UDP only, -sZ for SCTP, -sO for IP):
|
2015-12-29 16:28:01 +01:00
|
|
|
|
|
|
|
`nmap -sSU {{address_or_addresses}}`
|
2017-10-23 23:33:57 +02:00
|
|
|
|
|
|
|
- Perform TLS cipher scan against a host to determine supported ciphers and SSL/TLS protocols:
|
|
|
|
|
|
|
|
`nmap --script ssl-enum-ciphers {{address_or_addresses}} -p 443`
|