Professional Documents
Culture Documents
Cyber Sec Nmap Cheat Sheet
Cyber Sec Nmap Cheat Sheet
Cyber Sec Nmap Cheat Sheet
HOME
ABOUT US
SERVICES
RESEARCH
COURSES
BLOG
CONTACT
Target Specification
https://www.stationx.net/nmap-cheat-sheet/ 1/14
9/5/21, 7:37 PM Nmap Cheat Sheet
Scan Techniques
Host Discovery
-Pn nmap 192.168.1.1-5 -Pn Disable host discovery. Port scan only.
Port Specification
OS Detection
https://www.stationx.net/nmap-cheat-sheet/ 3/14
9/5/21, 7:37 PM Nmap Cheat Sheet
stack fingerprinting
-O -- If at least one open and one closed
nmap 192.168.1.1 -O --
osscan- osscan-limit TCP port are not found it will not try
System evasion
-T1 nmap 192.168.1.1 -T1 Sneaky (1) Intrusion Detection System
evasion
-T2 nmap 192.168.1.1 -T2 Polite (2) slows down the scan to use
machine resources
-T3 nmap 192.168.1.1 -T3 Normal (3) which is default speed
-T4 nmap 192.168.1.1 -T4 Aggressive (4) speeds scans; assumes
reliable network
-T5 nmap 192.168.1.1 -T5 Insane (5) speeds scan; assumes you
hostgroup <size<size> sizes
https://www.stationx.net/nmap-cheat-sheet/ 4/14
9/5/21, 7:37 PM Nmap Cheat Sheet
NSE Scripts
Command Description
nmap -Pn --script=http-sitemap-generator http site map generator
scanme.nmap.org
https://www.stationx.net/nmap-cheat-sheet/ 5/14
9/5/21, 7:37 PM Nmap Cheat Sheet
Command Description
nmap -n -Pn -p 80 --open -sV -vvv --script Fast search for random web
banner,http-title -iR 1000 servers
nmap -Pn --script=dns-brute domain.com Brute forces DNS hostnames
guessing subdomains
nmap -n -Pn -vv -O -sV --script smb- Safe SMB scripts to run
enum*,smb-ls,smb-mbenum,smb-os-
discovery,smb-s*,smb-vuln*,smbv2* -vv
192.168.1.1
nmap --script whois* domain.com Whois query
nmap -p80 --script http-unsafe-output- Detect cross site scripting
escaping scanme.nmap.org vulnerabilities
nmap -p80 --script http-sql-injection Check for SQL injections
scanme.nmap.org
192.168.1.103,192.168.1.23
192.168.1.1
-D nmap -D decoy-ip1,decoy- Above example explained
ip2,your-own-ip,decoy-ip3,decoy-
ip4 remote-host-ip
-S nmap -S www.microsoft.com Scan Facebook from Microsoft (-
www.facebook.com e eth0 -Pn may be required)
-g nmap -g 53 192.168.1.1 Use given source port number
--proxies nmap --proxies Relay connections through
http://192.168.1.1:8080, HTTP/SOCKS4 proxies
http://192.168.1.2:8080
192.168.1.1
--data- nmap --data-length 200 Appends random data to sent
length 192.168.1.1 packets
https://www.stationx.net/nmap-cheat-sheet/ 6/14
9/5/21, 7:37 PM Nmap Cheat Sheet
Output
Command Description
nmap -p80 -sV -oG - --open 192.168.1.1/24 Scan for web servers and grep to
| grep open show which IPs are running web
servers
nmap -iR 10 -n -oX out.xml | grep "Nmap" Generate a list of the IPs of live
| cut -d " " -f5 > live-hosts.txt hosts
https://www.stationx.net/nmap-cheat-sheet/ 7/14
9/5/21, 7:37 PM Nmap Cheat Sheet
Command Description
nmap -iR 10 -n -oX out2.xml | grep Append IP to the list of live hosts
"Nmap" | cut -d " " -f5 >> live-hosts.txt
ndiff scanl.xml scan2.xml Compare output from nmap using
the ndif
xsltproc nmap.xml -o nmap.html Convert nmap xml files to html files
grep " open " results.nmap | sed -r 's/ +/ Reverse sorted list of how often
/g' | sort | uniq -c | sort -rn | less ports turn up
Miscellaneous Options
Command Description
nmap -iR 10 -PS22-25,80,113,1050,35000 - Discovery only on ports x, no port
v -sn scan
nmap 192.168.1.1-1/24 -PR -sn -vv Arp discovery only on local network,
no port scan
nmap -iR 10 -sn -traceroute Traceroute to random targets, no
port scan
nmap 192.168.1.1-50 -sL --dns-server Query the Internal DNS for hosts,
192.168.1.1 list targets only
https://www.stationx.net/nmap-cheat-sheet/ 8/14
9/5/21, 7:37 PM Nmap Cheat Sheet
Learn More
Nathan House
Nathan House is the founder and CEO of Station X a cyber security training and
consultancy company. He has over 25 years experience in cyber security where he
has advised some of largest companies in the world, assuring security on multi-
million and multi-billion pound projects.
Nathan is the author of the popular "The Complete Cyber
Security Course" which has been taken by over 300,000 students in 195 countries.
Winner of the AI
"Cyber Security Educator of the Year 2020" award. Over the years he has spoken at a number of
security conferences, developed free security tools, and discovered serious security vulnerabilities in
leading applications. PGP Fingerprint : CBA3FBF729FB00CB21D64FB00E7955AE6E37FEF1
https://www.stationx.net/nmap-cheat-sheet/ 9/14
9/5/21, 7:37 PM Nmap Cheat Sheet
StationX - VIP
VIP MEMBERSHIP @ T…
T…
Cyber Security
Hacking
Penetration Testing
Certifications
Linux
Networking
Cloud
and more.
LEARN MORE
https://www.stationx.net/nmap-cheat-sheet/ 10/14
9/5/21, 7:37 PM Nmap Cheat Sheet
Tweets by @GotoNathan
Nathan House
@GotoNathan
Replying to @GotoNathan
A career in cyber security is one of the best current
opportunities. Here is a great free book on starting a
career in cyber security. stationx.net/my-career-guide
#cybersec #cybersecurity #hacking #infosec #career
4 Sep 2021
Nathan House
@GotoNathan
Replying to @GotoNathan
Looking ahead...the extra $300/week in federal
unemployment benefits will expire this weekend for
all the states that hadn’t ended them early. Studies
show that it’s not likely to bring about major hiring
increases, so don’t get your hopes up for a huge jobs
rebound in September.
Recent Posts
https://www.stationx.net/nmap-cheat-sheet/ 11/14
9/5/21, 7:37 PM Nmap Cheat Sheet
Categories
Car Hacking
Cheat Sheets
Company News
General
Security Tools
Videos
https://www.stationx.net/nmap-cheat-sheet/ 12/14
9/5/21, 7:37 PM Nmap Cheat Sheet
StationX - VIP
VIP MEMBERSHIP @ T…
T…
Cyber Security
Hacking
Penetration Testing
Certifications
Linux
Networking
Cloud
and more.
LEARN MORE
CONSULTING
Audit & Compliance
Incident Response
Security Architecture
Risk Assessment
Security Training
RESERVED.
https://www.stationx.net/nmap-cheat-sheet/ 14/14