Nmap (Network Mapper) is a powerful open-source tool for network discovery and security auditing. It’s widely used by network administrators, security professionals, and enthusiasts to scan and analyze networks. The Nmap cheat sheet provides quick reference to its commands and options:
- Basic Scanning:
nmap target: Perform a basic scan on the target host.nmap -p port target: Scan specific port(s) on the target.nmap -p- target: Scan all 65,535 ports on the target.nmap -F target: Fast scan, only the most common 100 ports.
- Host Discovery:
nmap -sn target: Ping scan to discover live hosts.nmap -sP target: ARP scan for live hosts in the local network.
- Port Scanning Techniques:
-sS: TCP SYN scan (default).-sT: TCP connect scan.-sU: UDP scan.-sF,-sX,-sN: TCP FIN, Xmas, and Null scans.
- Service and Version Detection:
nmap -sV target: Detect services and versions running on ports.nmap -sV -p port target: Specific port service detection.
- OS Detection:
nmap -O target: Attempt to determine the target’s operating system.
- Scripting:
nmap --script script-name target: Execute NSE (Nmap Scripting Engine) scripts.nmap --script-help script-name: Get help on a specific script.
- Timing and Performance:
-T0to-T5: Set timing template for scan speed.--min-hostgroupand--max-hostgroup: Control parallel hosts.
- Output Formats:
-oN,-oX,-oG: Output in normal, XML, and grepable formats.-oA base-filename: Save in all formats with specified base filename.
- Firewall Evasion:
nmap -f target: Fragment packets to bypass firewall rules.nmap --mtu value target: Set MTU for fragmented packets.
- Miscellaneous:
-v,-vv: Increase verbosity level.--traceroute: Determine the route taken to the target.--open: Show only open ports.--reason: Display the reason for port status.
Remember that Nmap should be used responsibly and only on networks you have explicit permission to scan. Unauthorized scanning can be illegal and unethical. Always refer to the official documentation for the most up-to-date information.
