Friday, August 10, 2012

NMAP SELF STUDY GUIDE

1:) nmap default scan is a syn-scan

nmap.exe -sS <hostname>


2:) to specify the number of ports to be scanned use the -p flag

nmap.exe -p1-65535


3:) alternativily to scan individual ports just use the comma delimiter

nmap.exe  -p20,23,22,8080,25,443,53


4:) NMAP as a network pingsweeper

nmap.exe -sP 192.168.4.0-255
nmap.exe -sP 192.168.0-255.0-255



5:) NMAP AS A UDP PORTSCANNER
nmap.exe -sU -p1-65536 <hostname>


6:) NMAP OS FINGERPRINTING
nmap.exe -O <hostname>



7:) NMAP SPECIAL SCAN TYPES

XMAS SCAN: nmap.exe -sX <hostname>
NULL SCAN: nmap.exe -sN <hostname>
ACK SCAN : nmap.exe -sA <hostname>
FIN SCAN : nmap.exe -F <hostname>


8:) TCP /UDP version scanning (gives the version of the running services on open ports in the target system)


nmap.exe -p1-1000 -sV <hostname>


9:) NMAP Specialized Ping Scanning with -PS option (PORT SPECIFY)

nmap.exe -PS80,8080,23,53

note:scans the target machines with the specified packet ports (Default is an ICMP request)



10:) NMAP output file

nmap.exe -oN <hostname>  for human readable format
nmap.exe -oX <hostname> for XML format
nmap.exe -oG <hostname> for greppable format


11:) NMAP Verbosity

nmap.exe -vv <hostname>

note: creates a more detailed log file of the scan being performed


12:) NMAP SCAN SPEED

-T --AGGRESIVE 5
-T --INSANE    4
-T --PARANOID  3
-T --SNEAKY    2
-T --POLITE    1

note: The number determines the speed of scan


13:) PORT SERVICE VERSION


nmap.exe -p1-1000 -sV <hostname>


note:enumerates the version number of a service in a specified port of the target system



14:) RESUME SCANNING BY SPECIFYING A PREVIOUS LOGFILE

nmap.exe --resume "currentscan.txt"

No comments:

Post a Comment