1:) nmap default scan is a syn-scan
nmap.exe -sS <hostname>
2:) to specify the number of ports to be scanned use the -p flag
nmap.exe -p1-65535
3:) alternativily to scan individual ports just use the comma delimiter
nmap.exe -p20,23,22,8080,25,443,53
4:) NMAP as a network pingsweeper
nmap.exe -sP 192.168.4.0-255
nmap.exe -sP 192.168.0-255.0-255
5:) NMAP AS A UDP PORTSCANNER
nmap.exe -sU -p1-65536 <hostname>
6:) NMAP OS FINGERPRINTING
nmap.exe -O <hostname>
7:) NMAP SPECIAL SCAN TYPES
XMAS SCAN: nmap.exe -sX <hostname>
NULL SCAN: nmap.exe -sN <hostname>
ACK SCAN : nmap.exe -sA <hostname>
FIN SCAN : nmap.exe -F <hostname>
8:) TCP /UDP version scanning (gives the version of the running services on open ports in the target system)
nmap.exe -p1-1000 -sV <hostname>
9:) NMAP Specialized Ping Scanning with -PS option (PORT SPECIFY)
nmap.exe -PS80,8080,23,53
note:scans the target machines with the specified packet ports (Default is an ICMP request)
10:) NMAP output file
nmap.exe -oN <hostname> for human readable format
nmap.exe -oX <hostname> for XML format
nmap.exe -oG <hostname> for greppable format
11:) NMAP Verbosity
nmap.exe -vv <hostname>
note: creates a more detailed log file of the scan being performed
12:) NMAP SCAN SPEED
-T --AGGRESIVE 5
-T --INSANE 4
-T --PARANOID 3
-T --SNEAKY 2
-T --POLITE 1
note: The number determines the speed of scan
13:) PORT SERVICE VERSION
nmap.exe -p1-1000 -sV <hostname>
note:enumerates the version number of a service in a specified port of the target system
14:) RESUME SCANNING BY SPECIFYING A PREVIOUS LOGFILE
nmap.exe --resume "currentscan.txt"
No comments:
Post a Comment