Nmap
https://www.kali.org/tools/nmap/ https://nmap.org/
Last updated
https://www.kali.org/tools/nmap/ https://nmap.org/
Last updated
Nmap allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what's connected, what services each host is operating, and so on. It was created by Gordon Lyon. It supports a large number of scanning techniques, such as UDP, TCP connect (), TCP SYN (half-open), and FTP. Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection.
This cheat sheet was prepared by https://www.stationx.net/nmap-cheat-sheet/. You can also check out the cheatsheet. I've attached the file below๐๐ป
-sA
ACK scan
-sF
FIN scan
-sI
IDLE scan
-sL
DNS scan (list scan)
-sN
NULL scan
-sO
Protocol scan (tests which IP protocols respond)
-sP
Ping scan
-sR
RPC scan
-sS
SYN scan
-sT
TCP connect scan
-sW
Window scan
-sX
XMAS scan
-A
OS detection, version detection, script scanning and traceroute
-PI
ICMP ping
-Po
No ping
-PS
SYN ping
-PT
TCP ping
-oA
output the results in 3 types of format(nmap, gnmap, xml)
-oN
Normal output
-oX
XML output
-T0 through -T2
Serial scans. T0 is slowest
-T3 through -T5
Parallel scans. T3 is slowest
--min-rate
Minimum packet sent for second
Using NSE we can perform specific enumeration or exploitation on a host.
We can also use nmap to discover hosts in a given IP subnet.
Note: In the upcoming section, you will learn what the nmap is and its uses are. Please refer to the below section.
-f
nmap -f 10.10.10.10
-g
nmap -g 80 10.10.10.10
Port Manipulation
-mtu
nmap -mtu 8 10.10.10.10
Crunching down Packets to 8 Byte
-D RND
nmap -D RND:10 10.10.10.10
Perform Decoy Scan and Generates Random non-reserved IP
โdata 0xdeadbeef
nmap 10.10.10.10 --data 0xdeadbeef
Send the binary data 0's and 1's
--data-string "Ph34r my l33t skills"
nmap 10.10.10.10 --data-string "Ph34r my l33t skills"
Send strings as payload
--data-length 5
nmap --data-length 5 10.10.10.10
--randomize-hosts
nmap --randomize-hosts 10.10.10.10
send request to a IP from Random non-reserved IP
--badsum
nmap --badsum 10.10.10.10
Sends Bad or Bongus TCP/USP Checksum
To bypass firewall or monitoring system is suggests to use -T0 or -T1 flags.
-T# - nmap Timing templates - optimize and speed up scanning (higher is faster)
-T0 - paranoid (possible IDS evasion, slow)
-T1 - sneaky (possible IDS evasion, slow)
-T2 - polite (less bandwidth and target machine resources, slow)
-T3 - normal (default scan)
-T4 - aggressive (reasonably fast, modern and reliable network)
-T5 - insane (extraordinarily fast network)
the lower the number the slower the scan
Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.
I strongly recomend you to go with Zenmap for the exam point of view.
When you started your exam, the first objective you have to do is that start Zenmap (GUI Version of Nmap) scan on your windows machine.
The reason is that in Parrot OS you may find it hard to parse all the IPs because the green colour with the terminal might overwhelm you. Instead, the Zenmap GUI would be useful to find out the services, OS running on that IP with a cute User Interface.
Trust me!๐ช๐ป this would be the great life-changer of your exam.
I know as a penetration tester working on the terminal is cool ๐ but in the heat of the moment, the browser-based VM would make you tense.
