henri · January 29, 2025 22:08
diff --git a/nmap_basic_cheat_sheet.txt b/nmap_basic_cheat_sheet.txt
 #################
 ### using nmap
 #################

 # locate free IP addresses (powered off systems or non ARP reply will not be spotted) within a network - change network scan as needed 
 sudo nmap -v -sn -n 192.168.1.0/24 -oG - | awk '/Status: Down/{print $2}'  

 # reverse of above show the hosts which are up 
 sudo nmap -v -sn -n 192.168.1.0/24 -oG - | awk '/Status: Up/{print $2}'  

 # super quick ping responses hosts that are up with FQDN if availible 
 nmap  -sP 192.168.1.0/24 -oG -

 # basic nmap scan - local host + a little more info below if needed + again little more information ... etc
 nmap 127.0.0.1
 nmap -sV localhost
 nmap Pn --script=vuln 127.0.0.1
 nmap -p- 127.0.0.1

 # check if a specific UDP port is open on a host
 sudo nmap -sU -p <portnumber> <hostname>

 # check host for open ports between 1 and 200
 nmap -p 1-200 <hostname>

 # check host for enabled options 
 nmap --script ssh2-enum-algos -sV -p <port> <host>


 #################
 ### using nc
 #################

 # scan open ports 20-80 and report which ones are open on 127.0.0.1
 nc -z -v 127.0.0.1  20-80 2>&1 | grep succeeded

 # open a port on 2001
 nc -l -p 2001


 #################
 ### using ping
 #################

 # basic class c address scanning shell script repository and direct script link
 https://github.com/NiharZanwar/ping_sweep
 https://github.com/NiharZanwar/ping_sweep/blob/master/pingsweep.sh


 #################
 ### using bash (linux)
 #################

 # scan for open ports on local system from TCP port 1 to 9999
 for port in {1..9999}; do echo -n 2>/dev/null < /dev/tcp/127.0.0.1/$port && echo "$port/tcp open" ; done

 # list enabled (443) https cyphers
 nmap -sV --script ssl-enum-ciphers -p 443 <server-ip>


 #################
 ### not nmap but - list programs listening on ports
 #################

 # use netstat (add a grep if you are looking for a specific binrary and the opened ports)
 netstat -lnptu
	#################
	### using nmap
	#################

	# locate free IP addresses (powered off systems or non ARP reply will not be spotted) within a network - change network scan as needed
	sudo nmap -v -sn -n 192.168.1.0/24 -oG - \| awk '/Status: Down/{print $2}'

	# reverse of above show the hosts which are up
	sudo nmap -v -sn -n 192.168.1.0/24 -oG - \| awk '/Status: Up/{print $2}'

	# super quick ping responses hosts that are up with FQDN if availible
	nmap -sP 192.168.1.0/24 -oG -

	# basic nmap scan - local host + a little more info below if needed + again little more information ... etc
	nmap 127.0.0.1
	nmap -sV localhost
	nmap Pn --script=vuln 127.0.0.1
	nmap -p- 127.0.0.1

	# check if a specific UDP port is open on a host
	sudo nmap -sU -p <portnumber> <hostname>

	# check host for open ports between 1 and 200
	nmap -p 1-200 <hostname>

	# check host for enabled options
	nmap --script ssh2-enum-algos -sV -p <port> <host>


	#################
	### using nc
	#################

	# scan open ports 20-80 and report which ones are open on 127.0.0.1
	nc -z -v 127.0.0.1 20-80 2>&1 \| grep succeeded

	# open a port on 2001
	nc -l -p 2001


	#################
	### using ping
	#################

	# basic class c address scanning shell script repository and direct script link
	https://github.com/NiharZanwar/ping_sweep
	https://github.com/NiharZanwar/ping_sweep/blob/master/pingsweep.sh


	#################
	### using bash (linux)
	#################

	# scan for open ports on local system from TCP port 1 to 9999
	for port in {1..9999}; do echo -n 2>/dev/null < /dev/tcp/127.0.0.1/$port && echo "$port/tcp open" ; done

	# list enabled (443) https cyphers
	nmap -sV --script ssl-enum-ciphers -p 443 <server-ip>


	#################
	### not nmap but - list programs listening on ports
	#################

	# use netstat (add a grep if you are looking for a specific binrary and the opened ports)
	netstat -lnptu