Skip to content

Instantly share code, notes, and snippets.

@kudosqujo
Created November 30, 2020 01:24
Show Gist options
  • Select an option

  • Save kudosqujo/808370835c49988ed36f8518da5aa6c2 to your computer and use it in GitHub Desktop.

Select an option

Save kudosqujo/808370835c49988ed36f8518da5aa6c2 to your computer and use it in GitHub Desktop.
[Nmap Cheatsheet] #cheatsheet #networking
# metasploitable IP = 10.0.0.165
nmap -sS --send-ip 10.0.0.165 # stealth scan
nmap -sT --send-ip 10.0.0.165 # tcp full connect scan
nmap -sA --send-ip 10.0.0.165 # ack scan
nmap -sX --send-ip 10.0.0.165 # xmas scan
nmap -Pn -n --send-ip -D <decoy> <target> # decoying, disable ping scanning, disable name resolution, send ICMP echo requests instead of ARP requests
nmap -e eth0 -S <spoof> <target> # spoofing
nmap -sT -p 80,443 --open 10.0.0.0/24 # scan ports 80 & 443 on every addr within the given range
nmap -sU <target> # scan UDP ports
nmap -sU -sS -p U:53,221,555,T:80,443,3389 <target> # scan both UDP and TCP ports
nmap -O -T5 -F -n <target> # OS detection w/ fastest timing, scanning only the top 100 ports (by use), skipping name resolution
nmap -sV -n -p 80 <target> # get version of services running on target machine that are using port 80
nmap -e eth0 -Pn --script vuln -p 21 10.0.0.165 # run vuln script
nmap -v -sS -T5 192.168.0.1
# -v = verbose level
# -sS = TCP SYN scan
# -T = time template for performing the scan
# -f = use fragmented IP packets
# -f --mtu = use fragmented packets & set MTU
# --send-eth = ensures that we use Ethernet level packets, bypassing the IP layer and sends raw Ethernet frames within the flow
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment