Nmap Cheatsheet

Here is the list of most popular nmap commands that Dhound team use.
This cheatsheet first of all for us during security analysis, but you can also find here something interesting.
If you run nmap on linux, don't forget to run it with root permissions.

Port scanning

Quick scannmap -Pn dhound.io
Full TCP port scan using with service version detectionnmap -p 1-65535 -Pn -sV -sS -T4 dhound.io
Scan particular portsnmap -Pn -p 22,80,443 dhound.io
Find linux devices in local networknmap -p 22 --open -sV

Trace traffic

Trace traficnmap --traceroute -p 80 dhound.io
Trace trafic with Geo resolvingnmap --traceroute --script traceroute-geolocation.nse -p 80 dhound.io

Get Ip Info

ISP, Country, Companynmap --script=asn-query dhound.io

Test SSL

Get SSL Certificatenmap --script ssl-cert -p 443 -Pn dhound.io
Test SSL Ciphersnmap --script ssl-enum-ciphers -p 443 dhound.io

Brute Force

Ftp Brute forcenmap --script ftp-brute --script-args userdb=users.txt,passdb=passwords.txt -p 21 -Pn dhound.io
HTTP Basic Authentication Brute forcenmap --script http-brute -script-args http-brute.path=/evifile-bb-demo,userdb=users.txt,passdb=passwords.txt -p 80 -Pn dhound.io
Wordpress Bruteforcenmap -sV --script http-wordpress-brute --script-args userdb=users.txt,passdb=passwords.txt,http-wordpress-brute.hostname=dhound.io,http-wordpress-brute.threads=10 -p 80 dhound.io
SSH Brute Force#use other tools like ncrack


Find vulnerabilities in safe modenmap --script default,safe -Pn dhound.io
Find vulnerabilities in unsafe modenmap --script vuln -Pn dhound.io
Run DDos attacknmap --script dos -Pn dhound.io
Exploit detected vulnerabilitiesnmap --script exploit -Pn dhound.io

See Also

Published on Apr 11, 2017