Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
39 views

NMAP Syntax

The document provides examples of NMAP commands for different scanning purposes. It shows a ping sweep to enumerate hosts on two subnets, a basic SYN scan of a /24 network including service and operating system detection, scans to find unused ports and web applications on multiple segments, targeted scans of specific services like SMTP and TFTP, and useful additional NMAP parameters like custom DNS servers and port lists.

Uploaded by

Prasad Dhond
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
39 views

NMAP Syntax

The document provides examples of NMAP commands for different scanning purposes. It shows a ping sweep to enumerate hosts on two subnets, a basic SYN scan of a /24 network including service and operating system detection, scans to find unused ports and web applications on multiple segments, targeted scans of specific services like SMTP and TFTP, and useful additional NMAP parameters like custom DNS servers and port lists.

Uploaded by

Prasad Dhond
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

NMAP syntax

Here are some NMAP commands I use often.

Enumerating the hosts on a couple of segments

nmap -sP -oA hostlist.active 192.168.1.0/24,172.16.20.0/24

This does a PING sweep in order.


-R makes it do a reverse DNS lookup for every address, whether a host is up or
not.

A basic SYN scan of a slash 24

nmap -sS -T4 -vv -r -sV -O -n -F -oA test208 208.22.79.*

-F makes it faster by skipping most of the default ports.


-r makes it scan the ports in order.
-sV detects service versions.
-O detects OS versions.

A SYN scan to look for useless services on a bunch of


segments

nmap -sS -PN -T4 -oA echochargentest -p T:7,19 -v -r


172.16.20,21,22,5,6,7,16.*
nmap -sS -PN -T4 -oA testsmallservices -p T:7,9,13,17,19,U:7,9,13,17,19 -v -r
192.168.1.*

-PN tells it not to PING first, just check for the open ports.

Looking for web applications

nmap -PN -sT -A -p T:80,443,8080,8888,8088 -oA webapps -T4 192.168.1,2.*

Looking for certain specific services

nmap -sS -sV -PN -T4 -oA testsmtp -p T:25 -v -r 192.168.1.*


nmap -sU -sV -PN -T4 -oA tftptest -p U:69 -v -r 192.168.1.*
nmap -sSU -sV -PN -T4 -oA tftptest -p T:25,U:69 -v -r 192.168.1.*

-sS does a SYN scan; -sU does a UDP scan.


-sV does version detection.
Useful additional parameters

--dns-servers [,[,...]]
Specify your own DNS servers to use as resolvers for reverse queries
-p U:53,111,137,T:21-25,80,139,8080
Specify a list of UDP and TCP ports to scan
--version-trace
Print out extensive debugging info about what version scanning is doing.
-oN
Normal output.
-oG
Grepable output. Prints: Host, Ports, Protocols, Ignored State, OS, Seq Index, IP ID, and
Status.

You might also like