Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 181 views

    Nmap6 Cheatsheet Eng v1 PDF

    Uploaded by

    Jhon Darío Montoya García
    This document provides an overview of Nmap scanning techniques and options for target specification, service/version detection, host discovery, port scanning, timing and performance, firewall/IDS evasion, verbosity and debugging, interactive options, output options, and examples of common Nmap scans. Key scanning techniques covered include TCP SYN scanning, TCP connect scanning, UDP scanning, ping scanning, version detection, and OS detection. The document also lists timing options, port specification methods, output formats, and evasion techniques such as fragmentation and spoofing.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Nmap6 Cheatsheet Eng v1 PDF

    Uploaded by

    Jhon Darío Montoya García
    181 views1 page
    This document provides an overview of Nmap scanning techniques and options for target specification, service/version detection, host discovery, port scanning, timing and performance, firewall/IDS evasion, verbosity and debugging, interactive options, output options, and examples of common Nmap scans. Key scanning techniques covered include TCP SYN scanning, TCP connect scanning, UDP scanning, ping scanning, version detection, and OS detection. The document also lists timing options, port specification methods, output formats, and evasion techniques such as fragmentation and spoofing.

    Original Title

    Nmap6 cheatsheet eng v1.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides an overview of Nmap scanning techniques and options for target specification, service/version detection, host discovery, port scanning, timing and performance, firewall/IDS evasion, verbosity and debugging, interactive options, output options, and examples of common Nmap scans. Key scanning techniques covered include TCP SYN scanning, TCP connect scanning, UDP scanning, ping scanning, version detection, and OS detection. The document also lists timing options, port specification methods, output formats, and evasion techniques such as fragmentation and spoofing.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    181 views1 page

    Nmap6 Cheatsheet Eng v1 PDF

    Uploaded by

    Jhon Darío Montoya García
    This document provides an overview of Nmap scanning techniques and options for target specification, service/version detection, host discovery, port scanning, timing and performance, firewall/IDS evasion, verbosity and debugging, interactive options, output options, and examples of common Nmap scans. Key scanning techniques covered include TCP SYN scanning, TCP connect scanning, UDP scanning, ping scanning, version detection, and OS detection. The document also lists timing options, port specification methods, output formats, and evasion techniques such as fragmentation and spoofing.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 1

    Target specification Service and version detection

    IP address, hostnames, networks, etc -sV: version detection --all-ports dont exclude por ts
    Example: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 --version-all tr y ever y single pr obe
    -iL file input fr om list -iR n choose r andom tar gets, 0 never ending --version-trace tr ace ver sion scan activity
    --exclude --excludefile file exclude host or list fr om file
    -O enable OS detection --fuzzy guess OS detection
    --max-os-tries set the maximum number of tr ies against a tar get
    Host discovery

    SecurityByDefault.com
    -PS n tcp syn ping -PA n tcp ack ping -PU n udp ping
    -PM netmask r eq -PP timestamp r eq -PE echo r eq Firewall/IDS evasion
    -sL list scan -PO pr otocol ping -Pn no ping -f fr agment packets -D d1,d2 cloack scan with decoys
    -n no DNS -R DNS r esolution for all tar gets -S ip spoof sour ce addr ess g source spoof sour ce por t
    --traceroute: tr ace path to host (for topology map) --randomize-hosts or der --spoof-mac mac change the sr c mac
    -sn ping same as PP PM PS443 PA80
    Verbosity and debugging options
    -v Incr ease ver bosity level --reason host and por t r eason
    Port scanning techniques -d (1-9) set debugging level --packet-trace tr ace packets
    -sS tcp syn scan -sT tcp connect scan -sU udp scan
    -sY sctp init scan -sZ sctp cookie echo -sO ip pr otocol
    -sW tcp window -sN sF -sX null, fin, xmas sA tcp ack
    Interactive options
    v/V incr ease/decr ease ver bosity level
    d/D incr ease/decr ease debugging level
    Port specification and scan order p/P tur n on/off packet tr acing
    -p [n-m] r ange -p- all por ts -p n,m,z individual
    -p U:n-m,z T:n,m U for udp T for tcp -F fast, common 100 Miscellaneous options
    --top-ports n scan the highest-ratio ports -r dont r andomize --resume file r esume abor ted scan (fr om oN or oG output)
    -6 enable ipv6 scanning
    -A agr essive same as -O -sV -sC --traceroute
    Timing and performance
    -T0 par anoid -T1 sneaky -T2 polite
    -T3 nor mal -T4 aggr esive -T5 insane
    Scripts
    -sC perform scan with default scripts --script file r un scr ipt (or all)
    --min-hostgroup --max-hostgroup
    --script-args n=v pr ovide ar guments --script-updatedb update the scr ipt db.
    --min-rate --max-rate
    --script-trace pr int in/out communication
    --min-parallelism --max-parallelism
    --min-rtt-timeout --max-rtt-timeout --initial-rtt-timeout Output
    --max-retries --host-timeout --scan-delay -oN nor mal -oX xml -oG gr epable oA all other s

    Examples
    Quick scan nmap -T4 -F
    Fast scan (port80) nmap -T4 --max_rtt_timeout 200 --initial_rtt_timeout 150 --min_hostgroup 512 --max_retries 0 -n -P0 -p80
    Pingscan nmap -sP -PE -PP -PS21,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4
    Slow comprehensive nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all
    Quick traceroute: nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute

    You might also like