Nmap Cheatsheet

Here is the list of most popular nmap commands that Dhound team use.

This cheatsheet first of all for us during security analysis, but you can also find here something interesting.

If you run nmap on linux, don't forget to run it with root permissions.

Nmap Port Scan example

  • Quick scan
    nmap -Pn dhound.io
  • Full TCP port scan using with service version detection
    nmap -p 1-65535 -Pn -sV -sS -T4 dhound.io
  • Scan particular ports
    nmap -Pn -p 22,80,443 dhound.io
  • Find linux devices in local network
    nmap -p 22 --open -sV

Nmap Trace traffic example

  • Trace trafic
    nmap --traceroute -p 80 dhound.io
  • Trace trafic with Geo resolving
    nmap --traceroute --script traceroute-geolocation.nse -p 80 dhound.io

Nmap Get Ip Info example

  • ISP, Country, Company
    nmap --script=asn-query dhound.io

Nmap Test SSL example

  • Get SSL Certificate
    nmap --script ssl-cert -p 443 -Pn dhound.io
  • Test SSL Ciphers
    nmap --script ssl-enum-ciphers -p 443 dhound.io

Nmap Brute Force example

  • Ftp Brute force
    nmap --script ftp-brute --script-args userdb=users.txt,passdb=passwords.txt -p 21 -Pn dhound.io
  • HTTP Basic Authentication Brute force
    nmap --script http-brute -script-args http-brute.path=/evifile-bb-demo,userdb=users.txt,passdb=passwords.txt -p 80 -Pn dhound.io
  • Wordpress Bruteforce
    nmap -sV --script http-wordpress-brute --script-args userdb=users.txt,passdb=passwords.txt,http-wordpress-brute.hostname=dhound.io,http-wordpress-brute.threads=10 -p 80 dhound.io
  • SSH Brute Force
    #use other tools like ncrack

Nmap Attacks example

  • Find vulnerabilities in safe mode
    nmap --script default,safe -Pn dhound.io
  • Find vulnerabilities in unsafe mode
    nmap --script vuln -Pn dhound.io
  • Run DDos attack
    nmap --script dos -Pn dhound.io
  • Exploit detected vulnerabilities
    nmap --script exploit -Pn dhound.io

See Also