November 21, 2024

Scan all ports on target host

sudo nmap -p- -T4 [target]

Scan specific ports on target

sudo nmap -p80,443,21-23 -sV -T4 [target]

Scan for OS detection

sudo nmap -O -T4 [target]

Here are some additional Nmap commands:

For stealth scan (SYN scan):

sudo nmap -sS [target]

For UDP scan:

sudo nmap -sU [target]

For TCP connect scan:

sudo nmap -sT [target]

For TCP NULL, FIN, and Xmas scans:

sudo nmap -sN -sF -sX [target]

For IP protocol scan:

sudo nmap -sO [target]

For version detection:

sudo nmap -sV [target]

For traceroute:

sudo nmap –traceroute [target]

For OS detection:

sudo nmap -O [target]

For scripts scan:

sudo nmap –script [target]

sudo nmap -sS -sU -T4 [target]

Scan top 1000 ports on target host/network

sudo nmap -sS -sU -p 1-1000 -T4 [target]

Scan all ports on target host

sudo nmap -p- -T4 [target]

Scan specific ports on target

sudo nmap -p80,443,21-23 -sV -T4 [target]

Scan for OS detection

sudo nmap -O -T4 [target]

Here are some additional Nmap commands:

For stealth scan (SYN scan):

sudo nmap -sS [target]

For UDP scan:

sudo nmap -sU [target]

For TCP connect scan:

sudo nmap -sT [target]

For TCP NULL, FIN, and Xmas scans:

sudo nmap -sN -sF -sX [target]

For IP protocol scan:

sudo nmap -sO [target]

For version detection:

sudo nmap -sV [target]

For traceroute:

sudo nmap –traceroute [target]

For OS detection:

sudo nmap -O [target]

For scripts scan:

sudo nmap –script [target]

Here are some additional tips for Nmap scanning:

Use -Pn to skip ping scan and not determine if hosts are up. This is good for stealth scanning.

Use –randomize-hosts to randomize the scanning order of hosts. This can prevent some IDS from detecting the scan.

Use -D RND:10.1.1.1-10.1.1.254 to perform decoy scanning. This can confuse the target about your real IP address.

Use -f to fragment the packets (often avoided by firewalls).

Use –data-length x where x is the number of random data bytes to put in each packet. This can bypass some firewalls.

Use –scan-delay msec and –max-retries n to adjust timing options for stealthier scanning.

Use –badsum to perform checksum invalid UDP scanning to confuse target.

Use -n to avoid DNS resolution to prevent DNS leaks.

Use -v for verbose mode, -d for debug mode.

Use –release-memory to free up memory on Nmap after scan completes.

Use man nmap for help and full list of options.

sudo nmap -sS -sU -T4 [target]

Scan top 1000 ports on target host/network

sudo nmap -sS -sU -p 1-1000 -T4 [target]

Scan all ports on target host

sudo nmap -p- -T4 [target]

Scan specific ports on target

sudo nmap -p80,443,21-23 -sV -T4 [target]

Scan for OS detection

sudo nmap -O -T4 [target]

Here are some additional Nmap commands:

For stealth scan (SYN scan):

sudo nmap -sS [target]

For UDP scan:

sudo nmap -sU [target]

For TCP connect scan:

sudo nmap -sT [target]

For TCP NULL, FIN, and Xmas scans:

sudo nmap -sN -sF -sX [target]

For IP protocol scan:

sudo nmap -sO [target]

For version detection:

sudo nmap -sV [target]

For traceroute:

sudo nmap –traceroute [target]

For OS detection:

sudo nmap -O [target]

For scripts scan:

sudo nmap –script [target]

Here are some additional Nmap commands:

For stealth scan (SYN scan):

sudo nmap -sS [target]

For UDP scan:

sudo nmap -sU [target]

For TCP connect scan:

sudo nmap -sT [target]

For TCP NULL, FIN, and Xmas scans:

sudo nmap -sN -sF -sX [target]

For IP protocol scan:

sudo nmap -sO [target]

For version detection:

sudo nmap -sV [target]

For traceroute:

sudo nmap –traceroute [target]

For OS detection:

sudo nmap -O [target]

For scripts scan:

sudo nmap –script [target]

Here are some additional tips for Nmap scanning:

Use -Pn to skip ping scan and not determine if hosts are up. This is good for stealth scanning.

Use –randomize-hosts to randomize the scanning order of hosts. This can prevent some IDS from detecting the scan.

Use -D RND:10.1.1.1-10.1.1.254 to perform decoy scanning. This can confuse the target about your real IP address.

Use -f to fragment the packets (often avoided by firewalls).

Use –data-length x where x is the number of random data bytes to put in each packet. This can bypass some firewalls.

Use –scan-delay msec and –max-retries n to adjust timing options for stealthier scanning.

Use –badsum to perform checksum invalid UDP scanning to confuse target.

Use -n to avoid DNS resolution to prevent DNS leaks.

Use -v for verbose mode, -d for debug mode.

Use –release-memory to free up memory on Nmap after scan completes.

Use man nmap for help and full list of options.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

About Author

Hack2Report Admin

See author's posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

OWASP Top 10 Vulnerabilities in 2021: How to Mitigate Them?

OWASP Top 10 Vulnerabilities in 2021: How to Mitigate Them?

Network PenTest

Network PenTest

API Pentest Document

API Pentest Document

How to Think Like a Hacker and Stay Ahead of Threats

How to Think Like a Hacker and Stay Ahead of Threats

You may have missed

Process flow vs Data flow diagrams for threat modeling.

Process flow vs Data flow diagrams for threat modeling.

Hunting Malware with Windows Sysinternals — Process Explorer

Hunting Malware with Windows Sysinternals — Process Explorer

Does Your Help Desk Know Who’s Calling?

Does Your Help Desk Know Who’s Calling?

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware

OWASP Top 10 Vulnerabilities in 2021: How to Mitigate Them?

OWASP Top 10 Vulnerabilities in 2021: How to Mitigate Them?