Cheatsheet
  • Documentation
  • Nmap
  • Ffuf
  • FTP
  • SMB
  • RPC
  • NFS
  • DNS
  • SMTP
  • IMAP / POP3
  • SNMP
  • SQL
  • Rsync
  • Certipy
  • CrackMapExec
  • Transferring Files
  • Windows Remote Management
  • Windows AV
  • Wordpress
  • Infrastructure Enumeration
  • Privilege Escalation
  • Docker Breakout
  • Shells
  • SSTI
  • XSS
  • Pivot
    • SSH Tunneling
    • Chisel
    • Ligolo-ng
    • Meterpreter
  • LDAP
  • Spray
  • Antivirus / EDR
  • Impacket
  • Bloodhound
  • Powershell
  • Kerberosting
  • Password Attacks
  • Command Injections
  • Sliver C2
  • Windows credentials
  • Windows persistance
  • VSCode Debug
Powered by GitBook
On this page
  • Target
  • Ports Scan
  • Scan Types
  • Services & OS Detection
  • Output Formats
  • Scripts
  • IPS / IDS Evasion
  • References

Nmap

Nmap is a free and open source tool used for vulnerability checking, port scanning and, of course, network mapping.

Target

nmap 10.10.10.10
nmap 10.10.10.1-20
nmap 10.10.10.0/24
nmap -iL list-of-ips.txt

Ports Scan

nmap -p 22 10.10.10.10
nmap -p 1-100 10.10.10.10
nmap -F 10.10.10.10
nmap -p- 10.10.10.10

Scan Types

nmap -Pn 10.10.10.10
nmap -sT 10.10.10.10
nmap -sS 10.10.10.10
nmap -sU 10.10.10.10

Services & OS Detection

nmap -A 10.10.10.10
nmap -sC 10.10.10.10
nmap -sV 10.10.10.10

Output Formats

nmap -oN target.txt 10.10.10.10
nmap -oX target.xml 10.10.10.10
nmap -oG target.txt 10.10.10.10
nmap -oA nmap/target 10.10.10.10

Scripts

nmap -sC -sV 10.10.10.10
nmap --script-help=ssl-heartbleed
nmap -–script=ssl-heartbleed.nse 10.10.10.10
nmap --script=smb* 10.10.10.10

IPS / IDS Evasion

Scan by using Decoys.

nmap 10.10.10.10 -p 80 -sS -Pn -n --disable-arp-ping --packet-trace -D RND:5

Scan by using different source IP.

nmap 10.10.10.10 -n -Pn -p 445 -O -S 10.129.2.200 -e tun0

SYN-Scan from DNS port.

nmap 10.10.10.10 -p 50000 -sS -Pn -n --disable-arp-ping --packet-trace --source-port 53

SYN-Scan of a filtered port.

nmap 10.10.10.10 -p 50000 -sS -Pn -n --disable-arp-ping --packet-trace

References

  • Hacktricks - Tcp Port Discovery

  • Hacktricks - Udp Port Discovery

  • Stationx - CheatSheet

  • Nmap - Official Website

  • Hackertarget - CheatSheet

PreviousDocumentationNextFfuf

Last updated 2 years ago