Search for connected devices in the network or all the open ports on the device:

nmap -sV -sC -oN scan.output 10.10.10.10

SCANING

  • nmap -sP 192.168.0.0/24
    • Ping scan
  • nmap -sT 10.0.0.1,10.0.0.2
    • scan most common TCP ports
  • nmap -sU 192.168.0.1
    • scan most common UDP ports
  • nmap -sS 192.168.0.1
    • scan ports Stealth mode
  • nmap -sA 192.168.0.1
    • ACK scan
  • nmap -sF 192.168.0.1
    • FIN scan
  • nmap -sI 192.168.0.1
    • IDLE scan
  • nmap -sL 192.168.0.1
    • DNS scan
  • nmap -sN 192.168.0.1
    • NULL scan
  • nmap -sO 192.168.0.1
    • Protocol scan
  • nmap -sR 192.168.0.1
    • RPC scan
  • nmap -sW 192.168.0.1
    • Windows scan
  • nmap -sX 192.168.0.1
    • XMAS scan
  • nmap -p- 192.168.0.1
    • scan all 65535 ports (takes some time)
  • nmap -p2000-3000 192.168.0.1
    • scan range of ports
  • nmap -O 192.168.0.1
    • guess the Operating System
  • nmap -A 192.168.0.1
    • series (All) of tests (takes a lot of time)
  • nmap -F 192.168.0.1
    • Fast scan
  • nmap -sV 192.168.0.1
    • service Version detection
  • nmap -sn 192.168.0.1
    • Ping only scan
  • nmap -pn 192.168.0.1
    • Do not ping.
  • nmap –traceroute 192.168.0.1
    • Traceroute
  • nmap -R 192.168.0.1
    • force Reverse DNS
  • nmap -sL 192.168.0.1
    • create a host List
  • nmap -R 192.168.0.1
  • nmap -R 192.168.0.1
  • nmap -R 192.168.0.1
  • nmap -R 192.168.0.1
  • nmap -T4 192.168.0.1
    • fast parallel speed (0 to 4)
  • nmap -oA 192.168.0.1
    • All outputs
  • nmap -oX 192.168.0.1
    • XML output format
  • nmap -oN 192.168.0.1
    • Normal output
  • nmap -oN outputFile 192.168.0.1
    • Saves the output to a file using normal output.
    • Alternatively -oX for XML, -oS for script-kiddie type, -oS for grepable output, and -oA for all types.
  • nmap -sC 192.168.0.1
    • Script scan using default, equivalent to –script=default.

Nmap Script Engine (NSE)

  • safe:- Won’t affect the target
  • intrusive:- Not safe: likely to affect the target
  • vuln:- Scan for vulnerabilities
  • exploit:- Attempt to exploit a vulnerability
  • auth:- Attempt to bypass authentication for running services (e.g. Log in to an FTP server anonymously)
  • brute:- Attempt to brute force credentials for running services
  • discovery:- Attempt to query running services for further information about the network (e.g. query an SNMP server).

COMPARING SCANS

  • ndiff -v scan2.xml scan1.xml
    • verbosely compares output files
  • ndiff –xml scan2.xml scan1.xml
    • output the comparison to XML

Take a list of networks from a file and Nmap them all using 10 parallel threads:

cat networks_list.txt | xargs -I CMD -P 10 nmap -sT -sV -sC -n -vvv -Pn -oX - CMD

Check for vulnerabilities using Nmap Scripting Engine:

sudo nmap --script vuln 192.168.0.1

ZenMap is the official GUI for NMAP. See at [Link]