30 Nmap Command Examples from nixCraft

Userful for Sys/Network Admins


Great post from nixCraft about the famous security tool Nmap:

The purpose of this post is to introduce a user to the nmap command line tool to scan a host and/or network, so to find out the possible vulnerable points in the hosts. You will also learn how to use Nmap for offensive and defensive purposes.

The post propose a course of 30 commands that exposes the main features of nmap:

  1. Scan a single host or an IP address (IPv4)
  2. Scan multiple IP address or subnet (IPv4)
  3. Read list of hosts/networks from a file (IPv4)
  4. Excluding hosts/networks (IPv4)
  5. Turn on OS and version detection scanning script (IPv4)
  6. Find out if a host/network is protected by a firewall
  7. Scan a host when protected by the firewall
  8. Scan an IPv6 host/address
  9. Scan a network and find out which servers and devices are up and running
  10. How do I perform a fast scan?
  11. Display the reason a port is in a particular state
  12. Only show open (or possibly open) ports
  13. Show all packets sent and received
  14. Show host interfaces and routes
  15. How do I scan specific ports?
  16. The fastest way to scan all your devices/computers for open ports ever
  17. How do I detect remote operating system?
  18. How do I detect remote services (server / daemon) version numbers?
  19. Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
  20. Scan a host using IP protocol ping
  21. Scan a host using UDP ping
  22. Find out the most commonly used TCP ports using TCP SYN Scan
  23. Scan a host for UDP services (UDP scan)
  24. Scan for IP protocol
  25. Scan a firewall for security weakness
  26. Scan a firewall for packets fragments
  27. Cloak a scan with decoys
  28. Scan a firewall for MAC address spoofing
  29. How do I save output to a text file?
  30. Not a fan of command line tools?

Yes, the last point isn’t a real command, but a tip to install a graphical frontend for Nmap, Zenmap:

$ sudo apt-get install zenmap


Comments