Network Pentesting
Nmap Commands
Most used
nmap -T4 <target> -p- -sV -sC -v -oN "output.txt"
Basic scan of a target
# Example: nmap 192.168.1.1
nmap <target>
Scan multiple targets
# Example: nmap 192.168.1.1 192.168.1.2
nmap <target1> <target2>
Scan a range of IPs and entire subnets
# Example: nmap 192.168.1.1-50
nmap 192.168.1.1-50
# Example: nmap 192.168.1.0/24
nmap 192.168.1.0/24
Scan specific ports
# Example: nmap -p 22,80,443 192.168.1.1
nmap -p 22,80,443 <target>
Scan all ports
# Example: nmap -p- 192.168.1.1
nmap -p- <target>
Service version detection
# Example: nmap -sV 192.168.1.1
nmap -sV <target>
TCP and UDP scan
# Example: nmap -sT 192.168.1.1
nmap -sT <target>
# Example: nmap -sU 192.168.1.1
nmap -sU <target>
SYN scan (stealth)
# Example: nmap -sS 192.168.1.1
nmap -sS <target>
Aggressive scan (All scan type thrown at nmap)
# Example: nmap -A 192.168.1.1
nmap -A <target>
Version detection for a specific port
# Example: nmap -p 80 -sV 192.168.1.1
nmap -p <port> -sV <target>
Disable host discovery (ping)
# Example: nmap -Pn 192.168.1.1
nmap -Pn <target>
List targets without scanning
# Example: nmap -sL 192.168.1.0/24
nmap -sL <target>
Ping scan to determine if hosts are alive
# Example: nmap -sn 192.168.1.0/24
nmap -sn <target>
Very verbose mode
# Example: nmap -vv 192.168.1.1
nmap -vv <target>
Save output in normal format
# Example: nmap -oN output.txt 192.168.1.1
nmap -oN output.txt <target>
Run specific scripts and Vuln scripts
# Example: nmap --script http-enum 192.168.1.1
nmap --script <script> <target>
# Eaxmple: nmap --script vuln 192.168.1.1
nmap --script vuln <target>
Scan speed
# Example: nmap -T4 192.168.1.1
nmap -T4 <target>