Mastering Network Scanning: Exploring Essential Nmap Commands (Part -2) :-

6 months ago 51

BOOK THIS SPACE FOR AD

ARTICLE AD

Using the -sS switch with nmap allows you to perform a TCP SYN Scan with this command.# nmap -v -sS -p 23 <Target_Ip>Using the -sT switch with nmap enables you to perform a TCP Connect Scan with this command.# nmap -v -sT -p 23 <Target_Ip>Using the -sA switch with nmap allows you to perform a TCP Ack Scan with this command.# nmap -v -sA -p 23 <Target_Ip>Using the -sW switch with nmap allows you to perform a TCP Window Scan with this command.# nmap -v -sW -p 23 <Target_Ip>Using the -sM switch with nmap enables you to perform a TCP Maimon Scan with this command.# nmap -v -sM -p 23 <Target_Ip>Using the -sU switch with nmap allows you to perform a UDP Scan with this command.# nmap -v -sU -p 23 <Target_Ip>Using the -sN switch with nmap enables you to perform a TCP Null Scan with this command.# nmap -v -sN -p 23 <Target_Ip>Using the -sI switch with nmap enables you to perform an Idle scan with this command, specifying a zombie host and optional probe port.# nmap -v -Pn -sI <Target_Ip>Using the -sF switch with nmap allows you to perform a TCP Fin Scan with this command.# nmap -v -sF <Target_Ip>Using the -sX switch with nmap enables you to perform a TCP Xmas Scan with this command.# nmap -v -sX <Target_Ip>Using the — scanflags switch with nmap allows you to customize TCP scan flags with this command.# nmap -v -p 23 --scanflags=SYN <Target_Ip>Using the -sO switch with nmap allows you to perform an IP protocol scan with this command.# nmap -sO <Target_Ip>Using the -sY switch with nmap allows you to perform an SCTP INIT scan with this command.# nmap -v -sY -p 23 <Target_Ip>Using the -sZ switch with nmap allows you to perform COOKIE-ECHO scans with this command.# nmap -v -sZ -p 23 <Target_Ip>

Nmap can determine the version and type of services running on open ports, aiding in vulnerability assessment and software inventory management.

Using the -sV switch with nmap allows you to perform version detection with this command.# nmap -v -p 23,80 -sV <Target_Ip>Using the — version-intensity switch with nmap allows you to set the version intensity from 0 (light) to 9 (try all probes) with this command.# nmap -v -sT -Pn -sV --version-intensity 0 <Target_Ip>Using the — version-all switch with nmap allows you to try every single probe (intensity 9) for version detection with this command.# nmap -v -sT -Pn -sV --version-all -p 80 <Target_Ip>Using the — version-light switch with nmap allows you to limit version detection to the most likely probes (intensity 2) with this command.# nmap -v -sT -Pn -sV --version-light -p 80 <Target_Ip>Using the — version-trace switch with nmap allows you to show detailed version scan activity (for debugging) with this command.# nmap -v -sT -Pn -sV --version-trace -p 80 <Target_Ip>

Nmap can guess the operating system of target hosts based on subtle differences in network stack behavior, helping administrators tailor their security measures accordingly.

Using the -O switch with nmap enables OS detection with this command.# nmap -v -sT -sV -O -p- <Target_Ip>You can use The -A switch with nmap to enable OS detection, version detection, script scanning, and traceroute in the output scan.# nmap -A <Target_Ip>Using the -h switch with Nmap in the output scan prints this help summary page.# nmap -hUsing the -f switch with nmap allows you to fragment packets for transmission with this command.# nmap -v -Pn -f -p 80,445 <Target_Ip># nmap -v -Pn -ff -p 80,445 <Target_Ip>Using the — mtu switch with nmap allows you to define the packet size with this command.# nmap -v -Pn --mtu 8 -p 80,445 <Target_Ip>Using the -D switch with nmap allows you to cloak a scan with decoys with this command.# nmap -v -Pn <Target_Ip> -D <Decoy1>,<Decoy2> -p 8080Using the — spoof-mac switch with nmap allows you to spoof your MAC address with this command.nmap --spoof-mac 00:11:22:33:44:55 <Target_Ip>Using the -g / — source-port switch with nmap allows you to change the source port with this command.# nmap -v -Pn -g 4455 -p 8080,445 <Target_Ip> -nUsing the — data switch with nmap allows you to append a custom payload to sent packets with this command.# nmap -v -Pn --data 414141 -p 8080,445 <Target_Ip>Using the — data-string switch with nmap allows you to append a custom ASCII string to sent packets with this command.# nmap -v -Pn --data-string demo -p 8080,445 <Target_Ip>Using the — data-length switch with nmap allows you to append random data to sent packets with this command.# nmap -v -Pn --data-length 128 -p 8080,445 <Target_Ip>Using the — ttl switch with nmap allows you to set the IP time-to-live field with this command.# nmap -v -Pn --ttl 50 -p 8080,445 <Target_Ip>Using the -T switch with nmap allows you to set the timing template (higher is faster) with this command.# nmap -v -Pn -T 4 -p- <Target_Ip>Using the — max-rate switch with nmap allows you to send packets no faster than a specified rate per second with this command.# nmap --max-rate <packets per second> <Target_Ip>Using the — min-rate switch with nmap allows you to send packets no slower than a specified rate per second with this command.# nmap --min-rate <packets per second> <Target_Ip>

Nmap features a powerful scripting engine (Nmap Scripting Engine or NSE) that allows users to automate tasks, create custom scripts, and perform advanced network analysis.

# cd /usr/share/nmap/scriptsUsing the -sC switch with nmap is equivalent to running a default script scan with the — script=default option.# nmap -v -sT -sC -A -O -p- <Target_Ip># nmap -v -sT -sV -A -O --script=http-security-headers.nse -p 80 <Target_Ip># nmap -v -sT -sV -A -O --script=smtp-enum-users.nse -p 25 <Target_Ip>Single Script Scan:# nmap --script <script-name> <target>

2. Multiple Scripts Scan:

# nmap --script <script1>,<script2>,<script3> <target>

3. Script Category Scan:

# nmap --script <category> <target>

4. Script Argument Scan:

# nmap --script <script-name> --script-args <arguments> <target>

5. Scan Results Output:

# nmap -oN output.txt --script <script-name> <target>

Read Entire Article