Nmap Cheat Sheet: Essential Scans for Ethical Hackers
Introduction
In the vast expanse of the digital world, where every packet tells a story, Nmap is the hacker’s reconnaissance tool of choice. Whether mapping networks, identifying vulnerabilities, or conducting stealth scans, Nmap is a must-have for ethical hackers and security pros alike.
This cheat sheet covers the most effective Nmap commands for network discovery, vulnerability assessment, and stealth operations.
Basic Scanning
Discover Live Hosts (Ping Scan)
nmap -sn 192.168.1.0/24Scans an entire subnet and lists active devices without probing ports.
Quick Port Scan (Top 1000 Ports)
nmap 192.168.1.1Performs a fast scan of the most common 1000 TCP ports.
Full Port Scan (All 65,535 Ports)
nmap -p- 192.168.1.1Scans all possible TCP ports.
Scan Specific Ports
nmap -p 22,80,443 192.168.1.1Targets specific ports like SSH, HTTP, and HTTPS.
Detect Services & Versions
nmap -sV 192.168.1.1Identifies running services and their versions.
Detect Operating System
nmap -O 192.168.1.1Attempts OS detection using TCP/IP fingerprinting.
Advanced Scanning Techniques
Stealth Scan (SYN Scan)
nmap -sS 192.168.1.1A quieter scan that sends SYN packets and monitors responses without completing connections.
UDP Scan
nmap -sU -p 53,161 192.168.1.1Scans UDP ports like DNS (53) and SNMP (161), often overlooked attack surfaces.
Aggressive Scan (Comprehensive Information Gathering)
nmap -A 192.168.1.1Combines OS detection, version detection, script scanning, and traceroute.
Scan an Entire Subnet
nmap 192.168.1.0/24Scans all devices on a given subnet.
Scan Multiple Targets
nmap 192.168.1.1 192.168.1.2 192.168.1.3Scans multiple specific IP addresses.
Vulnerability Scanning & Firewall Evasion
Scan for Known Vulnerabilities
nmap --script=vuln 192.168.1.1Runs vulnerability detection scripts against the target.
Evade Firewalls with Fragmented Packets
nmap -f 192.168.1.1Breaks up packets to bypass basic firewall filtering.
Use Decoys to Mask Your Scan
nmap -D RND:10 192.168.1.1Generates fake scan sources to obfuscate your real IP.
Detect Firewalls & IDS Presence
nmap -sA 192.168.1.1
Sends TCP ACK packets to determine if a firewall is blocking requests.
Automating Scans with Nmap Scripting Engine (NSE)
Run a Specific Security Script
nmap --script=ssl-heartbleed 192.168.1.1Checks for Heartbleed vulnerability on SSL-enabled servers.
Run Default Security Scripts
nmap --script=default 192.168.1.1Executes Nmap’s built-in default scripts for common security checks.
Brute Force Passwords (Example: FTP)
nmap --script=ftp-brute -p 21 192.168.1.1Attempts brute-force authentication against an FTP server.
Conclusion
Nmap is an essential tool for ethical hackers, red teamers, and security researchers. From basic host discovery to advanced evasion techniques, mastering Nmap is a game-changer in reconnaissance and penetration testing.
Nmap is an essential tool for ethical hackers, red teamers, and security researchers. From basic host discovery to advanced evasion techniques, mastering Nmap is a game-changer in reconnaissance and penetration testing.
If you want to take your Nmap skills further, I cover everything from advanced scanning techniques to firewall evasion in my Nmap Masterclass. Whether you’re a beginner or looking to refine your recon game, this course will get you there.
