Professional Documents
Culture Documents
Discovery Scans
1
Nmap Cheat Sheet - Page 2
-sV nmap -sV 192.168.1.50 Probe open ports for service version
-sS nmap -sS 192.168.1.50 Send TCP SYN to target for response to
check
Check for TCP 3-way handshake
■ If port is open, will respond with
SYN ACK
■ RST if port is closed
2
Nmap Cheat Sheet - Page 3
Stealth Scans
3
Nmap Cheat Sheet - Page 4
-Pn nmap -Pn -p- Skip discovery; assume all hosts are
192.168.1.0/24
online for port scan
4
Nmap Cheat Sheet - Page 5
Stealth Scans - pt 3
5
Nmap Cheat Sheet - Page 6
Stealth Scans - pt 4
--spoof-mac nmap -sT -PN --spoof- Use a bogus source hardware address;
[vendor type | mac apple 192.168.1.50
MAC address] you can specify a random MAC based
nmap -sT -PN --spoof- on vendor, or explicitly specify the
mac B7:B1:F9:BC:D4:56 MAC address
192.168.1.50
Nmap Options
6
Nmap Cheat Sheet - Page 7
nmap -6
www.example.com
nmap -6
fe80::8d50:86ce:55ad:bc
5c
-iL <input file nmap -iL /tmp/test.txt Scan hosts listed in file
name>
7
Nmap Cheat Sheet - Page 8
Nmap Options - pt 2
-iL <input file nmap -iL /tmp/test.txt Scan hosts listed in file
name>
8
Nmap Cheat Sheet - Page 9