mirror of
https://github.com/chubin/cheat.sheets
synced 2024-11-15 06:12:59 +00:00
81 lines
2.0 KiB
Plaintext
81 lines
2.0 KiB
Plaintext
# Single target scan:
|
|
nmap [target]
|
|
|
|
# Scan from a list of targets:
|
|
nmap -iL [list.txt]
|
|
|
|
# Scan port for all available A records
|
|
# (useful when multiple A records are returned by the DNS server)
|
|
nmap --script resolveall \
|
|
--script-args newtargets,resolveall.hosts=[target] -p [port]
|
|
|
|
# iPv6:
|
|
nmap -6 [target]
|
|
|
|
# OS detection:
|
|
nmap -O --osscan_guess [target]
|
|
|
|
# Save output to text file:
|
|
nmap -oN [output.txt] [target]
|
|
|
|
# Save output to xml file:
|
|
nmap -oX [output.xml] [target]
|
|
|
|
# Scan a specific port:
|
|
nmap -p [port] [target]
|
|
|
|
# Do an aggressive scan:
|
|
nmap -A [target]
|
|
|
|
# Speedup your scan:
|
|
# -n => disable ReverseDNS
|
|
# --min-rate=X => min X packets / sec
|
|
nmap -T5 --min-parallelism=50 -n --min-rate=300 [target]
|
|
|
|
# Traceroute:
|
|
nmap -traceroute [target]
|
|
|
|
# Ping scan only: -sP
|
|
# Don't ping: -PN <- Useful if a host doesn't reply to a ping.
|
|
# TCP SYN ping: -PS
|
|
# TCP ACK ping: -PA
|
|
# UDP ping: -PU
|
|
# ARP ping: -PR
|
|
|
|
# Example: Ping scan all machines on a class C network
|
|
nmap -sP 192.168.0.0/24
|
|
|
|
# Force TCP scan: -sT
|
|
# Force UDP scan: -sU
|
|
|
|
# Use some script:
|
|
nmap --script default,safe
|
|
|
|
# Loads the script in the default category, the banner script,
|
|
# and all .nse files in the directory /home/user/customscripts.
|
|
nmap --script default,banner,/home/user/customscripts
|
|
|
|
# Loads all scripts whose name starts with http-,
|
|
# such as http-auth and http-open-proxy.
|
|
nmap --script 'http-*'
|
|
|
|
# Loads every script except for those in the intrusive category.
|
|
nmap --script "not intrusive"
|
|
|
|
# Loads those scripts that are in both the default and safe categories.
|
|
nmap --script "default and safe"
|
|
|
|
# Loads scripts in the default, safe, or intrusive categories,
|
|
# except for those whose names start with http-.
|
|
nmap --script "(default or safe or intrusive) and not http-*"
|
|
|
|
# Scan for the heartbleed
|
|
# -pT:443 => Scan only port 443 with TCP (T:)
|
|
nmap -T5 --min-parallelism=50 -n --script "ssl-heartbleed" -pT:443 127.0.0.1
|
|
|
|
# Show all information (debug mode)
|
|
nmap -d ...
|
|
|
|
# Discover DHCP information on an interface
|
|
nmap --script broadcast-dhcp-discover -e eth0
|