Here I will post some reminders for myself about NMAP, so I took the liberty to call this a little NMAP Cheat Sheet
What is NMAP
Nmap is an awesome tool to do network reconnaissance.
NMAP, short for Network Mapper, is a popular open-source tool used for network discovery and security auditing. It allows users to scan networks to identify hosts, services, and open ports. NMAP can be used to:
- Host Discovery: Identify live hosts on a network.
- Port Scanning: Discover open ports and services running on those ports.
- Service Enumeration: Determine the versions of services running on discovered ports.
- OS Detection: Guess the operating system of remote hosts.
- Vulnerability Scanning: Identify potential vulnerabilities based on the services and versions detected.
NMAP is highly flexible and can be customized with various scan techniques and options to gather detailed information about network assets. It’s widely used by network administrators, security professionals, and hackers alike for both legitimate and malicious purposes.
-sV command
Adding -sV to your Nmap command will collect and determine service and version information for the open ports. Be aware that, as it is a Unix command, this is case-sensitive. -sv per example will not work.
-p command
| Nmap flag | Description |
| -sV | Attempts to determine the version of the services running |
| -p <x> or -p- | Port scan for port <x> or scan all ports |
| -Pn | Disable host discovery and scan for open ports |
| -A | Enables OS and version detection, executes in-build scripts for further enumeration |
| -sC | Scan with the default Nmap scripts |
| -v | Verbose mode |
| -sU | UDP port scan |
| -sS | TCP SYN port scan |