Nmap switches Flashcards

1
Q

‘nmap 192.168.1.1’

A

Scans a single IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

‘nmap 192.168.1.1 192.168.2.1’

A

Scans specified IPs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

‘nmap 192.168.1.1-254’

A

Scans the range

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

‘nmap scanme.nmap.org’

A

Scans the scanme.nmap.org domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

‘nmap 192.168.1.0/24’

A

Scans using the CIDR notation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

‘nmap -iL targets.txt’

A

Scans targets from the targets.txt file

-iL switch is ‘Input List’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

‘nmap -iR 100’

A

Scans 100 random targets

-iR switch chooses a certain number of random targets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

‘nmap –exclude 192.168.1.1’

A

Excludes listed hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

‘nmap 192.168.1.1 -sS’

A

TCP SYN port scan (Default)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

‘nmap 192.168.1.1 -sT’

A

TCP connect port scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

‘nmap 192.168.1.1 -sU’

A

UDP Port Scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

‘nmap 192.168.1.1 -sA’

A

TCP ACK Port Scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

‘nmap 192.168.1.1 -sW’

A

TCP Window port scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

‘nmap 192.168.1.1 -sM’

A

TCP Maimon Port Scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

‘nmap 192.168.1.1 -p 21’

A

Port scan for port 21

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

‘nmap 192.168.1.1 -p 21-100’

A

Scans port range 21-100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

nmap 192.168.1.1 -p U:53,T:21,80’

A

Scans UDP port 53 and TCP Port 21 and 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

‘nmap 192.168.1.1 192.168.1.1 -p-‘

A

Port scans all ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

‘nmap 192.168.1.1 -p http,https’

A

Port scan for service names

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

‘nmap 192.168.1.1 -F’

A

Fast port scan (100 ports)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

‘nmap 192.168.1.1 –top-ports 2000’

A

Port scan the top x ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

‘nmap 192.168.1.1 -p-65535’

A

Leaving off initial port in range makes the scan start at port 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

‘nmap 192.168.1.1 -p0-‘

A

Leaving off end port in rage makes the scan through to port 65535

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

‘nmap 192.168.1.1 -sV’

A

Attempts to determine the version of the service running on the port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
'nmap 192.168.1.1 -sV --version-intensity 8'
Intensity level 0 to 9. | Higher number increases possibility of correctness
26
'nmap 192.168.1.1 -sV --version-light'
Enables light mode. Lower possibility of correctness. Faster
27
'nmap 192.168.1.1 --version-all'
Enable intensity level 9. Higher possibility of correctness. Slower
28
'nmap 192.168.1.1 -A'
Enables OS detection, version detection, script scanning and traceroute
29
'nmap 192.168.1.1 -O'
Remote OS detection using TCP/IP stack fingerprinting
30
'nmap 192.168.1.1 -O --osscan-limit'
If at least one open and one closed TCP port are not found it will not try to detect OS against the host
31
'nmap 192.168.1.1 -O --sscan-guess'
Makes Nmap guess more aggressively
32
'nmap 192.168.1.1 -O --max-os-tries 1'
Set the maximum number x of OS detection tries against a target
33
'nmap 192.168.1.1 -A'
Enables oS detection, version detection, script scanning and traceroute
34
'nmap 192.168.1.1 -T0'
Paranoid (P) Intrusion detection system evasion
35
'nmap 192.168.1.1 -T1'
Sneaky (1) Intrusion Detection System evasion
36
'nmap 192.168.1.1 -T2'
Polite (2) slows down the scan to use less bandwidth and use less target machine resources
37
'nmap 192.168.1.1 -T3'
Normal (3) which is default spped
38
'nmap 192.168.1.1 -T4'
Aggressive (4) speeds scans; assumes you are on a reasonably fast and reliable network
39
'nmap 192.168.1.1 -T5'
Insane (5) speeds scan; assumes you are on an extraordinary fast network
40
'nmap --host-timeout
Give up on target after this long Acceptable input examples: 1s;4m;2h
41
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout
Specifies probe round trip time Acceptable input examples: 1s;4m;2h
42
--min-hostgroup/max-hostgroup
Parallel host scan group sizes Input examples: 50;1024
43
--min-parallelism/max-parraellelism
Probe parallelization Input examples: 10;1
44
--scan-delay/--max-scan-delay (time)
Adjust delay between probes Input examples: 20ms;2s;4m;5h
45
--max-retries
Specify the maximum number of port scans probe retransmission's Input examples: 1-100
46
--min-rate
Send packets no slower than per second
47
--max-rate
Send packets no faster than < number> per second
48
'nmap 192.168.1.1 -sC'
Scan with default NSE scripts | Considered useful for discovery and safe
49
'nmap 192.168.1.1 --script default'
Scan with default NSE scripts. | Considered useful for discovery and safe
50
'nmap 192.168.1.1 --script=banner'
Scan with a single script. | Example banner
51
'nmap 192.168.1.1 --script=http*'
Scan with a wildcard | Example http
52
'nmap 192.168.1.1 --script=http,banner'
Scan with two scripts. Example http and banner
53
'nmap 192.168.1.1 --script "not intrusive"
Scan default, but remove intrusive scripts
54
'nmap --script snmp-sysdescr --script-args snmpcommunity=admin 192.168.1.1'
NSE script with arguments
55
'nmap -Pn --script=http-sitemap-generator scanme.nmap.org'
http site map generator
56
'nmap -n -Pn -p 80 --open -sV -vvv --script banner, http-title -iR 1000'
Fast search for random web servers
57
nmap -Pn --script=dns-brute domain.com
Brute forces DNS hostname guessing subdomains
58
nmap -n -Pn -vv -O -sV --script smb-enum*,smb-ls,smb-mbenum,smb-os-discovery,smb-s*,smb-vuln*,smbv2* -vv 192.168.1.1
Safe SMB scripts to run
59
nmap --script whois* domain.com
Whois query
60
nmap -p80 --script http-unsafe-output-escaping scanme.nmap.org
Detect cross site scripting vulnerabiltiies
61
nmap -p80 --script http-sql-injection scanme.nmap.org
Check for SQL injections
62
nmap 192.168.1.1 -f
``` Requested scan (including ping scans) use tiny fragmented IP packets. Harder for packet filters ```
63
nmap 192.168.1.1 --mtu 32
Set your own offset size
64
nmap -D 192.168.1.101,192.168.1.102, | 192.168.1.103,192.168.1.23 192.168.1.1
Send scans from spoofed IPs
65
nmap -D decoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4 remote-host-ip
Above example explained
66
nmap -S www.microsoft.com www.facebook.com
Scan Facebook from Microsoft (-e eth0 -Pn may be required)
67
nmap --proxies http://192.168.1.1:8080, http://192.168.1.2:8080 192.168.1.1
Relay connections through HTTP/SOCKS4 proxies
68
nmap --data-length 200 192.168.1.1
Appends random data to sent packets
69
nmap 192.168.1.1 -oN normal.file
Normal output to the file normal.file
70
nmap 192.168.1.1 -oX xml.file
XML output to the file xml.file
71
nmap 192.168.1.1 -oG grep.file
Grepable output to the file grep.file
72
nmap 192.168.1.1 -oA results
Output in the three major formats at once
73
nmap 192.168.1.1 -oG -
Grepable output to screen. -oN -, -oX - also usable
74
nmap 192.168.1.1 -oN file.file --append-output
Append a scan to a previous scan file
75
nmap 192.168.1.1 -v
Increase the verbosity level (use -vv or more for greater effect)
76
nmap 192.168.1.1 -d
Increase debugging level (use -dd or more for greater effect)
77
nmap 192.168.1.1 --reason
Display the reason a port is in a particular state, same output as -vv
78
nmap 192.168.1.1 --open
Only show open (or possibly open) ports
79
nmap 192.168.1.1 -T4 --packet-trace
Show all packets sent and received
80
nmap --iflist
Shows the host interfaces and routes
81
nmap --resume results.file
Resume a scan
82
nmap -p80 -sV -oG - --open 192.168.1.1/24 | grep open
Scan for web servers and grep to show which IPs are running web servers
83
nmap -iR 10 -n -oX out.xml | grep "Nmap" | cut -d " " -f5 > live-hosts.txt
Generate a list of the IPs of live hosts
84
nmap -iR 10 -n -oX out2.xml | grep "Nmap" | cut -d " " -f5 >> live-hosts.txt
Append IP to the list of live hosts
85
ndiff scanl.xml scan2.xml
Compare output from nmap using the ndif
86
xsltproc nmap.xml -o nmap.html
Convert nmap xml files to html files
87
grep " open " results.nmap | sed -r 's/ +/ /g' | sort | uniq -c | sort -rn | less
Reverse sorted list of how often ports turn up
88
nmap -6 2607:f0d0:1002:51::4
Enable IPv6 scanning
89
nmap -h
nmap help screen
90
nmap -iR 10 -PS22-25,80,113,1050,35000 -v -sn
Discovery only on ports x, no port scan
91
nmap 192.168.1.1-1/24 -PR -sn -vv
Arp discovery only on local network, no port scan
92
nmap -iR 10 -sn -traceroute
Traceroute to random targets, no port scan
93
nmap 192.168.1.1-50 -sL --dns-server 192.168.1.1
Query the Internal DNS for hosts, list targets only