Hierbij een korte nmap cheat sheet
nmap -sP = ping scan
nmap -sS = syn scan
nmap -sT = connect scan
nmap -sU = udp scan
nmap -sO = protocol scan
Daarnaast zijn er nog enkele opties beschikbaar:
-p1-65535 of -p- = al ports
-T [0-5] = 0=5, 1=15s, 2=.4s
-n = no DNS resolution
-O = os detection
-A = aggresive scan
-sV = version detection
-PN = no ping
-6 = ipv6 scan
--randomize-hosts
Uitvoer en invoer
-oX = write to XML file
-oG = write to grep file
-oA = save as all formats
-iL = read host file
-execludefile = excludes hosts in file
Geavanceerden opties
-sV -p# --script=banner
-traceroute
-ttl = set time to live
--script
Firewall ontwijking
-f = fragment packets
-S = spoof src
-g <#> = spoof src port
-D , = decoy
--mtu # = set MTU size
--spoof-mac
--data-length (append random data)
--scan-delay 5s
converteer XML bestand naar HTML
xsltproc nmap.xml -o nmap.html
genereer live host bestand
nmap -sP -n -oX out.xml 1.1.1.0/24 2.2.2.0/24 | grep "nmap" | cut -d " " -f 5 > live_hosts.txt
vergelijk nmap resultaten
ndiff scan1.xml scan2.xml
References
Red Team Field Manual