Nmap
Network scanning tool with enumeration script to get detailed information about TCP/UDP ports, and the underlying system
Last updated
Network scanning tool with enumeration script to get detailed information about TCP/UDP ports, and the underlying system
Last updated
Nmap's main use case is finding open TCP ports, but while doing so, it can do much more.
-sV
, -O
: Software versions, OS detection
-Pn
, -n
: Disable ping, disable DNS resolution
-sS
, -T4
: Stealth scan (half connections, but requires sudo
), faster scanning speed
Situational options:
-p [ports]
: Specify comma-separated or ranges of ports (-p-
= all ports)
-sU
: Scan UDP instead of TCP (slower and often inconsistent)
-vv
: Verbose output while scan is running, seeing open ports before completion
10.10.10.0/24
: Subnets in target field
Tip: Nmap is a binary that cannot simply be copied over to a compromised machine to scan from there, not even when compiled statically. It requires some folders for services and scripts which it cannot find and won't run.
Some useful options include (see man nmap
and for more details):
-sC
: Run default safe
-oN [filename]
: to file
Tip: While running, there are a few useful to alter your scan:
The solution is to copy these folders over too, like done in the repository. After transferring this folder you can run ./nmap