Nmap

My notes for using Nmap

• -V Prints version number

• -A Aggressive scanning

• -v verbose

• -vv double verbose

• -oG output in greppable format. It saves the Nmap scan results in a grep-friendly plain text format

• -p [port] scans a specific port

• -p- Scan all 65,535 ports

• -sV service version detection - It attempts to detect the version of the services running on open ports of a target system.

• -F Fast scan - targets only common ports

• --open only scans open ports (fast)

• -sS Performs a SYN scan - good for stealth scanning and can't be detected,

• -sU Scans for UDP

• -sC Script scan - Nmap runs its own default scripts to gather more information

• -O OS detection

• -sT Does a full TCP 3 way handshake with the port and immediately closes it

• -sN "Ping Scan" - it tells Nmap not to perform a port scan, but instead to only discover hosts on the network. (undetectable)

• -Pn "No Ping" - tells Nmap to skip host discovery and treat all targets as online, even if they don’t respond to ping or discovery probes.

• --max-retries 0 The --max-retries 0 option in Nmap tells it to not retry sending a probe if it doesn't get a response the first time.

• -vvv max verbosity (basically shows the scanning realtime)

• -sA this type of scan is more suitable to discover firewall rule sets and configuration.