Nmap
Quick start
Scan Types
Syn Scan (Stealth scan)
Syn Scan: https://nmap.org/book/synscan.html
UDP Scan
Scan ports
Nmap per default only scans the first 1000 ports
Scans all ports
OS Detection
Service Version Detection
Verbose (When you want to see what nmap is doing)
Agressive Scan
Enables OS detection (-O), version scanning (-sV), script scanning (-sC) and traceroute (--traceroute)
Scan Timing templates
T1 - T5 (where T5 is the fastest Method)
Scan without Ping
Default behavior: nmap first tries to ping the host, if the ping fails nmap skips it.
Nmap with scripts
Locate Nmap scripts
Scan with default scripts
Select specific script
Run all scripts out of the vulnerability category
Banner Grabbing
Wildcard
Output
For XML output
Normal output
Enumerate SMB
RPC
Last updated