Finseckto tutorials

Knowledge base

Firewall bar

Development program

This page was already viewed 354times

NMAP command examples (linux)

A list of NMAP commands & example which allows to scan, audit and analyse network devices

Summary

[I] General presentation
[II] Standard detections
[III] OS scanning
[IV] Custom scanning

[I] General presentation

*What is NMAP?

The first step in the methodology for active hacking (a.k.a cyber kill-chain) is to gather as much as possible information on the remote targeted device. NMAP is a very well-known free port scanner allowing auditers, admin-sys and hackers to quickly monitor and get information on the network and devices cybersecurity. Designed for the detection of open ports, services identification and even OS detection on remote network hosts, it also allows much more features thanks to its NSE scripting technology.

The following article presents various map commands for scanning a remote device and getting information.

[II] Standard detection

*Exhaustive search

The following command shows the usage of the -A option which enables OS detection, version detection, script scanning, and traceroute

auditer@linux:#
nmap -A 192.168.0.1

*discret scan

Various cyberdefense policies and tools actively monitors their network by detecting the usage of NMAP. The following command enable a more discret scan with an half-open ports technique.

auditer@linux:#
nmap -sS 192.168.0.1

*Network scan

Analysing a single host is nice, but auditing an entire network is better. The following command allows to check for every devices in a network.

auditer@linux:#
nmap -sP 192.168.0.0/24

[III] OS scanning

As previously mentioned, NMAP implements various features for a remote host OS type detection

*Standard OS detection

The following command perform a standard OS detection of the remote target

auditer@linux:#
nmap -O 192.168.0.1

*OS detection with guessing

The following command enables a deeper OS detection by guessing techncs depending of the remote target comportment

auditer@linux:#
nmap -O --fuzzy 192.168.0.1

[IV] Custom scanning

*scanning aggressivity

More a scan is aggressive, more information may be harvested, however at a price of discretion. A more discret scan would be more long, less detected by IDS, but less information could be retrieved

The following command configures the scanning method as paranoid.

auditer@linux:#
nmap -T0 192.168.0.1

The following command configures the scanning method as sneaky.

auditer@linux:#
nmap -T1 192.168.0.1

The following command configures the scanning method as polite.

auditer@linux:#
nmap -T2 192.168.0.1

The following command configures the scanning method as normal.

auditer@linux:#
nmap -T3 192.168.0.1

The following command configures the scanning method as agressive.

auditer@linux:#
nmap -T4 192.168.0.1

The following command configures the scanning method as insane.

auditer@linux:#
nmap -T5 192.168.0.1