Basic Scans
Nmap
Do the following
Ping sweep first
sudo nmap <IP Address>/<Subnet> -o network.nmap
Scan top 100 TCP ports
nmap -sV -sC -sT -T4 -A --top-ports=100 --open -Pn -oN target.tcp <Target IP Address>
Scan all ports
nmap -sV -sC -sT -T4 -A -p- --open -Pn -oN target.fullnmap <Target IP Address>
Scan top 100 UDP ports
nmap -sV -sC -sU -T4 --top-ports=100 --open -Pn -oN target.udp <Target IP Address>
Network Scan
The following command scan the entire network
sudo nmap <IP Address>/<Subnet> -o network.nmap
Port Scan
The following command scan the top 100 ports of a specific IP address
sudo nmap --top-ports=100 <IP Address> -Pn -o target.openmap
The following command scan all ports of a specific IP address, outputting open ports
sudo nmap -p- --open <IP Address> -Pn -o target.nmap
The following command scan the top 100 ports of a specific IP address aggressively and output open ports to target.fullmap. It does OS detection, version detection, script scanning and traceroute.
sudo nmap -sT -T4 -A --top-ports=100 --open <IP Address> -Pn -o target.fullmap
The following command scan all ports of a specific IP address aggressively and output open ports to target.fullmap. It does OS detection, version detection, script scanning and traceroute.
sudo nmap -sT -T4 -A -p- --open <IP Address> -Pn -o target.fullmap
The following command scan all ports of a specific IP address aggressively stealthily, outputting open ports
sudo nmap -sS -vv -T4 -A -p- --open <IP Address> -Pn -o nmap.fullmap
Vulnerability Scan
The following command identify the services and versions running, and then runs vulnerability-checking scripts
sudo nmap -sV -p <Ports> --script "vuln" <IP Address>
UDP Scan
The following command scan for top 100 UDP ports of a specific IP address and output to target.udp
sudo nmap -sU --top-ports=100 -vvv <IP Address> -o target.udp
S1REN Scan
The following performs S1REN scan on a specific IP address and output to target.s1ren
sudo nmap -sC -sV -p- -n -Pn --open --min-rate 2000 <IP Address> -o target.s1ren
Last updated