Nmap Cheat Sheet V1.0

ADVERTISEMENT

Nmap
Scripting Engine
Notable Scripts
Cheat Sheet
-sC Run default scripts
A full list of Nmap Scripting Engine scripts is
v1.0
--script=<ScriptName>|
available at
<ScriptCategory>|<ScriptDir>...
!
POCKET REFERENCE GUIDE
Run individual or groups of scripts
SANS Institute
Some particularly useful scripts include:
--script-args=<Name1=Value1,...>
Use the list of script arguments
dns-zone-transfer: Attempts to pull a zone file
--script-updatedb
Base Syntax
(AXFR) from a DNS server.
Update script database
# nmap [ScanType] [Options] {targets}
$ nmap --script dns-zone-
transfer.nse --script-args dns-zone-
transfer.domain=<domain> -p53
Target Specification
Script Categories
<hosts>
: :
IPv4 address: 192.168.1.1
Nmap's script categories include, but are not limited to, the
IPv6 address: AABB:CCDD::FF%eth0
following:
http-robots.txt: Harvests robots.txt files from
Host name:
discovered web servers.
auth: Utilize credentials or bypass authentication on target
IP address range: 192.168.0-255.0-255
$ nmap --script http-robots.txt
hosts.
CIDR block: 192.168.0.0/16
<hosts>
broadcast: Discover hosts not included on command line by
Use file with lists of targets: -iL <filename>
broadcasting on local network.
brute: Attempt to guess passwords on target systems, for a
smb-brute: Attempts to determine valid
variety of protocols, including http, SNMP, IAX, MySQL, VNC,
username and password combinations via
etc.
Target Ports
automated guessing.
default: Scripts run automatically when -sC or -A are used.
discovery: Try to learn more information about target hosts
No port range specified scans 1,000 most popular
$ nmap --script smb-brute.nse -p445
through public sources of information, SNMP, directory services,
ports
<hosts>
and more.
dos: May cause denial of service conditions in target hosts.
-F Scan 100 most popular ports
smb-psexec: Attempts to run a series of
exploit: Attempt to exploit target systems.
external: Interact with third-party systems not included in
Port range
-p<port1>-<port2>
programs on the target machine, using
target list.
-p<port1>,<port2>,... Port List
credentials provided as scriptargs.
fuzzer: Send unexpected input in network protocol fields.
Mix TCP and UDP
-pU:53,U:110,T20-445
$ nmap --script smb-psexec.nse –
intrusive: May crash target, consume excessive resources, or
Scan linearly (do not randomize ports)
otherwise impact target machines in a malicious fashion.
script-args=smbuser=<username>,
-r
malware: Look for signs of malware infection on the target
Scan n most popular ports
smbpass=<password>[,config=<config>]
--top-ports <n>
hosts.
-p445 <hosts>
Leaving off initial port in range makes
-p-65535
safe: Designed not to impact target in a negative fashion.
Nmap scan start at port 1
version: Measure the version of software or protocol spoken
by target hosts.
Leaving off end port in range makes
-p0-
vul: Measure whether target systems have a known
Nmap scan through port 65535
vulnerability.
Scan ports 1-65535
-p-

ADVERTISEMENT

00 votes

Related Articles

Top 20 Happy Easter Cards And Gift Tags To Download For Free
Top Ten Easter Arts And Crafts Activities For Your Kids
Free Easter Coloring Pages And Easter Printables For Your Kids

Related forms

.htaccess Cheat Sheet V1.0 .htaccess Cheat Sheet V1.0 Education
Jquery 1.2 Cheat Sheet V1.0 Jquery 1.2 Cheat Sheet V1.0 Education
Nmap Cheat Sheet Nmap Cheat Sheet Education
Nmap Cheat Sheet (french) Nmap Cheat Sheet (french) Education
Nmap Cheat Sheet Nmap Cheat Sheet Education
Memory Forensics Cheat Sheet V1.2 Memory Forensics Cheat Sheet V1.2 Education
Canvas Cheat Sheet V1.1 Canvas Cheat Sheet V1.1 Education
Microsoft Dynamics Crm 2013 Client Api Cheat Sheet V1.1 Microsoft Dynamics Crm 2013 Client Api Cheat Sheet V1.1 Education
Vpn Cheat Sheet V1 Vpn Cheat Sheet V1 Education
Scala Cheat Sheet V.0.1 Scala Cheat Sheet V.0.1 Education

Related Categories

Parent category: Education
Download
Go
Page of 2