NMAP Player Guide

Here's a concise NMAP which includes essential NMAP commands for various stages of network enumeration and scanning.

NMAP Cheat Sheet for CTF

Basic Scans

Quick Scan (Default scan):nmap <target>

Metasploit Scan (Store output in workspace - Use additional flags normally):db_nmap <target>

Ping Scan (Determine live hosts):nmap -sn <target>

Service Version Detection:nmap -sV <target>

Verbosity of Output (1-5 Least to Most Output)nmap -v<1-5> <target>

Operating System Detection:nmap -O <target>

Aggressive Scan (OS, version, script scanning):nmap -A <target>

Port Scanning

Scan Specific Ports:nmap -p <port1,port2,...> <target>

Scan All Ports:nmap -p- <target>

TCP SYN Scan (Default, fast and stealthy):nmap -sS <target>

TCP Connect Scan:nmap -sT <target>

UDP Scan:nmap -sU <target>

Scan for TCP and UDP:nmap -sSU <target>

Advanced Scanning

Scan Multiple Targets:nmap <target1> <target2> <target3>

Range of IP Addresses:nmap <start-IP>-<end-IP>

CIDR Notation:nmap <IP/CIDR>

Timing and Performance

Set Timing Template (0 to 5 from slowest to fastest):nmap -T<0-5> <target>

Increase Parallelism:nmap --min-parallelism <num> <target>

Output Options

Normal Output:nmap -oN output.txt <target>

Grepable Output:nmap -oG output.txt <target>

XML Output:nmap -oX output.xml <target>

NSE Scripts

List Available Scripts:nmap --script-help='*'

Vulnerability Scan:nmap --script vuln <target>

SMB Enumeration:nmap --script smb-enum-shares.nse -p445 <target>

Firewall and IDS Evasion

Fragment Packets:nmap -f <target>

Decoy Scan:nmap -D RND:10 <target>

Scan with Custom MTU:nmap --mtu 24 <target>

Special Scans

Scan for Heartbleed:nmap --script ssl-heartbleed <target>

Scan for Shellshock:nmap --script http-shellshock <target>

FTP Bounce Attack:nmap -b <username>:<password>@<ftp-server> <target>

Examples

Scan with a Specific Script and Save Output:nmap --script smb-vuln-ms17-010 -oN smb_vuln.txt <target>

Perform a Stealth Scan and Save Output in Grepable Format:nmap -sS -oG grep_output.txt <target>