nmap (Network Mapper) is a powerful command-line tool that is used for network exploration, management, and security auditing. Here are a few examples of some of the best nmap commands:
- Simple host discovery:
nmap 192.168.1.1– This will ping the host at IP address 192.168.1.1 and determine if it is online.
- Full port scan:
nmap -p- 192.168.1.1– This will scan all 65535 ports on the host at IP address 192.168.1.1 to determine which ports are open.
- OS detection:
nmap -O 192.168.1.1– This will attempt to determine the operating system of the host at IP address 192.168.1.1.
- Service and version detection:
nmap -sV 192.168.1.1– This will attempt to determine the version numbers of the services running on the host at IP address 192.168.1.1.
- Script scanning:
nmap --script=http-enum 192.168.1.1– This will run the “http-enum” script on the host at IP address 192.168.1.1. The http-enum script is designed to enumerate web servers and directories.
- Fast scan :
nmap -F 192.168.1.1– This will perform a fast scan, useful when you want to quickly scan a large range of IPs
- IP Version scanning:
nmap -6 -sT [IPv6-address]– This will scan the host or network using IPv6 address, only works if your host/target has IPv6 connectivity
- Stealth scan :
nmap -sS 192.168.1.1– This will perform a stealth scan that makes the target harder to detect, this is done by sending a TCP SYN packet instead of a regular full-connect packet
- NSE script with specifc category :
nmap --script "category/auth" 192.168.1.1– This will run all scripts in the “auth” category against the target host.
- List all open ports :
nmap --open 192.168.1.1– This will list all open ports on the target host, very useful when you want a quick and simple output