FULL - Tutorial how to use nmap for NewBorn Ones! 1. Basic Scanning Commands 1.1. Scan a Single Host nmap 192.168.1.1 What it does: Scans the target host (IP 192.168.1.1) to check if it's online and identify open ports. Use case: Simple checks to see if a host is reachable and which ports are open. 1.2. Scan Multiple Hosts nmap 192.168.1.1 192.168.1.2 192.168.1.3 What it does: Scans multiple IPs at once. Use case: Useful when you need to scan several devices on the network. 1.3. Scan a Range of IPs nmap 192.168.1.1-254 What it does: Scans all IPs from 192.168.1.1 to 192.168.1.254. Use case: Efficient for scanning an entire subnet. 1.4. Scan a Subnet nmap 192.168.1.0/24 What it does: Scans all devices in the subnet 192.168.1.0/24 (254 hosts). Use case: Comprehensive subnet scanning. 1.5. Scan a Domain nmap example.com What it does: Resolves the domain example.com to its IP and scans it. Use case: Scanning websites or servers by name. 2. Advanced Scanning Commands 2.1. Enable Verbose Mode nmap -v 192.168.1.1 What it does: Displays more details about the scanning process. Use case: Helpful to understand what Nmap is doing step-by-step. 2.2. Aggressive Scan nmap -A 192.168.1.1 What it does: Performs OS detection, version detection, script scanning, and traceroute. Use case: When you want to gather as much information as possible about a host. 2.3. Scan Specific Ports nmap -p 80,443 192.168.1.1 What it does: Scans ports 80 and 443 on the target. Use case: Focus on specific services like web servers (HTTP and HTTPS). 2.4. Scan All Ports nmap -p- 192.168.1.1 What it does: Scans all 65,535 TCP ports on the target. Use case: Comprehensive port scanning for deep inspection. 2.5. Detect Operating System nmap -O 192.168.1.1 What it does: Attempts to detect the operating system of the target. Use case: Useful for understanding the target's OS to tailor further testing. 3. Stealth Scanning 3.1. SYN Scan (Default) nmap -sS 192.168.1.1 What it does: Sends SYN packets to check for open ports without completing the handshake. Use case: Faster and less likely to be detected by firewalls. 3.2. TCP Connect Scan nmap -sT 192.168.1.1 What it does: Establishes full TCP connections to identify open ports. Use case: Used when SYN scan is not allowed due to restrictions. 3.3. UDP Scan nmap -sU 192.168.1.1 What it does: Scans UDP ports instead of TCP. Use case: Useful for discovering services like DNS, SNMP, or DHCP. 4. Service and Version Detection 4.1. Detect Service Versions nmap -sV 192.168.1.1 What it does: Identifies the versions of services running on open ports. Use case: Helpful for vulnerability analysis. 4.2. Scan with Default Scripts nmap -sC 192.168.1.1 What it does: Runs Nmap's default scripts to identify common vulnerabilities or issues. Use case: Fast and automated way to gather basic info. 5. Specialized Scanning 5.1. Detect Firewall/IDS nmap -sA 192.168.1.1 What it does: Sends ACK packets to determine if a firewall is present. Use case: Identify network-level defenses. 5.2. Scan for Vulnerabilities nmap --script vuln 192.168.1.1 What it does: Runs vulnerability detection scripts. Use case: Identifying known vulnerabilities in services. 5.3. Perform Timing Adjustments nmap -T4 192.168.1.1 What it does: Adjusts scan speed (from -T0 for slowest to -T5 for fastest). Use case: Use faster scans (-T4 or -T5) when time is limited. 6. Output Results 6.1. Save Results to a File nmap -oN scan_results.txt 192.168.1.1 What it does: Saves output in a human-readable format. Use case: Documenting scan results for later analysis. 6.2. Save as XML nmap -oX scan_results.xml 192.168.1.1 What it does: Saves output in XML format for automated parsing. Use case: Import results into other tools. 6.3. Save in All Formats nmap -oA scan_results 192.168.1.1 What it does: Saves output in all available formats (.txt, .xml, .nmap). Use case: Comprehensive documentation. 7. Evading Detection 7.1. Spoof Source IP nmap -S 1.2.3.4 192.168.1.1 What it does: Spoofs the source IP address (requires privileges). Use case: Testing firewalls or simulating attacks (only with permission). 7.2. Randomize Scan Order nmap --randomize-hosts 192.168.1.0/24 What it does: Scans IPs in a random order. Use case: Avoid detection by Intrusion Detection Systems (IDS). 8. Miscellaneous 8.1. Traceroute nmap --traceroute 192.168.1.1 What it does: Maps the route packets take to reach the target. Use case: Network path analysis. 8.2. Scan an IPv6 Address nmap -6 [IPv6_address] What it does: Scans an IPv6 host. Use case: For modern networks using IPv6. Final Notes for Newbies: 1. Start Small: Begin with basic commands like nmap [IP] before exploring advanced options. 2. Permission: Always have explicit permission to scan a system. Unauthorized scanning is illegal. 3. Practice: Use test environments like virtual machines or sandbox networks. 4. If you want to exploit don't This won't help you if you're still new.