Pastebin

Tutorial for begginer 
---

1. Basic Scanning Commands

1.1. Scan a Single Host

nmap 192.168.1.1

What it does: Scans the target host (IP 192.168.1.1) to check if it's online and identify open ports.

Use case: Simple checks to see if a host is reachable and which ports are open.


---

1.2. Scan Multiple Hosts

nmap 192.168.1.1 192.168.1.2 192.168.1.3

What it does: Scans multiple IPs at once.

Use case: Useful when you need to scan several devices on the network.


---

1.3. Scan a Range of IPs

nmap 192.168.1.1-254

What it does: Scans all IPs from 192.168.1.1 to 192.168.1.254.

Use case: Efficient for scanning an entire subnet.


---

1.4. Scan a Subnet

nmap 192.168.1.0/24

What it does: Scans all devices in the subnet 192.168.1.0/24 (254 hosts).

Use case: Comprehensive subnet scanning.


---

1.5. Scan a Domain

nmap example.com

What it does: Resolves the domain example.com to its IP and scans it.

Use case: Scanning websites or servers by name.


---

2. Advanced Scanning Commands

2.1. Enable Verbose Mode

nmap -v 192.168.1.1

What it does: Displays more details about the scanning process.

Use case: Helpful to understand what Nmap is doing step-by-step.


---

2.2. Aggressive Scan

nmap -A 192.168.1.1

What it does: Performs OS detection, version detection, script scanning, and traceroute.

Use case: When you want to gather as much information as possible about a host.


---

2.3. Scan Specific Ports

nmap -p 80,443 192.168.1.1

What it does: Scans ports 80 and 443 on the target.

Use case: Focus on specific services like web servers (HTTP and HTTPS).


---

2.4. Scan All Ports

nmap -p- 192.168.1.1

What it does: Scans all 65,535 TCP ports on the target.

Use case: Comprehensive port scanning for deep inspection.


---

2.5. Detect Operating System

nmap -O 192.168.1.1

What it does: Attempts to detect the operating system of the target.

Use case: Useful for understanding the target's OS to tailor further testing.


---

3. Stealth Scanning

3.1. SYN Scan (Default)

nmap -sS 192.168.1.1

What it does: Sends SYN packets to check for open ports without completing the handshake.

Use case: Faster and less likely to be detected by firewalls.


---

3.2. TCP Connect Scan

nmap -sT 192.168.1.1

What it does: Establishes full TCP connections to identify open ports.

Use case: Used when SYN scan is not allowed due to restrictions.


---

3.3. UDP Scan

nmap -sU 192.168.1.1

What it does: Scans UDP ports instead of TCP.

Use case: Useful for discovering services like DNS, SNMP, or DHCP.


---

4. Service and Version Detection

4.1. Detect Service Versions

nmap -sV 192.168.1.1

What it does: Identifies the versions of services running on open ports.

Use case: Helpful for vulnerability analysis.


---

4.2. Scan with Default Scripts

nmap -sC 192.168.1.1

What it does: Runs Nmap's default scripts to identify common vulnerabilities or issues.

Use case: Fast and automated way to gather basic info.


---

5. Specialized Scanning

5.1. Detect Firewall/IDS

nmap -sA 192.168.1.1

What it does: Sends ACK packets to determine if a firewall is present.

Use case: Identify network-level defenses.


---

5.2. Scan for Vulnerabilities

nmap --script vuln 192.168.1.1

What it does: Runs vulnerability detection scripts.

Use case: Identifying known vulnerabilities in services.


---

5.3. Perform Timing Adjustments

nmap -T4 192.168.1.1

What it does: Adjusts scan speed (from -T0 for slowest to -T5 for fastest).

Use case: Use faster scans (-T4 or -T5) when time is limited.


---

6. Output Results

6.1. Save Results to a File

nmap -oN scan_results.txt 192.168.1.1

What it does: Saves output in a human-readable format.

Use case: Documenting scan results for later analysis.


---

6.2. Save as XML

nmap -oX scan_results.xml 192.168.1.1

What it does: Saves output in XML format for automated parsing.

Use case: Import results into other tools.


---

6.3. Save in All Formats

nmap -oA scan_results 192.168.1.1

What it does: Saves output in all available formats (.txt, .xml, .nmap).

Use case: Comprehensive documentation.


---

7. Evading Detection

7.1. Spoof Source IP

nmap -S 1.2.3.4 192.168.1.1

What it does: Spoofs the source IP address (requires privileges).

Use case: Testing firewalls or simulating attacks (only with permission).


---

7.2. Randomize Scan Order

nmap --randomize-hosts 192.168.1.0/24

What it does: Scans IPs in a random order.

Use case: Avoid detection by Intrusion Detection Systems (IDS).


---

8. Miscellaneous

8.1. Traceroute

nmap --traceroute 192.168.1.1

What it does: Maps the route packets take to reach the target.

Use case: Network path analysis.


---

8.2. Scan an IPv6 Address

nmap -6 [IPv6_address]

What it does: Scans an IPv6 host.

Use case: For modern networks using IPv6.


---

Final Notes for Newbies:

1. Start Small: Begin with basic commands like nmap [IP] before exploring advanced options.


2. Permission: Always have explicit permission to scan a system. Unauthorized scanning is illegal.


3. Practice: Use test environments like virtual machines or sandbox networks.