Pastebin

Paste #26631: Nmap full tutorial for newbies

< previous paste - next paste>

Pasted by Knox - Nmap Tutorial

Download View as text 

FULL - Tutorial how to use nmap for NewBorn Ones!



1. Basic Scanning Commands

1.1. Scan a Single Host

nmap 192.168.1.1

What it does: Scans the target host (IP 192.168.1.1) to check if it's online and identify open ports.

Use case: Simple checks to see if a host is reachable and which ports are open.





1.2. Scan Multiple Hosts

nmap 192.168.1.1 192.168.1.2 192.168.1.3

What it does: Scans multiple IPs at once.

Use case: Useful when you need to scan several devices on the network.





1.3. Scan a Range of IPs

nmap 192.168.1.1-254

What it does: Scans all IPs from 192.168.1.1 to 192.168.1.254.

Use case: Efficient for scanning an entire subnet.





1.4. Scan a Subnet

nmap 192.168.1.0/24

What it does: Scans all devices in the subnet 192.168.1.0/24 (254 hosts).

Use case: Comprehensive subnet scanning.





1.5. Scan a Domain

nmap example.com

What it does: Resolves the domain example.com to its IP and scans it.

Use case: Scanning websites or servers by name.





2. Advanced Scanning Commands

2.1. Enable Verbose Mode

nmap -v 192.168.1.1

What it does: Displays more details about the scanning process.

Use case: Helpful to understand what Nmap is doing step-by-step.





2.2. Aggressive Scan

nmap -A 192.168.1.1

What it does: Performs OS detection, version detection, script scanning, and traceroute.

Use case: When you want to gather as much information as possible about a host.





2.3. Scan Specific Ports

nmap -p 80,443 192.168.1.1

What it does: Scans ports 80 and 443 on the target.

Use case: Focus on specific services like web servers (HTTP and HTTPS).





2.4. Scan All Ports

nmap -p- 192.168.1.1

What it does: Scans all 65,535 TCP ports on the target.

Use case: Comprehensive port scanning for deep inspection.





2.5. Detect Operating System

nmap -O 192.168.1.1

What it does: Attempts to detect the operating system of the target.

Use case: Useful for understanding the target's OS to tailor further testing.





3. Stealth Scanning

3.1. SYN Scan (Default)

nmap -sS 192.168.1.1

What it does: Sends SYN packets to check for open ports without completing the handshake.

Use case: Faster and less likely to be detected by firewalls.





3.2. TCP Connect Scan

nmap -sT 192.168.1.1

What it does: Establishes full TCP connections to identify open ports.

Use case: Used when SYN scan is not allowed due to restrictions.





3.3. UDP Scan

nmap -sU 192.168.1.1

What it does: Scans UDP ports instead of TCP.

Use case: Useful for discovering services like DNS, SNMP, or DHCP.





4. Service and Version Detection

4.1. Detect Service Versions

nmap -sV 192.168.1.1

What it does: Identifies the versions of services running on open ports.

Use case: Helpful for vulnerability analysis.





4.2. Scan with Default Scripts

nmap -sC 192.168.1.1

What it does: Runs Nmap's default scripts to identify common vulnerabilities or issues.

Use case: Fast and automated way to gather basic info.





5. Specialized Scanning

5.1. Detect Firewall/IDS

nmap -sA 192.168.1.1

What it does: Sends ACK packets to determine if a firewall is present.

Use case: Identify network-level defenses.





5.2. Scan for Vulnerabilities

nmap --script vuln 192.168.1.1

What it does: Runs vulnerability detection scripts.

Use case: Identifying known vulnerabilities in services.





5.3. Perform Timing Adjustments

nmap -T4 192.168.1.1

What it does: Adjusts scan speed (from -T0 for slowest to -T5 for fastest).

Use case: Use faster scans (-T4 or -T5) when time is limited.




6. Output Results

6.1. Save Results to a File

nmap -oN scan_results.txt 192.168.1.1

What it does: Saves output in a human-readable format.

Use case: Documenting scan results for later analysis.





6.2. Save as XML

nmap -oX scan_results.xml 192.168.1.1

What it does: Saves output in XML format for automated parsing.

Use case: Import results into other tools.





6.3. Save in All Formats

nmap -oA scan_results 192.168.1.1

What it does: Saves output in all available formats (.txt, .xml, .nmap).

Use case: Comprehensive documentation.





7. Evading Detection

7.1. Spoof Source IP

nmap -S 1.2.3.4 192.168.1.1

What it does: Spoofs the source IP address (requires privileges).

Use case: Testing firewalls or simulating attacks (only with permission).





7.2. Randomize Scan Order

nmap --randomize-hosts 192.168.1.0/24

What it does: Scans IPs in a random order.

Use case: Avoid detection by Intrusion Detection Systems (IDS).





8. Miscellaneous

8.1. Traceroute

nmap --traceroute 192.168.1.1

What it does: Maps the route packets take to reach the target.

Use case: Network path analysis.





8.2. Scan an IPv6 Address

nmap -6 [IPv6_address]

What it does: Scans an IPv6 host.

Use case: For modern networks using IPv6.





Final Notes for Newbies:

1. Start Small: Begin with basic commands like nmap [IP] before exploring advanced options.


2. Permission: Always have explicit permission to scan a system. Unauthorized scanning is illegal.


3. Practice: Use test environments like virtual machines or sandbox networks.

4. If you want to exploit don't This won't help you if you're still new.

New Paste


Do not write anything in this field if you're a human.

Go to most recent paste.

Backed by:
PG Support
PostgreSQL Professional Services
DebianSupport
Debian Linux Support