Atlanta Cyber Security
Learn Nmap
We have compiled a ton of information in regards to learning how to hack. A lot this information is the foundation of hacking and should be mastered prior to going deeper.
Nmap – Nmap is short for Network Mapper and it is a free, open-source tool for network discovery, inventory, and security auditing. It enables cybersecurity professionals and network administrators to identify active hosts, open ports, available services (names and versions), and operating systems, as well as detect potential security risks.
Installing Nmap – At this point in time you should be using a Linux based OS. Once you are using a Linux based OS, you can follow this tutorial.
Step 1 – Check and see if Nmap is installed. Open terminal (Ctrl + Alt + T) and type nmap -v (if Nmap is installed, it will display the version information; if not, you’ll see a message indicating that the command is not found.
Step 2 – If Nmap is not installed, you can do so using the terminal. Syimple type sudo apt install nmap -y. This will download and install Nmap for you.
Nmap DNS Tricks
| Nmap Command | Results |
|---|---|
| host -t ns example.com | Gets the name servers of a website. |
| host -t a example.com | Gets the A records of a website. |
| host -t aaaa example.com | Gets the AAAA records of a website. |
| host -t mx example.com | Gets the MX records of a website. |
| host -t soa example.com | Gets information about a domain's DNS settings. |
Basic Scanning Techniques
| Nmap Query | Nmap Command |
|---|---|
| Get some help | nmap -h |
| Scan a single target | nmap [target] |
| Scan multiple targets | nmap [target1,target2,etc] |
| Scan a list of targets | nmap -iL [list.text] |
| Scan a range of hosts | nmap [range of IP addresses] |
| Scan an entire subnet | nmap [IP address/cdir] |
| Scan random hosts | nmap -iR [number] |
| Excluding targets from a scan | nmap [targets] -exclude [targets] |
| Excluding targets using a list | nmap [targets] -excludefile [list.txt] |
| Perform an aggressive scan | nmap -A [target] |
| Scan an IPv6 target | nmap -6 [target] |
Discovery Options
| Nmap Query | Nmap Command |
|---|---|
| Perform a ping scan only | nmap -sP [target] |
| Don't ping | nmap -PN [target] |
| TCP SYN Ping (search for open ports on a system) | nmap -PS [target] |
| TCP SYN Scan (stealthy and efficient) | nmap -sS [target] |
| TCP ACK Ping | nmap -PA [target] |
| UDP ping | nmap -PU [target] |
| SCTP init Ping | nmap -PY [target] |
| ICMP echo ping | nmap -PE [target] |
| ICMP Timestamp ping | nmap -PP [target] |
| ICMP address mask ping | nmap -PM [target] |
| IP protocol ping | nmap -PO [target] |
| ARP ping | nmap -PR [target] |
| Traceroute | nmap -traceroute [target] |
| Force reverse DNS resolution | nmap - R [target] |
| Disable reverse DNS resolution | nmap -n [target] |
| Alternative DNS lookup | nmap -system-dns [target] |
| Manually specific DNS servers | nmap -dns-servers [servers] [target] |
| Create a host list | nmap -sL [targets] |
| Scan to detect firewall settings | sudo nmap -sA [target] |
Firewall Evasion Techniques
| Nmap Query | Nmap Command |
|---|---|
| Fragment packets | nmap -f [target] |
| Specify a specific MTU | nmap -mtu [MTU] [target] |
| Use a decoy | nmap -D RND: [number] [target] |
| Idle zombie scan | nmap -sl [zombie] [target] |
| Manually specify a source port | nmap -source-port [port] [target] |
| Append random data | nmap -data-length [size] [target] |
| Randomize target scan order | nmap -randomize-hosts [target] |
| Spoof MAC Address | nmap -spoof-mac [MAC|0|vendor] [target] |
| Send bad checksums | nmap -badsum [target] |
Version Detection
| Nmap Query | Nmap Command |
|---|---|
| Operating system detection | nmap -O [target] |
| Attempt to guess an unknown | nmap -O -osscan-guess [target] |
| Service version detection | nmap =sV [target] |
| Troubleshooting version scans | nmap -sV -version-trace [target] |
| Perform a RPC scan | nmap -sR [target] |