Nmap Commands to Scan Ports, Detect Services, Operating Systems, and Identify Vulnerabilities
TCP and UDP Port Scanning
- TCP Port Scan (SYN scan):
1 | nmap -sS <target IP address> |
This scan is fast and uses “SYN scan” mode, which is less detectable and helps identify open TCP ports.
- UDP Port Scan:
1 | nmap -sU <target IP address> |
This scan detects open UDP ports, though it’s generally slower. You can combine it with the TCP scan for comprehensive results.
- Specific Ports Scan (TCP and UDP):
1 | nmap -p <port_range> <target IP address> |
Example: nmap -p 80,443,8080 <target IP address>. This scans only the specified ports (in this case, ports 80, 443, and 8080).
Operating System Detection
- OS Detection:
1 | nmap -O <target IP address> |
This option attempts to identify the target’s operating system based on the responses from the TCP/IP stack.
Service and Version Detection
- Service and Version Detection:
1 | nmap -sV <target IP address> |
This command identifies the open services on each discovered port and attempts to determine their version.
- Full Scan with OS and Version Detection:
1 | nmap -A <target IP address> |
This advanced scan combines multiple features: port scanning, OS detection, service detection, and some basic scripts.
Vulnerability Detection
- Using NSE Scripts to Identify Vulnerabilities:
1 | nmap --script vuln <target IP address> |
This runs available vulnerability detection scripts in Nmap’s script library, helping identify known vulnerabilities.
Other Common Uses
- Stealth Scans (bypassing some firewalls):
1 2 | nmap -sN <target IP address> # Null Scan nmap -sF <target IP address> # FIN Scan nmap -sX <target IP address> # Xmas Scan |
These scans send specific packets designed to avoid detection by some firewalls.
- Fast Scan for Active Hosts and Common Services:
1 | nmap -F <target IP address> |
The -F option limits the scan to the most common ports, saving time.
0 Comments