Nmap Commands to Scan Ports, Detect Services, Operating Systems, and Identify Vulnerabilities
TCP and UDP Port Scanning
- TCP Port Scan (SYN scan):
nmap -sS <target IP address>
This scan is fast and uses “SYN scan” mode, which is less detectable and helps identify open TCP ports.
- UDP Port Scan:
nmap -sU <target IP address>
This scan detects open UDP ports, though it’s generally slower. You can combine it with the TCP scan for comprehensive results.
- Specific Ports Scan (TCP and UDP):
nmap -p <port_range> <target IP address>
Example: nmap -p 80,443,8080 <target IP address>. This scans only the specified ports (in this case, ports 80, 443, and 8080).
Operating System Detection
- OS Detection:
nmap -O <target IP address>
This option attempts to identify the target’s operating system based on the responses from the TCP/IP stack.
Service and Version Detection
- Service and Version Detection:
nmap -sV <target IP address>
This command identifies the open services on each discovered port and attempts to determine their version.
- Full Scan with OS and Version Detection:
nmap -A <target IP address>
This advanced scan combines multiple features: port scanning, OS detection, service detection, and some basic scripts.
Vulnerability Detection
- Using NSE Scripts to Identify Vulnerabilities:
nmap --script vuln <target IP address>
This runs available vulnerability detection scripts in Nmap’s script library, helping identify known vulnerabilities.
Other Common Uses
- Stealth Scans (bypassing some firewalls):
nmap -sN <target IP address> # Null Scan nmap -sF <target IP address> # FIN Scan
nmap -sX <target IP address> # Xmas Scan
These scans send specific packets designed to avoid detection by some firewalls.
- Fast Scan for Active Hosts and Common Services:
nmap -F <target IP address>
The -F option limits the scan to the most common ports, saving time.
0 Comments