Update NMAP_cheat_sheet.md

This commit is contained in:
Omar Santos 2018-12-26 21:38:06 -05:00 committed by GitHub
parent 9f688b05dc
commit 9d52fb87b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -18,10 +18,40 @@ If no port range is specified, Nmap scans the 1,000 most popular ports.
-p0- Leaving off end port in range makes Nmap scan through p
```
## Port Status
- Open: This indicates that an application is listening for connections on this port.
- Closed: This indicates that the probes were received but there is no application listening on this port.
- Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by some kind of filtering.
- Unfiltered: This indicates that the probes were received but a state could not be established.
- Open/Filtered: This indicates that the port was filtered or open but Nmap couldnt establish the state.
- Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldnt establish the state.
## Probing Options
- `-Pn`: Don't probe (assume all hosts are up)
- `-PB`: Default probe (TCP 80, 445 & ICMP)
- `-PS<portlist>` : Checks if ssytems are online by probing TCP ports
- `-PE`: Using ICMP Echo Request
- `-PP`: Using ICMP Timestamp Request
- `-PM`: Using ICMP Netmask Request
## Nmap Scripting Engine
The full list of Nmap Scripting Engine scripts: http://nmap.org/nsedoc/
`nmap -sC` runs default scripts...
Running individual or groups of scripts:
`nmap --script=<ScriptName>| <ScriptCategory>|<ScriptDir>`
Using the list of script arguments:
`nmap --script-args=<Name1=Value1,...>`
Updating the script database:
`nmap --script-updatedb`
Some particularly useful scripts include:
- dns-zone-transfer: Attempts to pull a zone file (AXFR) from a DNS server.
@ -60,3 +90,5 @@ The most common Nmap scripting engine categories:
- safe: Designed not to impact target in a negative fashion.
- version: Measure the version of software or protocols on the target hosts.
- vul: Measure whether target systems have a known vulnerability.