From 9d52fb87b99ac83467d042c16b8b0300fc0fe097 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Wed, 26 Dec 2018 21:38:06 -0500 Subject: [PATCH] Update NMAP_cheat_sheet.md --- cheat_sheets/NMAP_cheat_sheet.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/cheat_sheets/NMAP_cheat_sheet.md b/cheat_sheets/NMAP_cheat_sheet.md index f84a3be..426e8d1 100644 --- a/cheat_sheets/NMAP_cheat_sheet.md +++ b/cheat_sheets/NMAP_cheat_sheet.md @@ -18,10 +18,40 @@ If no port range is specified, Nmap scans the 1,000 most popular ports. -p0- Leaving off end port in range makes Nmap scan through p ``` +## Port Status + +- Open: This indicates that an application is listening for connections on this port. +- Closed: This indicates that the probes were received but there is no application listening on this port. +- Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by some kind of filtering. +- Unfiltered: This indicates that the probes were received but a state could not be established. +- Open/Filtered: This indicates that the port was filtered or open but Nmap couldn’t establish the state. +- Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn’t establish the state. + +## Probing Options + +- `-Pn`: Don't probe (assume all hosts are up) +- `-PB`: Default probe (TCP 80, 445 & ICMP) +- `-PS` : Checks if ssytems are online by probing TCP ports +- `-PE`: Using ICMP Echo Request +- `-PP`: Using ICMP Timestamp Request +- `-PM`: Using ICMP Netmask Request + ## Nmap Scripting Engine The full list of Nmap Scripting Engine scripts: http://nmap.org/nsedoc/ +`nmap -sC` runs default scripts... + +Running individual or groups of scripts: +`nmap --script=| |` + +Using the list of script arguments: +`nmap --script-args=` + +Updating the script database: +`nmap --script-updatedb` + + Some particularly useful scripts include: - dns-zone-transfer: Attempts to pull a zone file (AXFR) from a DNS server. @@ -60,3 +90,5 @@ The most common Nmap scripting engine categories: - safe: Designed not to impact target in a negative fashion. - version: Measure the version of software or protocols on the target hosts. - vul: Measure whether target systems have a known vulnerability. + +