Nmap Options - JimKnee-Champ/Ethical-Hacking-Journal GitHub Wiki

-sV: services and version number. provides information about the state of the port, the services its running, and the version of the service running on it.

-sL: lists targets to scan.

-A:OS Detection, Version Detection, Script Scanning and traceroute. Provides a lot of information. in the rdp-ntlm-info section, you get things like the PC and domain name, its product version, and system time. it got its device type, its ssl certificate information, the mac address, and the route to the IP address.

-p: specify ports. can do ranges (n-n) or specific ports (n,n,n,n) (no spaces is important)

-Pn: Skip host discovery.

-oG : Output in grepable format to filename. can do N,X,or S to do normal, XML, or script kiddie.

--open: only reports open ports.

"Sudo nmap -Pn -p80 --open -oG scanoutput.txt 10.0.5.0/24" - Scans for port 80 on the 10.0.5.0/24 network, only reports addresses with an open port 80, and outputs it to scanoutput.txt.

"sudo nmap -sL 10.0.5.0/24 --dns-servers 10.0.5.22"" - lists targets while specifying a dns server. can add | grep "(" to get the responding ip addresses (and some extraneous bits)