Common nmap commands during Pentest

1. Discover live hosts in a subnet

nmap -n -sn -PE -oA live_hosts 192.168.1.0/24

2. Discover open TCP ports

nmap -sS -v -p- -oA tcp_ports_65535 192.168.1.15
nmap -sS -vv -p- -Pn --reason --max-rate 1 --open -oA tcp_ports_65535 192.168.1.15

3. Discover services running on open TCP ports found on step 2

nmap -sS -sV -v -A -O -p[port1],[port2] -oA open_tcp_ports 192.168.1.15

4. Discover open UDP ports

nmap -sU -v -p- -oA udp_ports_65535 192.168.1.15

5. Discover services running on open UDP ports found on step 4

nmap -sU -sV -v -A -O -p[port1],[port2] -oA open_udp_ports 192.168.1.15

6. Scan for most common 1000 TCP ports

nmap -sS -sV -v -A -O -oA tcp_ports_1000 192.168.1.15

7. Scan for most common 1000 UDP ports

nmap -sU -sV -v -A -O -oA udp_ports_1000 192.168.1.15
Categories: NMAP Tags: , , ,
%d bloggers like this: