NMAP

Common nmap commands during Pentest

1. Discover live hosts

nmap -n -sn -PE -oA live_hosts 192.168.1.0/24

2. Discover open TCP ports

nmap -sS -vv -p- -oA tcp_ports_65535 192.168.1.15
nmap -sS -vv -p- -Pn --reason --open -oA tcp_ports_65535 192.168.1.15
nmap -sS -vv -p- -Pn --reason --max-rate 1 --open -oA tcp_ports_65535 192.168.1.15

3. Discover services running on open TCP ports found on step 2

nmap -sS -sV -vv -A -O -p[port1],[port2] -oA open_tcp_ports 192.168.1.15

4. Discover open UDP ports

nmap -sU -vv -p- -oA udp_ports_65535 192.168.1.15

If the UDP scan takes too long try the following:

nmap -sU -vv --top-ports 1000 --reason --open -oA udp_ports_1000 192.168.1.15

5. Discover services running on open UDP ports found on step 4

nmap -sU -sV -vv -A -O -p[port1],[port2] -oA open_udp_ports 192.168.1.15

6. Scan for most common 1000 TCP ports

nmap -sS -sV -vv -A -O --top-ports 1000 --reason --open -oA tcp_ports_1000 192.168.1.15

7. Scan for most common 1000 UDP ports

nmap -sU -sV -vv -A -O --top-ports 1000 --reason --open -oA udp_ports_1000 192.168.1.15