Welcome back to you this blog. In this blog, I will cover “Nmap basic commands in Kali Linux”
What is Nmap?
Nmap is free and open-source software. It is a powerful tool used to discover hosts and services on a computer network. Nmap has many capabilities.
Without Host discover Scanning
Default Nmap scripts
How to use Nmap commands
Ping Scan (-sP)
Ping scanning is unlike the other scan techniques. It is used only to find out whether the host is alive or not. During ping scanning, ICMP packets are sent by Nmap to the target system. It is not used to discover open ports.
nmap -sP 10.105.154
OS Detection (-O)
OS Detection is one of the most useful features of Nmap. It is most helpful during penetration testing. Discover the version of any operating system by Nmap. Then exploit it using the Metasploit.
nmap -O 10.105.154
Aggressive Scan (-A)
Aggressive scanning is a vital phase for gathering information about the target person. It includes a lot of features, ex:- banner grabbing and service enumeration.
nmap -A 10.105.154
Host discover disable (-Pn)
Suppose that the target machine has a firewall, IDS, and IPS all enabled. Without pinging at the target person, -Pn command can scan its services.
nmap -Pn 10.105.154
Service version (-sV)
Version detection is used to find out what services are running on the target system. So that it can be easily exploited using Metasploit.
nmap -sV 10.105.154
UDP Scan (-sU)
Since UDP is stateless and does not involve a three-way handshake, the mechanism behind UDP port scanning is different. -sU command is used to find out UDP Port is open or not on the target system. It does not require any SYN packet to find out the UDP port.
nmap -sU 10.105.154
Default nmap scripts (-sC)
if any port is vulnerable, you do not use any script, -sC command will automatically perform the default script
nmap -sC 10.105.154
Nmap Script (–script)
The Nmap Scripting Engine (NSE) is a recent addition of Nmap, which allows users to write simple scripts. If any services are found to be vulnerable, It can be easily exploited with help of the Nmap script. All NSE scripts can be found in /usr/share/nmap/scripts directory. In this blog, we will use smb-os-discovery nse script and determine its operating system version on the target system.
nmap 10.105.154 –script smb-os-discovery.nse
Save Output (-oG)
-oG command is used to write a grepable file. It makes perform fast to find out the IP address from any output file. if you want to grep IP address from the output, then you should use the -oG command in nmap
nmap -A 10.105.154 -oG file.txt
Port Scan (-p)
-p command is used for port scanning. If you want to scan a specific port on the target system, then you should use the -p command in Nmap. Port scanning is a vital phase for gathering information about the target person.
nmap -p 80 10.105.154
Nmap Cheat Sheet Tutorial
I have made a video for this. If you don’t understand, First of all, You watch this video. I’ll expect it. You got everything.