Nmap Cheatsheet

apt-get update && apt-get install nmap

Single scan: nmap 192.168.1.1
Scan a range: nmap 192.16.1.1-50
Scan from a file containing IPs: nmap -iL targets.txt
Scan a subnet: nmap 192.16.1.0/24

Scan certain port: nmap 192.168.1.1 -p 21
TCP and UDP ports: nmap 192.168.1.1 -p U:138,T:80,389
Port range: nmap 192.168.1.1 -p 21-100
Scan service: nmap 192.168.1.1 -p http,https

Version of service lookup: nmap 192.168.1.1 -sV
OS, version detection and script scanning: nmap 192.168.1.1 -A
Remote OS detection using TCP/IP stack fingerprinting: nmap 192.168.1.1 -O
Timing Scans (Slow: T0-5 : Fast): nmap 192.168.1.1 -T0

Brute force DNS hostnames: nmap -Pn –script=dns-brute domain.com
SQL Injection check: nmap -p80 –script http-sql-injection scanme.nmap.org
Stealth Scan: nmap -sS 192.168.1.1
Improved UDP version scan: nmap -sUV -T4 192.168.1.1

Fragment packets (Firewall/IDS Evasion): nmap 192.168.1.1 -f
Send scans from spoofed IPs: nmap -D 192.168.1.101,192.168.1.102

Save default output to file: nmap -oN outputfile.txt 192.168.1.1
Heartbleed Testing: nmap -sV -p 443 –script=ssl-heartbleed 192.168.1.0/24

Some useful scripts:

Web application firewall check
nmap -p80,443 –script http-waf-detect –script-args=”http-waf-detect.aggro,http-waf-detect.detectBodyChanges” targetWebsite.com

Exract EXIF data from photos found on the website
nmap -p80,443 –script http-exif-spider –script-args=”http.max-cache-size=99999999″ targetwebsite.com

Source: https://null-byte.wonderhowto.com/how-to/advanced-nmap-top-5-intrusive-nmap-scripts-hackers-pentesters-should-know-0187287/