November 19

Linux: Nmap Examples

Basic Nmap scanning examples, often used at the first stage of enumeration.
Command Description

nmap -sP 10.0.0.0/24

Ping scans the network, listing machines that respond to ping.

nmap -p 1-65535 -sV -sS -T4 target

Full TCP port scan using with service version detection – usually my first scan, I find T4 more accurate than T5 and still “pretty quick”.

nmap -v -sS -A -T4 target

Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + traceroute and scripts against target services.

nmap -v -sS -A -T5 target

Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + traceroute and scripts against target services.

nmap -v -sV -O -sS -T5 target

Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection.

nmap -v -p 1-65535 -sV -O -sS -T4 target

Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + full port range scan.

nmap -v -p 1-65535 -sV -O -sS -T5 target

Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + full port range scan.
Agressive scan timings are faster, but could yeild inaccurate results!

T5 uses very aggressive scan timings and could lead to missed ports, T4 is a better compromise if you need fast results.
Nmap scan from file
Command Description

nmap -iL ip-addresses.txt

Scans a list of IP addresses, you can add options before / after.
Nmap output formats
Command Description

nmap -sV -p 139,445 -oG grep-output.txt 10.0.1.0/24

Outputs “grepable” output to a file, in this example Netbios servers.

E.g, The output file could be grepped for “Open”.

nmap -sS -sV -T5 10.0.1.99 –webxml -oX –
| xsltproc –output file.html –

Export nmap output to HTML report.
Nmap Netbios Examples
Command Description

nmap -sV -v -p 139,445 10.0.0.1/24

Find all Netbios servers on subnet

nmap -sU –script nbstat.nse -p 137 target

Nmap display Netbios name

nmap –script-args=unsafe=1 –script
smb-check-vulns.nse -p 445 target

Nmap check if Netbios servers are vulnerable to MS08-067


Copyright 2021. All rights reserved.

Posted November 19, 2021 by Timothy Conrad in category "Linux

About the Author

If I were to describe myself with one word it would be, creative. I am interested in almost everything which keeps me rather busy. Here you will find some of my technical musings. PGP: 4CB8 91EB 0C0A A530 3BE9 6D76 B076 96F1 6135 0A1B