From c548ded02d977ce05be95edec6bce7b132795131 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Sun, 2 Jun 2019 18:53:03 -0400 Subject: [PATCH 1/2] Addition additional nmap options Added "Port Status Information" and Additional Scan Types --- cheat/cheatsheets/nmap | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/cheat/cheatsheets/nmap b/cheat/cheatsheets/nmap index 90efccb..66816d3 100644 --- a/cheat/cheatsheets/nmap +++ b/cheat/cheatsheets/nmap @@ -67,3 +67,21 @@ nmap -T5 --min-parallelism=50 -n --script "ssl-heartbleed" -pT:443 127.0.0.1 # Show all informations (debug mode) nmap -d ... + +## Port Status Information +- Open: This indicates that an application is listening for connections on this port. +- Closed: This indicates that the probes were received but there is no application listening on this port. +- Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by some kind of filtering. +- Unfiltered: This indicates that the probes were received but a state could not be established. +- Open/Filtered: This indicates that the port was filtered or open but Nmap couldn’t establish the state. +- Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn’t establish the state. + +## Additional Scan Types + +nmap -sn: Probe only (host discovery, not port scan) +nmap -sS: SYN Scan +nmap -sT: TCP Connect Scan +nmap -sU: UDP Scan +nmap -sV: Version Scan +nmap -O: Used for OS Detection/fingerprinting +nmap --scanflags: Sets custom list of TCP using `URG ACK PSH RST SYN FIN` in any order From 93df3b3f20a61b7778ea85b5f00d9af65cd540f0 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Sun, 2 Jun 2019 18:56:31 -0400 Subject: [PATCH 2/2] Update nmap Added Nmap Scripting Engine Categories --- cheat/cheatsheets/nmap | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/cheat/cheatsheets/nmap b/cheat/cheatsheets/nmap index 66816d3..0232bf1 100644 --- a/cheat/cheatsheets/nmap +++ b/cheat/cheatsheets/nmap @@ -85,3 +85,20 @@ nmap -sU: UDP Scan nmap -sV: Version Scan nmap -O: Used for OS Detection/fingerprinting nmap --scanflags: Sets custom list of TCP using `URG ACK PSH RST SYN FIN` in any order + +### Nmap Scripting Engine Categories +The most common Nmap scripting engine categories: +- auth: Utilize credentials or bypass authentication on target hosts. +- broadcast: Discover hosts not included on command line by broadcasting on local network. +- brute: Attempt to guess passwords on target systems, for a variety of protocols, including http, SNMP, IAX, MySQL, VNC, etc. +- default: Scripts run automatically when -sC or -A are used. +- discovery: Try to learn more information about target hosts through public sources of information, SNMP, directory services, and more. +- dos: May cause denial of service conditions in target hosts. +- exploit: Attempt to exploit target systems. +- external: Interact with third-party systems not included in target list. +- fuzzer: Send unexpected input in network protocol fields. +- intrusive: May crash target, consume excessive resources, or otherwise impact target machines in a malicious fashion. +- malware: Look for signs of malware infection on the target hosts. +- safe: Designed not to impact target in a negative fashion. +- version: Measure the version of software or protocols on the target hosts. +- vul: Measure whether target systems have a known vulnerability.