Nmap Cheatsheet
ENGuida completa ai comandi Nmap per penetration testing, network security e vulnerability assessment. Tutti i parametri con esempi pratici.
Disclaimer
Utilizza Nmap solo su reti e sistemi per cui hai autorizzazione esplicita. La scansione non autorizzata e illegale e puo comportare conseguenze legali.
Comandi Combinati Utili
Scansione Completa
Scansione approfondita con rilevamento servizi e OS
nmap -sS -sV -O -A -p- target
Stealth Scan
Scansione discreta per evitare rilevamento
nmap -sS -T2 -f -D RND:10 target
Vulnerability Scan
Verifica vulnerabilita note
nmap -sV --script vuln target
Web Server Scan
Analisi completa web server
nmap -sV -p 80,443,8080 --script "http-*" target
Network Discovery
Scopri host attivi nella rete
nmap -sn -PE -PA21,22,80,443 192.168.1.0/24
Quick Scan
Scansione rapida porte comuni
nmap -T4 -F --open target
Scansioni Base
nmap target
Scansione base (1000 porte comuni)
nmap 192.168.1.1
nmap -p
Scansione porte specifiche
nmap -p 80,443,8080 192.168.1.1
nmap -p-
Scansione tutte le 65535 porte
nmap -p- 192.168.1.1
nmap -F
Scansione veloce (100 porte)
nmap -F 192.168.1.1
nmap -top-ports
Scansione N porte piu comuni
nmap --top-ports 20 192.168.1.1
nmap -p 1-1000
Scansione range di porte
nmap -p 1-1000 192.168.1.1
Host Discovery
nmap -sn
Ping scan (no port scan)
nmap -sn 192.168.1.0/24
nmap -Pn
Skip host discovery
nmap -Pn 192.168.1.1
nmap -PS
TCP SYN ping
nmap -PS22,80,443 192.168.1.1
nmap -PA
TCP ACK ping
nmap -PA80,443 192.168.1.1
nmap -PU
UDP ping
nmap -PU53 192.168.1.1
nmap -PE
ICMP echo ping
nmap -PE 192.168.1.0/24
nmap -PR
ARP ping (solo rete locale)
nmap -PR 192.168.1.0/24
nmap -n
Disabilita risoluzione DNS
nmap -n 192.168.1.0/24
Tipi di Scansione
nmap -sS
TCP SYN scan (stealth)
nmap -sS 192.168.1.1
nmap -sT
TCP connect scan
nmap -sT 192.168.1.1
nmap -sU
UDP scan
nmap -sU 192.168.1.1
nmap -sA
TCP ACK scan
nmap -sA 192.168.1.1
nmap -sW
TCP Window scan
nmap -sW 192.168.1.1
nmap -sN
TCP Null scan
nmap -sN 192.168.1.1
nmap -sF
TCP FIN scan
nmap -sF 192.168.1.1
nmap -sX
TCP Xmas scan
nmap -sX 192.168.1.1
nmap -sI
Idle/zombie scan
nmap -sI zombie_host target
Rilevamento Servizi e Versioni
nmap -sV
Rileva versioni servizi
nmap -sV 192.168.1.1
nmap -sV --version-intensity
Intensita rilevamento (0-9)
nmap -sV --version-intensity 5 192.168.1.1
nmap -sV --version-light
Rilevamento leggero
nmap -sV --version-light 192.168.1.1
nmap -sV --version-all
Prova tutte le probe
nmap -sV --version-all 192.168.1.1
nmap -A
Aggressive scan (OS, version, scripts, traceroute)
nmap -A 192.168.1.1
Rilevamento Sistema Operativo
nmap -O
Rileva sistema operativo
nmap -O 192.168.1.1
nmap -O --osscan-limit
Limita a host promettenti
nmap -O --osscan-limit 192.168.1.0/24
nmap -O --osscan-guess
Guess aggressivo OS
nmap -O --osscan-guess 192.168.1.1
nmap -O --max-os-tries
Max tentativi OS detection
nmap -O --max-os-tries 2 192.168.1.1
Timing e Performance
nmap -T0
Paranoid (molto lento, IDS evasion)
nmap -T0 192.168.1.1
nmap -T1
Sneaky (lento, IDS evasion)
nmap -T1 192.168.1.1
nmap -T2
Polite (rallentato)
nmap -T2 192.168.1.1
nmap -T3
Normal (default)
nmap -T3 192.168.1.1
nmap -T4
Aggressive (veloce)
nmap -T4 192.168.1.1
nmap -T5
Insane (molto veloce)
nmap -T5 192.168.1.1
nmap --min-rate
Minimo pacchetti/sec
nmap --min-rate 1000 192.168.1.1
nmap --max-rate
Massimo pacchetti/sec
nmap --max-rate 100 192.168.1.1
Nmap Scripting Engine (NSE)
nmap -sC
Script di default
nmap -sC 192.168.1.1
nmap --script
Esegue script specifico
nmap --script vuln 192.168.1.1
nmap --script-args
Passa argomenti a script
nmap --script http-brute --script-args userdb=users.txt 192.168.1.1
--script=default,safe
Categorie multiple
nmap --script=default,safe 192.168.1.1
--script "http-*"
Script con wildcard
nmap --script "http-*" 192.168.1.1
--script-updatedb
Aggiorna database script
nmap --script-updatedb
Categorie Script NSE
--script=auth
Script autenticazione
nmap --script=auth 192.168.1.1
--script=broadcast
Discover hosts via broadcast
nmap --script=broadcast
--script=brute
Brute force attacks
nmap --script=brute 192.168.1.1
--script=discovery
Informazioni aggiuntive
nmap --script=discovery 192.168.1.1
--script=exploit
Tentativi di exploit
nmap --script=exploit 192.168.1.1
--script=vuln
Verifica vulnerabilita
nmap --script=vuln 192.168.1.1
--script=safe
Script sicuri/non intrusivi
nmap --script=safe 192.168.1.1
--script=malware
Rileva malware/backdoor
nmap --script=malware 192.168.1.1
Script NSE Utili
http-enum
Enumera directory web
nmap --script http-enum 192.168.1.1
http-vuln-*
Vulnerabilita HTTP
nmap --script http-vuln-cve2017-5638 192.168.1.1
smb-enum-shares
Enumera share SMB
nmap --script smb-enum-shares 192.168.1.1
smb-vuln-*
Vulnerabilita SMB
nmap --script smb-vuln-ms17-010 192.168.1.1
ftp-anon
Verifica FTP anonimo
nmap --script ftp-anon 192.168.1.1
ssh-brute
Brute force SSH
nmap --script ssh-brute 192.168.1.1
dns-zone-transfer
Tenta zone transfer DNS
nmap --script dns-zone-transfer -p 53 ns.target.com
ssl-heartbleed
Verifica Heartbleed
nmap --script ssl-heartbleed 192.168.1.1
Evasione Firewall/IDS
nmap -f
Frammenta pacchetti
nmap -f 192.168.1.1
nmap --mtu
Imposta MTU custom
nmap --mtu 24 192.168.1.1
nmap -D
Usa decoy (esche)
nmap -D RND:10 192.168.1.1
nmap -S
Spoofing IP sorgente
nmap -S 192.168.1.100 192.168.1.1
nmap -g
Usa porta sorgente specifica
nmap -g 53 192.168.1.1
nmap --data-length
Aggiunge dati random
nmap --data-length 25 192.168.1.1
nmap --randomize-hosts
Randomizza ordine host
nmap --randomize-hosts 192.168.1.0/24
nmap --spoof-mac
Spoofing MAC address
nmap --spoof-mac 0 192.168.1.1
Output e Report
nmap -oN
Output normale
nmap -oN scan.txt 192.168.1.1
nmap -oX
Output XML
nmap -oX scan.xml 192.168.1.1
nmap -oG
Output grepable
nmap -oG scan.gnmap 192.168.1.1
nmap -oA
Tutti i formati
nmap -oA scan 192.168.1.1
nmap -v
Verbose
nmap -v 192.168.1.1
nmap -vv
Molto verbose
nmap -vv 192.168.1.1
nmap -d
Debug output
nmap -d 192.168.1.1
nmap --reason
Mostra motivo stato porta
nmap --reason 192.168.1.1
nmap --open
Mostra solo porte aperte
nmap --open 192.168.1.1
Specifica Target
nmap IP
Singolo IP
nmap 192.168.1.1
nmap hostname
Hostname
nmap example.com
nmap CIDR
Notazione CIDR
nmap 192.168.1.0/24
nmap range
Range IP
nmap 192.168.1.1-100
nmap -iL
Lista da file
nmap -iL targets.txt
nmap --exclude
Escludi host
nmap 192.168.1.0/24 --exclude 192.168.1.1
nmap --excludefile
Escludi host da file
nmap 192.168.1.0/24 --excludefile exclude.txt
Nessun comando trovato per la tua ricerca.