There are many Nmap commands, this article focuses in on some of the very useful ones in order to obtain as much information as possible about the target host. Nmap is a highly versatile network scanner, and with a large amount of available commands, nmap is one of the very best tools a security auditor will find on the market, with the added benefit of it being free.
Recommended Nmap Command Syntax:
nmap -v -sS -sV -O -Pn -f target
Nmap Commands explained
Explanation: Sets the nmap into verbose mode. You can increase this by adding more ‘v’s e.g nmap -vv
Advantage: Gives you more information to play with
Explanation: Sets the nmap to scan using TCP Stealth SYN (establishes a half open connection to the target then terminates the connection if the connection is accepted)
Advantage: As you are not establishing a full connection to the target, there is less chance of being logged. You will need a root account to run this scan and use this nmap command.
Explanation: Sets nmap to scan for active running services information and version details on the target.
Advantages: Helps gather additional intelligence when you wish to find out further information about other services running on the target.
Explanation: Sets nmap to attempt operating system detection
Advantage: Helps you find out the OS the target is running
Explanation: Sets nmap to ignore ping / host up response
Advantage: Some hosts have ping response disabled on the internet. This assumes all hosts are up, even if they do not respond to ping.
Nmap Commands to help bypass Intrusion Detection Systems (IDS)
There are several ways to confuse or help bypass IDS on targets. The easiest way is to use the switch below. You may also want to look into the Decoy switch (-D) and the Source (-S) switch to help spoof your IP address.
nmap -f (Linux/BSD only recommended)
Explanation: this fragments packets, breaking up the TCP header over several packets so the target host IDS is unable to recognise an incoming scan.
Advantage: Helps to bypass common IDS/IPS on the target.