Scribd
Upload
58 views4 pages

Nmap Script Scan Cheat Sheet

Uploaded by

gg9926908
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
58 views4 pages

Nmap Script Scan Cheat Sheet

Uploaded by

gg9926908
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Nmap Script Scan Cheat Sheet

Basic Syntax

nmap --script=<script-name> <target>

Run All Default Scripts

nmap -sC <target>

Vulnerability Scanning

nmap --script vuln <target>

Examples:

nmap --script http-vuln-cve2014-3704 -p 80 <target>

nmap --script smb-vuln-ms17-010 -p 445 <target>

HTTP/HTTPS Services

nmap --script http* <target>

Examples:

nmap --script http-title -p 80 <target>

nmap --script http-enum -p 80 <target>

nmap --script http-vuln-cve2015-1635 -p 80 <target>

SMB Scans (Windows File Sharing)

nmap --script smb* -p 445 <target>

Examples:

nmap --script smb-os-discovery -p 445 <target>

nmap --script smb-security-mode -p 445 <target>


nmap --script smb-vuln-ms08-067 -p 445 <target>

Authentication & Brute Force

nmap --script auth <target>

nmap --script brute <target>

Examples:

nmap --script ftp-brute -p 21 <target>

nmap --script ssh-brute -p 22 <target>

nmap --script http-form-brute -p 80 <target>

DNS Enumeration

nmap --script dns* <target>

Examples:

nmap --script dns-brute <target>

nmap --script dns-zone-transfer <target>

FTP Scripts

nmap --script ftp* -p 21 <target>

Examples:

nmap --script ftp-anon -p 21 <target>

nmap --script ftp-bounce -p 21 <target>

SNMP Enumeration

nmap --script snmp* -p 161 <target>

Examples:

nmap --script snmp-info -p 161 <target>


SMTP Mail Server Testing

nmap --script smtp* -p 25 <target>

Examples:

nmap --script smtp-enum-users -p 25 <target>

nmap --script smtp-commands -p 25 <target>

SSH

nmap --script ssh* -p 22 <target>

Examples:

nmap --script ssh-hostkey -p 22 <target>

nmap --script ssh-auth-methods -p 22 <target>

Database Services

MySQL: nmap --script mysql* -p 3306 <target>

PostgreSQL: nmap --script pgsql* -p 5432 <target>

MSSQL: nmap --script ms-sql* -p 1433 <target>

Run Multiple Scripts at Once

nmap --script "http-title,smb-os-discovery,dns-brute" <target>

See All Script Categories

ls /usr/share/nmap/scripts/

nmap --script-help all

Tip: Combine With Output Options


nmap -sV --script vuln -oN vuln_report.txt <target>

You might also like