Network Enumeration with Nmap
Enumeration
Overview
Master Nmap for host discovery, port scanning, service detection, and NSE scripts.
4
Exercises
6
Flashcards
1
Mind Maps
Cheatsheet
Host Discovery
nmap -sn 10.10.10.0/24 # Ping scan subnet for live hosts nmap -Pn -sS 10.10.10.5 # SYN scan host, treat as online (skip ping)
Port Scanning
nmap -p- --min-rate 10000 10.10.10.5 # Fast full port scan (all 65535 ports) nmap -sS -sV -sC -p 22,80,445 10.10.10.5 # Detailed scan (SYN, Version, Scripts) on found ports
Service/Version
nmap -sV --version-intensity 5 10.10.10.5 # Aggressive version detection
Scripts
nmap --script=vuln 10.10.10.5 # Run vulnerability scanning scripts nmap --script=smb-enum-shares 10.10.10.5 # Enumerate SMB shares via script
Output
nmap -oA scan_results 10.10.10.5 # Save results in all formats (normal, grepable, xml)
Command Examples
Common Pitfalls
- Using -T5 on production networks
- Forgetting UDP scans
- Not saving output
Exam Survival Tips
- Always do full port scan first
- Use -oA to save all formats
- Check UDP 53,161,500
Exercises
View All
multiple choice
easy
What Nmap flag performs a SYN stealth scan?...
fill command
medium
Write the Nmap command to scan all TCP ports on 10.10.10.5 with service version detection:...
decision tree
medium
You've found port 445 open on a Windows target. What's the best first step?...
case file
medium
<pre>PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.9
80/tcp open http Apa...