<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://wiki.brunnerne.dk/index.php?action=history&amp;feed=atom&amp;title=Nmap</id>
	<title>Nmap - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://wiki.brunnerne.dk/index.php?action=history&amp;feed=atom&amp;title=Nmap"/>
	<link rel="alternate" type="text/html" href="https://wiki.brunnerne.dk/index.php?title=Nmap&amp;action=history"/>
	<updated>2026-07-01T04:26:55Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.43.1</generator>
	<entry>
		<id>https://wiki.brunnerne.dk/index.php?title=Nmap&amp;diff=62&amp;oldid=prev</id>
		<title>The.mikkel: /* Essential Options */</title>
		<link rel="alternate" type="text/html" href="https://wiki.brunnerne.dk/index.php?title=Nmap&amp;diff=62&amp;oldid=prev"/>
		<updated>2025-08-04T09:14:13Z</updated>

		<summary type="html">&lt;p&gt;&lt;span class=&quot;autocomment&quot;&gt;Essential Options&lt;/span&gt;&lt;/p&gt;
&lt;table style=&quot;background-color: #fff; color: #202122;&quot; data-mw=&quot;interface&quot;&gt;
				&lt;col class=&quot;diff-marker&quot; /&gt;
				&lt;col class=&quot;diff-content&quot; /&gt;
				&lt;col class=&quot;diff-marker&quot; /&gt;
				&lt;col class=&quot;diff-content&quot; /&gt;
				&lt;tr class=&quot;diff-title&quot; lang=&quot;en&quot;&gt;
				&lt;td colspan=&quot;2&quot; style=&quot;background-color: #fff; color: #202122; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan=&quot;2&quot; style=&quot;background-color: #fff; color: #202122; text-align: center;&quot;&gt;Revision as of 09:14, 4 August 2025&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot; id=&quot;mw-diff-left-l9&quot;&gt;Line 9:&lt;/td&gt;
&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 9:&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;&lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &amp;lt;code&amp;gt;-v&amp;lt;/code&amp;gt; / &amp;lt;code&amp;gt;-vv&amp;lt;/code&amp;gt; : Verbosity (show progress/details).&lt;/div&gt;&lt;/td&gt;&lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;&lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &amp;lt;code&amp;gt;-v&amp;lt;/code&amp;gt; / &amp;lt;code&amp;gt;-vv&amp;lt;/code&amp;gt; : Verbosity (show progress/details).&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;&lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &amp;lt;code&amp;gt;-oA &amp;amp;lt;basename&amp;amp;gt;&amp;lt;/code&amp;gt; : Save output in All formats (&amp;lt;code&amp;gt;.nmap&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;.gnmap&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;.xml&amp;lt;/code&amp;gt;). &amp;#039;&amp;#039;&amp;#039;Recommended!&amp;#039;&amp;#039;&amp;#039;&lt;/div&gt;&lt;/td&gt;&lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;&lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &amp;lt;code&amp;gt;-oA &amp;amp;lt;basename&amp;amp;gt;&amp;lt;/code&amp;gt; : Save output in All formats (&amp;lt;code&amp;gt;.nmap&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;.gnmap&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;.xml&amp;lt;/code&amp;gt;). &amp;#039;&amp;#039;&amp;#039;Recommended!&amp;#039;&amp;#039;&amp;#039;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-side-deleted&quot;&gt;&lt;/td&gt;&lt;td class=&quot;diff-marker&quot; data-marker=&quot;+&quot;&gt;&lt;/td&gt;&lt;td style=&quot;color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&lt;ins style=&quot;font-weight: bold; text-decoration: none;&quot;&gt;* &amp;lt;code&amp;gt;-O&amp;lt;/code&amp;gt;: OS detection&lt;/ins&gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;&lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &amp;lt;code&amp;gt;sudo&amp;lt;/code&amp;gt; : Often required for SYN scans (&amp;lt;code&amp;gt;-sS&amp;lt;/code&amp;gt; - default) and OS detection (&amp;lt;code&amp;gt;-O&amp;lt;/code&amp;gt;).&lt;/div&gt;&lt;/td&gt;&lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;&lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &amp;lt;code&amp;gt;sudo&amp;lt;/code&amp;gt; : Often required for SYN scans (&amp;lt;code&amp;gt;-sS&amp;lt;/code&amp;gt; - default) and OS detection (&amp;lt;code&amp;gt;-O&amp;lt;/code&amp;gt;).&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;&lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br&gt;&lt;/td&gt;&lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;&lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br&gt;&lt;/td&gt;&lt;/tr&gt;

&lt;!-- diff cache key my_wiki:diff:1.41:old-19:rev-62:php=table --&gt;
&lt;/table&gt;</summary>
		<author><name>The.mikkel</name></author>
	</entry>
	<entry>
		<id>https://wiki.brunnerne.dk/index.php?title=Nmap&amp;diff=19&amp;oldid=prev</id>
		<title>The.mikkel: Created page with &quot;== Nmap CTF Quick Reference == Common Nmap commands optimized for speed and typical CTF scenarios.  === Essential Options === * &lt;code&gt;-p-&lt;/code&gt; : Scan all 65535 TCP ports. * &lt;code&gt;-p &amp;lt;ports&amp;gt;&lt;/code&gt; : Scan specific ports (e.g., &lt;code&gt;-p 21,22,80,443&lt;/code&gt;, &lt;code&gt;-p U:53,T:80&lt;/code&gt;). * &lt;code&gt;-T4&lt;/code&gt; : Aggressive timing (faster, good for CTFs). Use &lt;code&gt;-T3&lt;/code&gt; (default) if &lt;code&gt;-T4&lt;/code&gt; causes issues. * &lt;code&gt;-Pn&lt;/code&gt; : Skip host discovery (Assume host...&quot;</title>
		<link rel="alternate" type="text/html" href="https://wiki.brunnerne.dk/index.php?title=Nmap&amp;diff=19&amp;oldid=prev"/>
		<updated>2025-05-02T16:10:51Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;== Nmap CTF Quick Reference == Common Nmap commands optimized for speed and typical CTF scenarios.  === Essential Options === * &amp;lt;code&amp;gt;-p-&amp;lt;/code&amp;gt; : Scan all 65535 TCP ports. * &amp;lt;code&amp;gt;-p &amp;lt;ports&amp;gt;&amp;lt;/code&amp;gt; : Scan specific ports (e.g., &amp;lt;code&amp;gt;-p 21,22,80,443&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;-p U:53,T:80&amp;lt;/code&amp;gt;). * &amp;lt;code&amp;gt;-T4&amp;lt;/code&amp;gt; : Aggressive timing (faster, good for CTFs). Use &amp;lt;code&amp;gt;-T3&amp;lt;/code&amp;gt; (default) if &amp;lt;code&amp;gt;-T4&amp;lt;/code&amp;gt; causes issues. * &amp;lt;code&amp;gt;-Pn&amp;lt;/code&amp;gt; : Skip host discovery (Assume host...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;== Nmap CTF Quick Reference ==&lt;br /&gt;
Common Nmap commands optimized for speed and typical CTF scenarios.&lt;br /&gt;
&lt;br /&gt;
=== Essential Options ===&lt;br /&gt;
* &amp;lt;code&amp;gt;-p-&amp;lt;/code&amp;gt; : Scan all 65535 TCP ports.&lt;br /&gt;
* &amp;lt;code&amp;gt;-p &amp;amp;lt;ports&amp;amp;gt;&amp;lt;/code&amp;gt; : Scan specific ports (e.g., &amp;lt;code&amp;gt;-p 21,22,80,443&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;-p U:53,T:80&amp;lt;/code&amp;gt;).&lt;br /&gt;
* &amp;lt;code&amp;gt;-T4&amp;lt;/code&amp;gt; : Aggressive timing (faster, good for CTFs). Use &amp;lt;code&amp;gt;-T3&amp;lt;/code&amp;gt; (default) if &amp;lt;code&amp;gt;-T4&amp;lt;/code&amp;gt; causes issues.&lt;br /&gt;
* &amp;lt;code&amp;gt;-Pn&amp;lt;/code&amp;gt; : Skip host discovery (Assume host is online). &amp;#039;&amp;#039;&amp;#039;Crucial&amp;#039;&amp;#039;&amp;#039; if ping is blocked.&lt;br /&gt;
* &amp;lt;code&amp;gt;-v&amp;lt;/code&amp;gt; / &amp;lt;code&amp;gt;-vv&amp;lt;/code&amp;gt; : Verbosity (show progress/details).&lt;br /&gt;
* &amp;lt;code&amp;gt;-oA &amp;amp;lt;basename&amp;amp;gt;&amp;lt;/code&amp;gt; : Save output in All formats (&amp;lt;code&amp;gt;.nmap&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;.gnmap&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;.xml&amp;lt;/code&amp;gt;). &amp;#039;&amp;#039;&amp;#039;Recommended!&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
* &amp;lt;code&amp;gt;sudo&amp;lt;/code&amp;gt; : Often required for SYN scans (&amp;lt;code&amp;gt;-sS&amp;lt;/code&amp;gt; - default) and OS detection (&amp;lt;code&amp;gt;-O&amp;lt;/code&amp;gt;).&lt;br /&gt;
&lt;br /&gt;
=== 1. Initial Fast TCP Scan ===&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Goal:&amp;#039;&amp;#039;&amp;#039; Quickly find ALL open TCP ports.&lt;br /&gt;
&amp;lt;syntaxhighlight lang=&amp;quot;bash&amp;quot;&amp;gt;&lt;br /&gt;
sudo nmap -p- -T4 -Pn --min-rate=1000 -v -oA initial_scan &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&amp;lt;/syntaxhighlight&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;--min-rate=1000&amp;lt;/code&amp;gt; : Tries to send packets quickly; adjust if needed.&lt;br /&gt;
&lt;br /&gt;
=== 2. Service Scan + Default Scripts (TCP) ===&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Goal:&amp;#039;&amp;#039;&amp;#039; Identify service versions &amp;amp; run safe scripts on specific/all ports. &amp;#039;&amp;#039;&amp;#039;Most common CTF scan.&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
&amp;lt;syntaxhighlight lang=&amp;quot;bash&amp;quot;&amp;gt;&lt;br /&gt;
# Scan specific TCP ports (e.g., found from initial scan)&lt;br /&gt;
sudo nmap -p 22,80,445 -sV -sC -T4 -Pn -v -oA service_scan &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&lt;br /&gt;
# Scan ALL TCP ports (combines step 1 &amp;amp; 2)&lt;br /&gt;
sudo nmap -p- -sV -sC -T4 -Pn -v -oA full_tcp_scan &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&amp;lt;/syntaxhighlight&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;-sV&amp;lt;/code&amp;gt; : Detect Service/Version info.&lt;br /&gt;
* &amp;lt;code&amp;gt;-sC&amp;lt;/code&amp;gt; : Run Default Scripts (safe &amp;amp; very useful).&lt;br /&gt;
&lt;br /&gt;
=== 3. Aggressive Scan ===&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Goal:&amp;#039;&amp;#039;&amp;#039; Shortcut for OS detection, Version detection, Default scripts, Traceroute.&lt;br /&gt;
&amp;lt;syntaxhighlight lang=&amp;quot;bash&amp;quot;&amp;gt;&lt;br /&gt;
# Aggressive scan on default top 1000 TCP ports&lt;br /&gt;
sudo nmap -A -T4 -Pn -v -oA aggressive_default &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&lt;br /&gt;
# Aggressive scan on ALL TCP ports&lt;br /&gt;
sudo nmap -A -p- -T4 -Pn -v -oA aggressive_all_tcp &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&amp;lt;/syntaxhighlight&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;-A&amp;lt;/code&amp;gt; : Enables OS detection (&amp;lt;code&amp;gt;-O&amp;lt;/code&amp;gt;), Version detection (&amp;lt;code&amp;gt;-sV&amp;lt;/code&amp;gt;), Script scanning (&amp;lt;code&amp;gt;-sC&amp;lt;/code&amp;gt;), and Traceroute (&amp;lt;code&amp;gt;--traceroute&amp;lt;/code&amp;gt;).&lt;br /&gt;
&lt;br /&gt;
=== 4. UDP Scan ===&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Goal:&amp;#039;&amp;#039;&amp;#039; Find open UDP services (SNMP, NFS, TFTP, etc.). &amp;#039;&amp;#039;&amp;#039;Warning: Slow!&amp;#039;&amp;#039;&amp;#039;&lt;br /&gt;
&amp;lt;syntaxhighlight lang=&amp;quot;bash&amp;quot;&amp;gt;&lt;br /&gt;
# Scan Top 100 UDP ports (faster) + Service Detection&lt;br /&gt;
sudo nmap -sU -sV --top-ports 100 -T4 -Pn -v -oA udp_top100 &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&lt;br /&gt;
# Scan specific common UDP ports&lt;br /&gt;
sudo nmap -sU -sV -p U:53,69,123,161 -T4 -Pn -v -oA udp_specific &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&amp;lt;/syntaxhighlight&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;-sU&amp;lt;/code&amp;gt; : UDP scan.&lt;br /&gt;
* &amp;lt;code&amp;gt;--top-ports &amp;amp;lt;number&amp;amp;gt;&amp;lt;/code&amp;gt; : Limits scan to the most common ports (much faster than &amp;lt;code&amp;gt;-p-&amp;lt;/code&amp;gt; for UDP).&lt;br /&gt;
&lt;br /&gt;
=== 5. NSE Script Scans ===&lt;br /&gt;
&amp;#039;&amp;#039;&amp;#039;Goal:&amp;#039;&amp;#039;&amp;#039; Run specific Nmap Scripting Engine scripts.&lt;br /&gt;
&amp;lt;syntaxhighlight lang=&amp;quot;bash&amp;quot;&amp;gt;&lt;br /&gt;
# Run vulnerability detection scripts on specific ports&lt;br /&gt;
sudo nmap --script vuln -p 80,443 -Pn -v -oA vuln_scan &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&lt;br /&gt;
# Run specific script(s) (e.g., HTTP enumeration)&lt;br /&gt;
sudo nmap -p 80 --script http-enum,http-title -Pn -v -oA http_enum &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&lt;br /&gt;
# Run SMB enumeration scripts&lt;br /&gt;
sudo nmap -p 139,445 --script smb-enum-shares,smb-os-discovery -Pn -v -oA smb_enum &amp;lt;target_IP&amp;gt;&lt;br /&gt;
&amp;lt;/syntaxhighlight&amp;gt;&lt;br /&gt;
* &amp;lt;code&amp;gt;--script &amp;amp;lt;category|scriptname&amp;amp;gt;&amp;lt;/code&amp;gt; : Specify scripts to run (e.g., &amp;lt;code&amp;gt;vuln&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;discovery&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;http-enum&amp;lt;/code&amp;gt;). Check rules before using &amp;lt;code&amp;gt;exploit&amp;lt;/code&amp;gt; scripts.&lt;br /&gt;
&lt;br /&gt;
=== Common CTF Workflow ===&lt;br /&gt;
# Fast full TCP scan: &amp;lt;code&amp;gt;sudo nmap -p- -T4 -Pn --min-rate=1000 -v -oA initial &amp;lt;target_IP&amp;gt;&amp;lt;/code&amp;gt;&lt;br /&gt;
# Identify open TCP ports from output (e.g., &amp;lt;code&amp;gt;grep open initial.gnmap&amp;lt;/code&amp;gt;).&lt;br /&gt;
# Detailed TCP scan on open ports: &amp;lt;code&amp;gt;sudo nmap -p &amp;amp;lt;open_ports&amp;amp;gt; -sV -sC -T4 -Pn -v -oA details &amp;lt;target_IP&amp;gt;&amp;lt;/code&amp;gt;&lt;br /&gt;
# Quick UDP scan: &amp;lt;code&amp;gt;sudo nmap -sU -sV --top-ports 100 -T4 -Pn -v -oA udp_top &amp;lt;target_IP&amp;gt;&amp;lt;/code&amp;gt;&lt;br /&gt;
# Targeted NSE scans based on findings (e.g., &amp;lt;code&amp;gt;--script http-enum&amp;lt;/code&amp;gt; on port 80).&lt;br /&gt;
&lt;br /&gt;
=== Quick Tips ===&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Always&amp;#039;&amp;#039;&amp;#039; use &amp;lt;code&amp;gt;-oA&amp;lt;/code&amp;gt; to save results.&lt;br /&gt;
* Use &amp;lt;code&amp;gt;-Pn&amp;lt;/code&amp;gt; if hosts don&amp;#039;t respond to ping.&lt;br /&gt;
* Don&amp;#039;t forget UDP, but scan specific/top ports first due to speed.&lt;br /&gt;
* Review &amp;lt;code&amp;gt;/usr/share/nmap/scripts/&amp;lt;/code&amp;gt; or use &amp;lt;code&amp;gt;nmap --script=help&amp;lt;/code&amp;gt; to find scripts.&lt;br /&gt;
* Check CTF rules regarding scan intensity (&amp;lt;code&amp;gt;-T5&amp;lt;/code&amp;gt;) or intrusive scripts (&amp;lt;code&amp;gt;vuln&amp;lt;/code&amp;gt;, &amp;lt;code&amp;gt;exploit&amp;lt;/code&amp;gt;).&lt;/div&gt;</summary>
		<author><name>The.mikkel</name></author>
	</entry>
</feed>