Nmap: My Favorite Scan

(Shadow Zero) #1

Besides Social Engineering, recon is by far the most important aspect of hacking. Without recon, all the greatest hackers of our time probably wouldn’t be able to hack anything. Besides, just shoving one exploit after another, when there are thousands of exploits in Metasploit alone, is inefficient.

This tutorial will cover the very basics of nmap. It is of my favorite tools to use, mainly in preparation for mischief. Anyway, without knowing how to use nmap, there is not much we can do; so, please sit back and read on.


I’m not going to go into much detail about the tool in general, that’s what the website is for. Instead I’ll go right into commands:

nmap -sS -A -T sneaky <IP>

This combination is my favorite combination to use, but what exactly is going on here?

nmap  has to be at the beginning of every Nmap command. 

-sS, you could use -sN but that's not ideal because your target can detect that type of scan easier.

-A This command flag puts several different functions into one, like: Os, operating system, VPNs, etc.

-T allows you to set the speed at which the packets are sent.

The reason for -T is that some servers have a threshold of how many packets can be sent at once; if you pass the threshold, you’re pretty much are caught. There are several speeds, but the one I use the most often is polite because I like to be a gentleman to my target.

And, of course, type in the IP address of your target at the end of the command.


Welp, as the title says, that’s my favorite scan. I hope this would at least start the Recon section a little bit since Recon is so important. My next post would be less personal and more serious.

Anyway, chow. :slight_smile:


(Leader & Offsec Engineer & Forum Daddy) #2

This is nice. I generally just shove nmap -Pn -A

But to control the speed to void detection is smart.



Yup slowing the scan down a lot is important to help prevent detection from an IDS, and other such things.

I generally add -V to help me see how its doing though.



Nmap is literally one of my favorite tools ever.


(Leader & Offsec Engineer & Forum Daddy) #5

Does anybody know of a shodan plugin for nmap? I can imagine how that could be really useful.



https://nmap.org/nsedoc/scripts/shodan-api.html Here is maybe what you’re searching



We need more tutorials like these.



(Metasploit Ninja) #8

Thanks for this, i never had a clue you could set a speed. Does anyone have a list of all the speeds that can be input there by any chance?



Speed templates (T1-5) are at the very bottom.

1 Like

(system) closed #10

This topic was automatically closed after 30 days. New replies are no longer allowed.