Nmap is an free, open-source and powerful tool used to discover hosts and services on a computer network and nmap is the main scanner we use for almost every machine we wanna see open ports and stuff on.

we used to a -sS to do a stealth scan before but now its default


Stealth Scan used to be undetectable before but now days its not super stealthy so also keep that in mind. So its not 100% stealthy its more like 80%

Stealth Scan

How this works SYN SYNACK RST

So we first send a SYN package and then the port Acknowledges it and tells hey yeah its open we send it a reset package so we don't make a connection.

In Nmap we have a choice of speed and thats between 1 - 5 1 is really slow and 5 is really fast.

-T4 or -T3 is mostly all good . Specially for boxes liek tryhackme and hackthebox

-p- stands for wanting to scan all ports

If we leave it of completely it scans only the Top 1000 ports (Most Common ones)

You can also go specific ports like -p 80,443,53 etc.

-A stands to scan for everything so like give us all the infromation that is available version numbers,etc.

nmap -T4 -p- -A <Ip address>

nmap —help to get more information about everything

Host Discovery section is to do stuff like simply list targets to scan. A quick Port Scan, -Pn to Treat all the hosts are online even if they are not responding to Ping requests and stuff.

Scan Techniques

-sS (TCP SYN) - So the stealth scan

-sU does a UDP scan