TryHackMe: NMAP: NMAP Switches

goay xuan hui
2 min readJan 12, 2021

#1 What is the first switch listed in the help menu for a ‘Syn Scan’ (more on this later!)?

-Ss

#2 Which switch would you use for a “UDP scan”?

-Su

#3 If you wanted to detect which operating system the target is running on, which switch would you use?

-O

#4 Nmap provides a switch to detect the version of the services running on the target. What is this switch?

-sV

#5 The default output provided by nmap often does not provide enough information for a pentester. How would you increase the verbosity?

-v

#6 Verbosity level one is good, but verbosity level two is better! How would you set the verbosity level to two?
(Note: it’s highly advisable to always use at least this option)

-vv

References: https://nmap.org/book/nping-man-output-options.html

#7 What switch would you use to save the nmap results in three major formats?

-oA

-oA <basename> command will store scan results in normal, XML and grepable formats at once in <basename>.nmap, <basename>.xml and <basename>.gnmap.

Tips: -o stands for output while -O stands for operating system (See #3)

#8 What switch would you use to save the nmap results in a “normal” format?

-oN

#9 A very useful output format: how would you save results in a “grepable” format?

-oG

#10 Sometimes the results we’re getting just aren’t enough. If we don’t care about how loud we are, we can enable “aggressive” mode. This is a shorthand switch that activates service detection, operating system detection, a traceroute and common script scanning.

-A

#11 Nmap offers five levels of “timing” template. These are essentially used to increase the speed your scan runs at. Be careful though: higher speeds are noisier, and can incur errors! How would you set the timing template to level 5?

-t5

#12 How would you tell nmap to only scan port 80?

-p 80

#13 How would you tell nmap to scan ports 1000–1500?

-p 1000-1500

#14 How would you tell nmap to scan all ports?

-p-

#15 How would you activate a script from the nmap scripting library?

-- -script

#16 How would you activate all of the scripts in the “vuln” category?

-- -script=vuln

To understand more about NMAP, check out the full series: Part 1: Port Scanning Responses, Part 2: Basic Port Scanning Types, Part 3: Other Port Scanning Types, Part 4: Network Scanning, Part 5: Firewall Evasion Options and Part 6: NSE Scripts!

--

--

goay xuan hui

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️