mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2026-01-23 02:35:38 +01:00

Hanashiko 86b1519e01 docs(nmap): wrote thorough documentation for the nmap plugin

2025-05-06 19:33:20 +03:00

6.3 KiB

Raw Blame History

Nmap Plugin

Overview

This plugin provides a comprehensive set of aliases for Nmap, the powerful network scanning tool. These aliases cover common scanning scenarios similar to the profiles in Zenmap, making network reconnaissance and security testing more efficient.

Installation

To use this plugin, add nmap to the plugins array in your zshrc file:

plugins=(... nmap)

Make sure Nmap is installed on your system. You can install it on most systems with:

macOS: brew install nmap
Ubuntu/Debian: sudo apt install nmap
Fedora/RHEL: sudo dnf install nmap
Arch Linux: sudo pacman -S nmap

Alias Categories

1. Basic Scans

Alias	Command	Description
`nmap_open_ports`	`nmap --open`	Shows only open ports on target hosts
`nmap_quick`	`nmap -T4 -F`	Quick scan using default scripts at timing template 4
`nmap_ping_scan`	`nmap -n -sP`	Simple ping scan to discover hosts
`nmap_net`	`nmap -sn`	Network discovery without port scanning
`nmap_tcp`	`nmap -sT`	Basic TCP connect scan
`nmap_all_ports`	`nmap -p-`	Scan all 65535 ports
`nmap_ports`	`nmap -p`	Scan specific ports (requires port numbers as argument)

2. Host and Interface Discovery

Alias	Command	Description
`nmap_list_interfaces`	`nmap --iflist`	Lists all network interfaces on the host
`nmap_ping_through_firewall`	`nmap -PS -PA`	Host discovery with SYN/ACK probes to bypass firewall restrictions
`nmap_ping_tcp`	`nmap -PS`	TCP SYN ping discovery
`nmap_ping_ack`	`nmap -PA`	TCP ACK ping discovery
`nmap_ping_udp`	`sudo nmap -PU`	UDP ping discovery (requires root)
`nmap_no_ping`	`nmap -Pn`	Skip ping discovery (treat all hosts as online)

3. Performance Scans

Alias	Command	Description
`nmap_fast`	`nmap -F -T5 --version-light --top-ports 300`	Fast scan of the top 300 popular ports
`nmap_slow`	`sudo nmap -sS -v -T1`	Slow, stealthy scan that avoids triggering IDS/IPS

4. Comprehensive Scans

Alias	Command	Description
`nmap_full`	`sudo nmap -sS -T4 -PE -PP -PS80,443 -PY -g 53 -A -p1-65535 -v`	Aggressive full scan that examines all ports with service detection and OS identification
`nmap_full_udp`	`sudo nmap -sS -sU -T4 -A -v -PE -PS22,25,80 -PA21,23,80,443,3389`	Full TCP and UDP scan with version detection
`nmap_full_with_scripts`	`sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all`	Exhaustive scan with all scripts
`nmap_detect_versions`	`sudo nmap -sV -p1-65535 -O --osscan-guess -T4 -Pn`	Detects versions of services and OS on all ports
`nmap_aggressive`	`sudo nmap -A -T4 -v`	Aggressive scan with OS and version detection, script scanning, and traceroute

5. Stealth and Evasion Techniques

Alias	Command	Description
`nmap_stealth`	`sudo nmap -sS -T2`	Stealthy SYN scan at slower timing for IDS evasion
`nmap_fin`	`sudo nmap -sF -v`	FIN scan to check if hosts are up (may bypass some firewalls)
`nmap_null`	`sudo nmap -sN`	TCP NULL scan (no flags set)
`nmap_xmas`	`sudo nmap -sX`	TCP XMAS scan (FIN, PSH, URG flags)
`nmap_ack`	`sudo nmap -sA`	TCP ACK scan
`nmap_window`	`sudo nmap -sW`	TCP Window scan
`nmap_mainmon`	`sudo nmap -sM`	TCP Maimon scan
`nmap_fragment`	`sudo nmap -f`	Fragment packets to evade detection
`nmap_evasion`	`sudo nmap -D RND:10`	Decoy scan with 10 random IP addresses

6. Advanced Techniques

Alias	Command	Description
`nmap_idle`	`sudo nmap -sI`	Idle scan (requires zombie IP as argument)
`nmap_ftp_bounce`	`sudo nmap -b`	FTP bounce scan (requires FTP server as argument)
`nmap_sctp`	`sudo nmap -sY`	SCTP INIT scan for SCTP services
`nmap_traceroute`	`sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute`	Performs traceroute using most common ports
`nmap_ipv6`	`nmap -6`	Enables IPv6 scanning

7. Specialized Scans

Alias	Command	Description
`nmap_os`	`sudo nmap -O`	Operating system detection
`nmap_web_safe_osscan`	`sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy`	"Safer" OS scan by connecting only to HTTP/HTTPS ports
`nmap_check_for_firewall`	`sudo nmap -sA -p1-65535 -v -T4`	TCP ACK scan to detect firewall presence and rules
`nmap_udp`	`sudo nmap -sU`	UDP port scan

8. Script-Based Scans

Alias	Command	Description
`nmap_check_for_vulns`	`nmap --script=vuln`	Scans for known vulnerabilities
`nmap_brute`	`nmap --script=brute`	Attempts brute force authentication against services
`nmap_discovery`	`nmap --script=discovery`	Uses discovery scripts to gather information
`nmap_safe`	`nmap --script=safe`	Runs scripts considered safe and non-intrusive
`nmap_malware`	`nmap --script=malware`	Checks for backdoors and malware
`nmap_auth`	`nmap --script=auth`	Attempts to bypass authentication

Usage Examples

Basic Host Discovery

# Find all active hosts on a network
nmap_net 192.168.1.0/24

# Scan a single host for open ports
nmap_open_ports 192.168.1.100

Security Assessments

# Full vulnerability scan of a web server
nmap_check_for_vulns 192.168.1.100

# Comprehensive scan of a server
nmap_full 192.168.1.100

Stealth Operations

# Evasive scan through a firewall
nmap_stealth 192.168.1.100

# Decoy scan with spoofed IP addresses
nmap_evasion 192.168.1.100

Performance Options

# Quick network inventory
nmap_fast 192.168.1.0/24

# Thorough but slow scan for sensitive environments
nmap_slow 192.168.1.100

Notes

Aliases prefixed with sudo require root privileges to run properly
For more information about specific Nmap options, refer to man nmap or visit the Nmap documentation
Use these tools responsibly and only on networks you have permission to scan

License

This plugin is available under the same license as Oh My Zsh.

6.3 KiB Raw Blame History