Service & OS

-sV #Enables service version detection, identifying the version of the services running on open ports.

-O #Performs operating system detection. Note that results may not always be conclusive or accurate.

-v #Runs Nmap in verbose mode, providing more detailed output during the scan.

Service Detection

Service detection in Nmap identifies the software and version running on open ports of a target machine. It sends specific probes to these services and analyzes the responses to accurately detect the service and version, which can help in discovering vulnerabilities or unusual configurations.

nmap -T4 -sS -sV -p- [IP]

This command performs a full TCP SYN scan (-sS), detects services and versions (-sV), scans all ports (-p-), and uses a faster timing template (-T4) for quicker results.

Version Intensity

Nmap allows control over the intensity of version detection with the --version-intensity option, which ranges from 0 (light scan) to 9 (most aggressive scan). Lower intensities perform fewer probes, while higher intensities use more to improve detection accuracy.

nmap -sV --version-intensity 5 [IP]
nmap -T4 -sS -sV --version-intensity 8 -p- [IP]

OS Detection

Nmap can detect the operating system (OS) running on a target machine by analyzing various network-level responses such as TCP/IP stack characteristics. This helps in understanding the system's configuration and potential vulnerabilities specific to the OS. -O enables OS Detection.

--osscan-guess

The --osscan-guess option is used when Nmap is uncertain about the exact OS. It provides an educated guess, offering the closest match, even if the confidence level isn't very high. This can be useful when dealing with obscure or less common systems.

nmap -T4 -sS -sV -O --osscan-guess -p- [IP]

This command performs a TCP SYN scan (-sS), detects services and versions (-sV), enables OS detection (-O), allows guessing the OS if necessary (--osscan-guess), scans all ports (-p-), and uses a faster timing template (-T4) for quicker results.