Nmap Commands Cheat Sheet


Nmap is the most popular tools used in penetrations test or assessments for network scanning. Nmap have another features like listing some basic vulnerabilities and protocol related details. We will look Nmap features in fast way. For more detailed information read following tutorial.

Nmap Tutorial

Target Selection

Target is the remote system nmap will scan.

Scan Single Ip

nmap 192.168.1.1

Scan A Host

nmap google.com

Scan A Range of IP

nmap 192.168.1.1-30

Scan A Subnet

nmap 192.168.1.0/24

Scan Targets From Text File

nmap -iL targets.txt

Port Selection

During scan we can define port range to scan

Scan Single TCP Port

nmap -p 22 192.168.1.1

Scan Range Of TCP Port

nmap -p 1-200 192.168.1.1

Scan 100 Most Common TCP Ports

nmap -F 192.168.1.1

Scan All 65535 TCP Ports

nmap -p- 192.168.1.1

Scan Single UDP Port

nmap -p 5060 -U 192.168.1.1

Nmap Port Scan Types

Scan types generally requires Administrator or root privileges

Scan Using TCP Connect

nmap -sT 192.168.1.1

Scan Using TCP Sync

nmap -sS 192.168.1.1

Scan Using TCP Sync/Ack

nmap --PA 192.168.1.1

Scan Without Ping

nmap -Pn 192.168.1.1

Nmap Service and OS Detection

This will detect operating system and services version

Detect Operating System and Version

nmap -O 192.168.1.1

Detect Service Version

nmap -sV 192.168.1.1

Detect Aggressive Service Version

nmap -sV --version-intensity 5 192.168.1.1

Nmap Speed, Performance and Timing

We can set performance, speed and timing of nmap.

Faster Scan

nmap -T 4 192.168.1.1

Fastest Scan

nmap -T 5 192.168.1.1

Parallel Scan

nmap --min-parallelism 128 192.168.1.1

Nmap Output Format

Nmap result will be saved according to given format

Save Output To A File

nmap -oN result.nmap 192.168.1.1

Save Output As Xml

nmap -oX result.xml 192.168.1.1

Save Output As Grepable

nmap -oG result.gnmap 192.168.1.1

Save In All Formats

nmap -oA result.gnmap 192.168.1.1

Nmap Scripts

Scripts run against host to get information or check some thing with related protocol.

LEARN MORE  How To Discover Network Hosts With Nmap?

Scan Using Default Scripts

nmap -sC 192.168.1.1

Get Help About Script

nmap --script-help=http_open_proxy

Scan Using Specific Script

nmap --script=http_open_proxy

Scan Using Group Of Script

nmap --script=auth 192.168.1.1

Leave a Comment