[rps-include post=6632]

Requirement for scanning is target specification. Nmap provides different methodologies to set targets.

Single Host Address

This is the simplest and mostly used target specification. We only provide single ip address.

$ nmap 192.168.1.1

• 192.168.1.1 is the target ip address

Dns Name

Nmap can use DNS names as targets. It will resolve DNS addresses into ip addresses. Be sure that DNS is working in the system

$ nmap localhost.com

• localhost.com is the DNS name of our IP address

Multiple Dns Names

We can also provide multiple dns names into nmap to scan like below.

$ nmap google.com microsoft.com

Multiple Host Address

As we see that scanning hosts one by one is tedious work. We may specify multiple hosts in very different ways.

$ nmap 192.168.1.*

• 192.168.1.* is network address. * means possible all values which mean from 0 to 255

$ nmap 192.168.*.*

• As we expect we will scan /16 subnet in other words 192.168.0.0/16 

As Network Address

We can provide targets with CIDR masks.

$ nmap 192.168.1.0/24

• Scan C class 192.168.1.0 network

$ nmap 192.168.0.0/20

• Scans between 192.168.0.0 – 192.168.15.255

$ nmap 192.168.0.0-192.168.15.255

• Scans between 192.168.0.0 – 192.168.15.255
• – is used to specify range

Reading From File Line By Line

In enterprise environment there is a lot ip hosts. So specifying them by network can not be a good way. There is an option which is reading target hosts/networks from file.

We create a file named db  and add hosts/networks line by line like below

10.0.0.10 
10.0.0.11
10.0.1.0/24

Now we can use -iL  to scan these hosts

$ nmap -iL db

• We provide text file with -iL and the file name is db. As we see we can provide network addresses too. 10.0.1.0/24 is a network address.

[rps-include post=6632]