Nmap
Basic Scanning
Scan a single host:
nmap <hostname or IP>Scan multiple hosts:
nmap <host1> <host2> <host3>Scan a range of IPs:
nmap <IP range>(e.g.,nmap 192.168.1.1-20)Scan a subnet:
nmap <CIDR>(e.g.,nmap 192.168.1.0/24)Scan from a file:
nmap -iL <input file>
Port Scanning
Scan common ports:
nmap -p <port list>(e.g.,nmap -p 22,80,443)Scan all ports:
nmap -p-Scan specific range of ports:
nmap -p <start>-<end>(e.g.,nmap -p 1000-2000)
Scan Types
TCP Connect Scan:
nmap -sTSYN Scan:
nmap -sSUDP Scan:
nmap -sUTCP ACK Scan:
nmap -sATCP Window Scan:
nmap -sWTCP Maimon Scan:
nmap -sM
Service and Version Detection
Service detection:
nmap -sVAggressive service detection:
nmap -sV --version-intensity 5
OS Detection
Operating system detection:
nmap -OAggressive detection:
nmap -A
Scripts and NSE (Nmap Scripting Engine)
List available scripts:
nmap --script-helpRun a script:
nmap --script <script name>Run multiple scripts:
nmap --script <script1>,<script2>
Timing and Performance
Set timing template:
nmap -T<0-5>(0: slowest, 5: fastest)Max parallel scans:
nmap --max-parallelism <number>Max retries:
nmap --max-retries <number>
Output Options
Normal output:
nmap -oN <filename>XML output:
nmap -oX <filename>Grepable output:
nmap -oG <filename>All formats:
nmap -oA <basename>
Firewall and IDS Evasion
Fragment packets:
nmap -fSpecify a decoy:
nmap -D <decoy1,decoy2,...>Send bad checksums:
nmap --badsumSet source port:
nmap --source-port <port>
Miscellaneous
Scan with root privileges:
sudo nmap <options>Resume scan:
nmap --resume <filename>Use IPv6:
nmap -6
Examples
Basic Scan:
nmap scanme.nmap.orgTCP SYN Scan:
sudo nmap -sS 192.168.1.1Service Version Detection:
nmap -sV example.comOS Detection:
nmap -O 192.168.1.1Aggressive Scan:
nmap -A scanme.nmap.orgSave Output to All Formats:
nmap -oA output example.comUDP Scan:
sudo nmap -sU -p 123,161,162 example.com
This cheatsheet covers the basic and commonly used options of Nmap. For more advanced usage and options, refer to the Nmap official documentation.
Last updated
Was this helpful?