Hacker's Docs
  • Main
  • Web Security
    • Security Headers
      • Content Security Policy
      • Same Origin Policy
    • Web Vulnerabilities
      • Cross Site Scripting
        • Stored XSS
      • Cross Site Request Forgery
        • CSRF Best Practices
        • CSRF Example Usages
      • Server Side Request Forgery
      • SQL Injection
  • Secure Coding Practices
    • Learning Resources
  • Cheatsheets
    • Security Tools
      • Nmap
      • Tcpdump
    • Cloud Tools
      • Argo
      • Docker
      • Kubernetes
    • Coding
      • Bash
      • Go
      • Python
      • C++
  • AI Security
    • Learning Resources
  • Coding Practices
    • Leetcode
    • API
    • Log Parsing
  • Penetration Testing
Powered by GitBook
On this page
  • Basic Scanning
  • Port Scanning
  • Scan Types
  • Service and Version Detection
  • OS Detection
  • Scripts and NSE (Nmap Scripting Engine)
  • Timing and Performance
  • Output Options
  • Firewall and IDS Evasion
  • Miscellaneous

Was this helpful?

  1. Cheatsheets
  2. Security Tools

Nmap

Basic Scanning

  • Scan a single host: nmap <hostname or IP>

  • Scan multiple hosts: nmap <host1> <host2> <host3>

  • Scan a range of IPs: nmap <IP range> (e.g., nmap 192.168.1.1-20)

  • Scan a subnet: nmap <CIDR> (e.g., nmap 192.168.1.0/24)

  • Scan from a file: nmap -iL <input file>

Port Scanning

  • Scan common ports: nmap -p <port list> (e.g., nmap -p 22,80,443)

  • Scan all ports: nmap -p-

  • Scan specific range of ports: nmap -p <start>-<end> (e.g., nmap -p 1000-2000)

Scan Types

  • TCP Connect Scan: nmap -sT

  • SYN Scan: nmap -sS

  • UDP Scan: nmap -sU

  • TCP ACK Scan: nmap -sA

  • TCP Window Scan: nmap -sW

  • TCP Maimon Scan: nmap -sM

Service and Version Detection

  • Service detection: nmap -sV

  • Aggressive service detection: nmap -sV --version-intensity 5

OS Detection

  • Operating system detection: nmap -O

  • Aggressive detection: nmap -A

Scripts and NSE (Nmap Scripting Engine)

  • List available scripts: nmap --script-help

  • Run a script: nmap --script <script name>

  • Run multiple scripts: nmap --script <script1>,<script2>

Timing and Performance

  • Set timing template: nmap -T<0-5> (0: slowest, 5: fastest)

  • Max parallel scans: nmap --max-parallelism <number>

  • Max retries: nmap --max-retries <number>

Output Options

  • Normal output: nmap -oN <filename>

  • XML output: nmap -oX <filename>

  • Grepable output: nmap -oG <filename>

  • All formats: nmap -oA <basename>

Firewall and IDS Evasion

  • Fragment packets: nmap -f

  • Specify a decoy: nmap -D <decoy1,decoy2,...>

  • Send bad checksums: nmap --badsum

  • Set source port: nmap --source-port <port>

Miscellaneous

  • Scan with root privileges: sudo nmap <options>

  • Resume scan: nmap --resume <filename>

  • Use IPv6: nmap -6

Examples

  • Basic Scan: nmap scanme.nmap.org

  • TCP SYN Scan: sudo nmap -sS 192.168.1.1

  • Service Version Detection: nmap -sV example.com

  • OS Detection: nmap -O 192.168.1.1

  • Aggressive Scan: nmap -A scanme.nmap.org

  • Save Output to All Formats: nmap -oA output example.com

  • UDP Scan: sudo nmap -sU -p 123,161,162 example.com

This cheatsheet covers the basic and commonly used options of Nmap. For more advanced usage and options, refer to the Nmap official documentation.

PreviousSecurity ToolsNextTcpdump

Last updated 9 months ago

Was this helpful?