# Nmap

### Basic Scanning

* **Scan a single host**: `nmap <hostname or IP>`
* **Scan multiple hosts**: `nmap <host1> <host2> <host3>`
* **Scan a range of IPs**: `nmap <IP range>` (e.g., `nmap 192.168.1.1-20`)
* **Scan a subnet**: `nmap <CIDR>` (e.g., `nmap 192.168.1.0/24`)
* **Scan from a file**: `nmap -iL <input file>`

### Port Scanning

* **Scan common ports**: `nmap -p <port list>` (e.g., `nmap -p 22,80,443`)
* **Scan all ports**: `nmap -p-`
* **Scan specific range of ports**: `nmap -p <start>-<end>` (e.g., `nmap -p 1000-2000`)

### Scan Types

* **TCP Connect Scan**: `nmap -sT`
* **SYN Scan**: `nmap -sS`
* **UDP Scan**: `nmap -sU`
* **TCP ACK Scan**: `nmap -sA`
* **TCP Window Scan**: `nmap -sW`
* **TCP Maimon Scan**: `nmap -sM`

### Service and Version Detection

* **Service detection**: `nmap -sV`
* **Aggressive service detection**: `nmap -sV --version-intensity 5`

### OS Detection

* **Operating system detection**: `nmap -O`
* **Aggressive detection**: `nmap -A`

### Scripts and NSE (Nmap Scripting Engine)

* **List available scripts**: `nmap --script-help`
* **Run a script**: `nmap --script <script name>`
* **Run multiple scripts**: `nmap --script <script1>,<script2>`

### Timing and Performance

* **Set timing template**: `nmap -T<0-5>` (0: slowest, 5: fastest)
* **Max parallel scans**: `nmap --max-parallelism <number>`
* **Max retries**: `nmap --max-retries <number>`

### Output Options

* **Normal output**: `nmap -oN <filename>`
* **XML output**: `nmap -oX <filename>`
* **Grepable output**: `nmap -oG <filename>`
* **All formats**: `nmap -oA <basename>`

### Firewall and IDS Evasion

* **Fragment packets**: `nmap -f`
* **Specify a decoy**: `nmap -D <decoy1,decoy2,...>`
* **Send bad checksums**: `nmap --badsum`
* **Set source port**: `nmap --source-port <port>`

### Miscellaneous

* **Scan with root privileges**: `sudo nmap <options>`
* **Resume scan**: `nmap --resume <filename>`
* **Use IPv6**: `nmap -6`

#### Examples

* **Basic Scan**: `nmap scanme.nmap.org`
* **TCP SYN Scan**: `sudo nmap -sS 192.168.1.1`
* **Service Version Detection**: `nmap -sV example.com`
* **OS Detection**: `nmap -O 192.168.1.1`
* **Aggressive Scan**: `nmap -A scanme.nmap.org`
* **Save Output to All Formats**: `nmap -oA output example.com`
* **UDP Scan**: `sudo nmap -sU -p 123,161,162 example.com`

This cheatsheet covers the basic and commonly used options of Nmap. For more advanced usage and options, refer to the Nmap official documentation.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hackerspot.net/cheatsheets/security-tools/nmap.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.