Target Specification
Switch Example Description
- nmap 192.168.1.1 Scan a single IP
- nmap 192.168.1.1 192.168.2.1 Scan specific IPs
nmap 192.168.1.1-254 Scan a range
-
nmap scanme.nmap.org Scan a domain
-
nmap 192.168.1.0/24 Scan using CIDR notation
-
-iL nmap -iL targets.txt Scan targets from a file
-iR nmap -iR 100 Scan 100 random hosts
- exclude nmap -exclude 192.168.1.1 Exclude listed hosts
Host Discovery
-sL nmap 192.168.1.1-3 -sL nmap No Scan. List targets only Disable port scanning.
-sn 192.168.1.1/24 -sn nmap Host discovery only Disable host discovery. Port
-Pn 192.168.1.1-5 -Pn nmap scan only TCP SYN discovery on port x. Port 80
-PS 192.168.1.1-5 -PS22-25,80 nmap by default TCP ACK discovery on port x. Port 80
-PA 192.168.1.1-5 -PA22-25,80 nmap by default UDP discovery on port x. Port 40125
-PU 192.168.1.1-5 -PU53 nmap by default ARP discovery on local network
-PR 192.168.1.1-1/24 -PR nmap Never do DNS resolution
-n 192.168.1.1 -n
Port Specification
-p nmap 192.168.1.1 -p 21 Port scan for port x
-p nmap 192.168.1.1 -p 21-100 Port range
-p nmap 192.168.1.1 -p U:53,T:21-25,80 Port scan multiple TCP and UDP ports
-p nmap 192.168.1.1 -p- Port scan all ports
-p nmap 192.168.1.1 -p http,https Port scan from service name
-F nmap 192.168.1.1 -F Fast port scan (100 ports)
-top-ports nmap 192.168.1.1 -top-ports 2000 Port scan the top x ports
-p-65535 nmap 192.168.1.1 -p-65535 Leaving off initial port the scan start at port 1
Leaving off end port the scan go through to port
-p0- nmap 192.168.1.1 -p0- 65535
www.codelivly.com 1
�OS Detection
Switch Example Description
Remote OS detection using TCP/IP stack
-O nmap 192.168.1.1 -O
fingerprinting
If at least one open and one closed TCP port are not
-O --osscan-limit nmap 192.168.1.1 -O -osscan-limit
found it will not try OS detection against host
-O --osscan-guess nmap 192.168.1.1 -O -osscan-guess Makes Nmap guess more aggressively
Set the maximum number x of OS detection tries
-O --max-os-tries nmap 192.168.1.1 -O -max-os-tries 1 against a target
Enables OS detection, version detection, script
-A nmap 192.168.1.1 -A scanning and traceroute (Aggresive Scan)
Service and Version Detection
Attempts to determine the version of the service
-sV nmap 192.168.1.1 -sV running on port
Intensity level 0 to 9. Higher number increases
-sV
nmap 192.168.1.1 -sV --version-intensity 8 possibility of correctness
--version-intensity
Enable light mode. Lower possibility of correctness.
-sV --version-light nmap 192.168.1.1 -sV --version-light Faster
Enable intensity level 9. Higher possibility of
-sV --version-all nmap 192.168.1.1 -sV --version-all correctness. Slower
Enables OS detection, version detection, script
-A nmap 192.168.1.1 -A scanning, and traceroute
NSE Scripts
-sC Scan with default NSE scripts. Considered useful for
nmap 192.168.1.1 -sC
discovery and safe
Scan with default NSE scripts. Considered useful for
--script default nmap 192.168.1.1 --script default
discovery and safe
--script nmap 192.168.1.1 --script=banner Scan with a single script. Example banner
--script nmap 192.168.1.1 --script=http* Scan with a wildcard. Example http
--script nmap 192.168.1.1 --script=http,banner Scan with two scripts. Example http and banner
--script nmap 192.168.1.1 --script "not intrusive" Scan default, but remove intrusive scripts
nmap --script snmp-sysdescr --script-args
--script --script-args NSE script with arguments
snmpcommunity=admin 192.168.1.1
www.codelivly.com 2
