Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
11 views4 pages

Extended Nmap Commands

The document provides a comprehensive list of Nmap commands along with their descriptions for network scanning and security auditing. Each command is designed for specific tasks such as detecting open ports, performing OS detection, and outputting scan results in various formats. Examples of command usage are also included to illustrate practical applications.

Uploaded by

aw2767164
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
11 views4 pages

Extended Nmap Commands

The document provides a comprehensive list of Nmap commands along with their descriptions for network scanning and security auditing. Each command is designed for specific tasks such as detecting open ports, performing OS detection, and outputting scan results in various formats. Examples of command usage are also included to illustrate practical applications.

Uploaded by

aw2767164
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Nmap commands

Command Description
nmap <target> Performs a basic scan on the target IP or domain.
nmap -sS <target> Performs a TCP SYN scan to detect open ports.
nmap -sT <target> Performs a TCP connect scan (less stealthy).
nmap -sU <target> Performs a UDP scan to detect open UDP ports.
nmap -A <target> Performs OS detection, version detection, script scanning, and traceroute.
nmap -O <target> Detects the operating system of the target.
nmap -sV <target> Detects version information of services running on open ports.
nmap -p <port> <target> Scans a specific port on the target.
nmap -p- <target> Scans all 65535 TCP ports on the target.
nmap -Pn <target> Disables host discovery and scans all specified ports.
nmap -sC <target> Runs default scripts against the target.
nmap --script=<script_name> <target> Runs a specific Nmap script against the target.
nmap -v <target> Enables verbose mode to display detailed information during the scan.
nmap -T<0-5> <target> Sets the timing template (0 is slowest, 5 is fastest).
nmap -oN <filename> <target> Outputs results in normal format to a file.
nmap -oX <filename> <target> Outputs results in XML format to a file.
nmap --top-ports <number> <target> Scans the top N most common ports.
nmap --open <target> Shows only open ports in the scan results.
nmap -6 <target> Performs a scan on an IPv6 address.
nmap -sP <target> Performs a ping scan to check if hosts are up.
nmap -sW <target> Performs a TCP Window scan.
nmap -sM <target> Performs a TCP Maimon scan.
nmap --packet-trace <target> Displays all packets sent and received.
nmap --reason <target> Shows the reason a port is reported as open, closed, or filtered.
nmap --stats-every <time> <target> Provides periodic scanning progress updates.
nmap -sR <target> Performs an RPC scan.
nmap -sL <target> Lists targets without scanning them.
nmap -sn <target> Performs a ping-only scan.
nmap -f <target> Enables packet fragmentation to bypass firewalls.
nmap --mtu <value> <target> Sets a custom MTU size for packets.
nmap --badsum <target> Sends packets with a bad checksum to test firewall responses.
nmap -D <decoy1,decoy2,...> <target> Uses decoys to hide the scanning source.
nmap -g <port> <target> Sets a source port for the scan.
nmap -oG <filename> <target> Outputs results in grepable format.
nmap -oA <basename> <target> Outputs results in all formats (normal, XML, and grepable).
nmap -iL <list.txt> Reads targets from a file.
nmap -iR <number> Scans random targets.
nmap -sX <target> Performs a Xmas scan to detect open ports.
nmap -sF <target> Performs a FIN scan to detect open ports.
nmap -sN <target> Performs a NULL scan to detect open ports.
nmap -sI <zombie_host> <target> Performs an idle scan using a zombie host.
nmap --traceroute <target> Performs a traceroute to the target.
nmap --script-help <script_name> Provides detailed help about a script.
nmap --dns-servers <dns> <target> Uses a specific DNS server for lookups.
nmap --version-all <target> Displays all available version details for services.
Example
nmap 192.168.1.1
nmap -sS 192.168.1.1
nmap -sT 192.168.1.1
nmap -sU 192.168.1.1
nmap -A 192.168.1.1
nmap -O 192.168.1.1
nmap -sV 192.168.1.1
nmap -p 80 192.168.1.1
nmap -p- 192.168.1.1
nmap -Pn 192.168.1.1
nmap -sC 192.168.1.1
nmap --script=http-title 192.168.1.1
nmap -v 192.168.1.1
nmap -T4 192.168.1.1
nmap -oN output.txt 192.168.1.1
nmap -oX output.xml 192.168.1.1
nmap --top-ports 20 192.168.1.1
nmap --open 192.168.1.1
nmap -6 fe80::1
nmap -sP 192.168.1.0/24
nmap -sW 192.168.1.1
nmap -sM 192.168.1.1
nmap --packet-trace 192.168.1.1
nmap --reason 192.168.1.1
nmap --stats-every 5s 192.168.1.1
nmap -sR 192.168.1.1
nmap -sL 192.168.1.0/24
nmap -sn 192.168.1.0/24
nmap -f 192.168.1.1
nmap --mtu 24 192.168.1.1
nmap --badsum 192.168.1.1
nmap -D RND:10 192.168.1.1
nmap -g 53 192.168.1.1
nmap -oG output.gnmap 192.168.1.1
nmap -oA output 192.168.1.1
nmap -iL targets.txt
nmap -iR 10
nmap -sX 192.168.1.1
nmap -sF 192.168.1.1
nmap -sN 192.168.1.1
nmap -sI zombie.example.com 192.168.1.1
nmap --traceroute 192.168.1.1
nmap --script-help http-title
nmap --dns-servers 8.8.8.8 192.168.1.1
nmap --version-all 192.168.1.1

You might also like