Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
6 views3 pages

Nmap Command Cheat Sheet

Uploaded by

nadopap435
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views3 pages

Nmap Command Cheat Sheet

Uploaded by

nadopap435
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Nmap Command Cheat Sheet

Basic Scan Commands


nmap <target>

- Quick scan (default 1000 ports)

nmap <IP1> <IP2> <IP3>

- Scan multiple IPs

nmap 192.168.1.0/24

- Scan entire subnet

Port Scanning
nmap -p 80 <target>

- Scan specific port

nmap -p 22,80,443 <target>

- Scan multiple specific ports

nmap -p 1-1000 <target>

- Scan port range

nmap -p- <target>

- Scan all 65535 ports

Scan Types
nmap -sS <target>

- TCP SYN Scan (default, stealthy)

nmap -sT <target>

- TCP Connect Scan

nmap -sU <target>

- UDP Scan

nmap -sS -sU <target>


- Combined TCP and UDP Scan

Service and Version Detection


nmap -sV <target>

- Detect service/version info

nmap -A <target>

- Aggressive scan (includes -sV, -O, -A, and script scanning)

Operating System Detection


nmap -O <target>

- Detect OS and traceroute

nmap -A <target>

- Full OS detection + version scan + script scan + traceroute

Script Scanning (NSE)


nmap -sC <target>

- Run default scripts

nmap --script=ftp-anon <target>

- Run specific script

nmap --script=vuln <target>

- Run scripts from a category (e.g., vuln)

Scan Output Options


nmap -oN normal.txt -oX output.xml -oG output.grep <target>

- Save output to file (normal, XML, grepable)

Bypass Firewalls/IDS
nmap -f <target>

- Fragment packets
nmap -D RND:10 <target>

- Decoy scan

nmap --source-port 53 <target>

- Source port (e.g., port 53 to bypass filters)

Scan Timing and Performance


nmap -T4 <target>

- Set timing template (0-5)

nmap -T5 <target>

- Max speed (less stealthy)

Scanning over different protocols


nmap -sY <target>

- SCTP INIT scan

nmap -sO <target>

- IP protocol scan

Other Useful Options


nmap -n <target>

- Scan with DNS resolution disabled

nmap -Pn <target>

- Treat host as online (skip ping)

nmap -v <target>

- Enable verbose mode

nmap --reason <target>

- Show reason for each result

You might also like