際際滷

際際滷Share a Scribd company logo

Complete Nmap Scanning Commands CheatSheet by Hackopedia Utkarsh Thakur

H
Hackopedia Utkarsh Thakur

Complete Nmap Scanning Commands CheatSheet by Hackopedia Utkarsh Thakur, ETHICAL HACKING , HACKOPEDIA

1 of 3
Download to read offline
Complete Nmap Scanning Commands CheatSheet by Hackopedia Utkarsh Thakur 1. Basic Scans: nmap <target> - Basic scan (default is a SYN scan). nmap -sT <target> - TCP connect scan (slower but useful for unprivileged users). nmap -sS <target> - SYN scan (default, stealthy and fast). nmap -sU <target> - UDP scan. nmap -p <port> <target> - Scan specific port. nmap -p- <target> - Scan all 65535 ports. 2. Service and Version Detection: nmap -sV <target> - Detect service version. nmap -A <target> - Aggressive scan (OS detection, version, script scanning, and traceroute). nmap -O <target> - OS detection. nmap --version-intensity 5 <target> - More accurate version detection. 3. Port Scanning Techniques: nmap -p1-1000 <target> - Scan first 1000 ports. nmap -p80,443,22 <target> - Scan specific ports. nmap -F <target> - Fast scan (only scans commonly used ports). nmap -sN <target> - Null scan (no flags, stealthy). nmap -sF <target> - FIN scan (stealthy, used to bypass some firewalls). nmap -sX <target> - Xmas scan (stealthy but less effective). 4. Firewall and IDS Evasion: nmap -f <target> - Fragment packets to bypass firewalls. nmap --mtu 16 <target> - Custom packet sizes. nmap --scan-delay 5s <target> - Slower scanning to evade detection. nmap --badsum <target> - Send packets with bad checksums to evade firewalls. nmap -D RND:10 <target> - Use 10 random decoys to obscure the real scan. nmap -S <spoofed IP> <target> - Spoof source IP.
5. Script Scanning (NSE): nmap --script=http-enum <target> - Enumerate HTTP services. nmap --script=vuln <target> - Scan for known vulnerabilities. nmap --script=default <target> - Run default scripts. nmap --script=banner <target> - Grab service banners. nmap --script=smb-os-discovery <target> - Identify SMB services and OS version. 6. Network and Host Discovery: nmap -sn <network> - Ping scan (find live hosts). nmap -Pn <target> - Disable ping (useful if ICMP is blocked). nmap -PS22,80,443 <target> - TCP SYN Ping. nmap -PU53,123 <target> - UDP Ping. nmap --traceroute <target> - Traceroute with Nmap. nmap -R <target> - Reverse DNS resolution. 7. Performance and Speed Optimization: nmap -T0 <target> - Paranoid scan (very slow, avoids detection). nmap -T3 <target> - Normal scan (default speed). nmap -T4 <target> - Aggressive scan (fast but detectable). nmap -T5 <target> - Insane scan (fastest but easily detectable). nmap --max-retries 1 <target> - Reduce retry count. nmap --min-rate 1000 <target> - Set minimum scan rate. 8. IPv6 Scanning: nmap -6 <IPv6 address> - Scan an IPv6 target. nmap -sP -6 <network> - Discover IPv6 hosts. nmap -p80 -6 <IPv6 address> - Scan specific ports on IPv6. 9. Aggressive and Comprehensive Scans: nmap -A <target> - Full scan with OS, service detection, scripts, and traceroute. nmap -p- -A <target> - Aggressive scan on all ports. nmap -sS -sV -O -A -p- <target> - Full stealth scan with all details. nmap -sC <target> - Run default scripts. 10. Output and Logging: nmap -oN output.txt <target> - Save output in normal text format. nmap -oX output.xml <target> - Save output in XML format.
nmap -oG output.gnmap <target> - Save output in greppable format. nmap -v <target> - Verbose mode (detailed output). nmap -d <target> - Debug mode. 11. Scanning Multiple Targets: nmap <target1> <target2> - Scan multiple hosts. nmap 192.168.1.1-100 - Scan a range of IPs. nmap -iL targets.txt - Scan targets from a file. nmap -iR 100 - Scan 100 random hosts. 12. Advanced Scanning and Exploitation: nmap --script=exploit <target> - Run exploit scripts. nmap --script=http-vuln* <target> - Scan for HTTP vulnerabilities. nmap --script=smb-vuln* <target> - Scan for SMB vulnerabilities. nmap --script=ftp-anon <target> - Check for anonymous FTP access. 13. Brute-Force and Password Attacks: nmap --script=ssh-brute <target> - SSH brute force attack. nmap --script=ftp-brute <target> - FTP brute force. nmap --script=http-brute <target> - HTTP brute force. nmap --script=smb-brute <target> - SMB brute force. This document provides all essential Nmap scanning commands, from basic to advanced techniques. It can be used as a quick reference guide for penetration testers, ethical hackers, and network administrators. For best performance, always scan responsibly and ensure legal compliance when testing networks. Prepared by HACKOPEDIA Utkarsh Thakur

Recommended

Network Mapper (NMAP)
Network Mapper (NMAP)Network Mapper (NMAP)
Network Mapper (NMAP)
KHNOG
NMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge AcademyNMap 101 offline meetup by CyberForge Academy
NMap 101 offline meetup by CyberForge Academy
cyberforgeacademy
Nmap and metasploitable
Nmap and metasploitableNmap and metasploitable
Nmap and metasploitable
Mohammed Akbar Shariff
Zen map
Zen mapZen map
Zen map
harisnaved
NMAP
NMAPNMAP
NMAP
PrateekAryan1
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
Phannarith Ou, G-CISO
NMap
NMapNMap
NMap
Pritesh Raka
Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019Null Delhi chapter - Feb 2019
Null Delhi chapter - Feb 2019
Nikhil Raj
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information Gathering
PRISMA CSI
Nmap commands
Nmap commandsNmap commands
Nmap commands
Kailash Kumar
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
Aryan G
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Bishop Fox
Nmap
NmapNmap
Nmap
Megha Sahu
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
amiable_indian
NMAP1.ppt
NMAP1.pptNMAP1.ppt
NMAP1.ppt
DakshKhurana15
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
Harsh Desai
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
Network for amin
Network for aminNetwork for amin
Network for amin
adnan alshulah
Nmap basics
Nmap basicsNmap basics
Nmap basics
itmind4u
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
Nutan Kumar Panda
Nmap is a network scanner created by Gordon Lyon
Nmap is a network scanner created by Gordon LyonNmap is a network scanner created by Gordon Lyon
Nmap is a network scanner created by Gordon Lyon
medoelkang600
Network scanning
Network scanningNetwork scanning
Network scanning
MD SAQUIB KHAN
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1
Arduino Aficionado
Nmap
NmapNmap
Nmap
Fat-Thing Gabriel-Culley
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community
Namp
Namp Namp
Namp
penetration Tester
Nmap Discovery
Nmap DiscoveryNmap Discovery
Nmap Discovery
Tai Pan
Odoo demo .pdf
Odoo demo .pdfOdoo demo .pdf
Odoo demo .pdf
dela33martin33
Mobile App Security Essential Tips to Protect Your App in 2025.pdf
Mobile App Security Essential Tips to Protect Your App in 2025.pdfMobile App Security Essential Tips to Protect Your App in 2025.pdf
Mobile App Security Essential Tips to Protect Your App in 2025.pdf
WebConnect Pvt Ltd

More Related Content

Similar to Complete Nmap Scanning Commands CheatSheet by Hackopedia Utkarsh Thakur (20)

Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information Gathering
PRISMA CSI
Nmap commands
Nmap commandsNmap commands
Nmap commands
Kailash Kumar
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
Aryan G
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Bishop Fox
Nmap
NmapNmap
Nmap
Megha Sahu
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
amiable_indian
NMAP1.ppt
NMAP1.pptNMAP1.ppt
NMAP1.ppt
DakshKhurana15
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
Harsh Desai
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
Network for amin
Network for aminNetwork for amin
Network for amin
adnan alshulah
Nmap basics
Nmap basicsNmap basics
Nmap basics
itmind4u
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
Nutan Kumar Panda
Nmap is a network scanner created by Gordon Lyon
Nmap is a network scanner created by Gordon LyonNmap is a network scanner created by Gordon Lyon
Nmap is a network scanner created by Gordon Lyon
medoelkang600
Network scanning
Network scanningNetwork scanning
Network scanning
MD SAQUIB KHAN
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1
Arduino Aficionado
Nmap
NmapNmap
Nmap
Fat-Thing Gabriel-Culley
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community
Namp
Namp Namp
Namp
penetration Tester
Nmap Discovery
Nmap DiscoveryNmap Discovery
Nmap Discovery
Tai Pan
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
OWASP Delhi
Practical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information GatheringPractical White Hat Hacker Training - Active Information Gathering
Practical White Hat Hacker Training - Active Information Gathering
PRISMA CSI
Nmap commands
Nmap commandsNmap commands
Nmap commands
Kailash Kumar
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
Aryan G
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Bishop Fox
Nmap
NmapNmap
Nmap
Megha Sahu
Nmap Basics
Nmap BasicsNmap Basics
Nmap Basics
amiable_indian
NMAP1.ppt
NMAP1.pptNMAP1.ppt
NMAP1.ppt
DakshKhurana15
Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3Nmap basics-1198948509608024-3
Nmap basics-1198948509608024-3
Harsh Desai
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
amiable_indian
Network for amin
Network for aminNetwork for amin
Network for amin
adnan alshulah
Nmap basics
Nmap basicsNmap basics
Nmap basics
itmind4u
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
Nutan Kumar Panda
Nmap is a network scanner created by Gordon Lyon
Nmap is a network scanner created by Gordon LyonNmap is a network scanner created by Gordon Lyon
Nmap is a network scanner created by Gordon Lyon
medoelkang600
Network scanning
Network scanningNetwork scanning
Network scanning
MD SAQUIB KHAN
Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1Nmap5.cheatsheet.eng.v1
Nmap5.cheatsheet.eng.v1
Arduino Aficionado
Nmap
NmapNmap
Nmap
Fat-Thing Gabriel-Culley
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community
Namp
Namp Namp
Namp
penetration Tester
Nmap Discovery
Nmap DiscoveryNmap Discovery
Nmap Discovery
Tai Pan

Recently uploaded (20)

Odoo demo .pdf
Odoo demo .pdfOdoo demo .pdf
Odoo demo .pdf
dela33martin33
Mobile App Security Essential Tips to Protect Your App in 2025.pdf
Mobile App Security Essential Tips to Protect Your App in 2025.pdfMobile App Security Essential Tips to Protect Your App in 2025.pdf
Mobile App Security Essential Tips to Protect Your App in 2025.pdf
WebConnect Pvt Ltd
Chapter 1 Handoutfffffffffffffffffffffffffffffffffffff.pdf
Chapter 1 Handoutfffffffffffffffffffffffffffffffffffff.pdfChapter 1 Handoutfffffffffffffffffffffffffffffffffffff.pdf
Chapter 1 Handoutfffffffffffffffffffffffffffffffffffff.pdf
hamsalubekana
Expert Odoo support services (1).pdf
Expert Odoo support services (1).pdfExpert Odoo support services (1).pdf
Expert Odoo support services (1).pdf
dela33martin33
Scope of Work by 際際滷sgo.pptx by school
Scope of Work by 際際滷sgo.pptx by schoolScope of Work by 際際滷sgo.pptx by school
Scope of Work by 際際滷sgo.pptx by school
larasgm2002
01 Dell EMC Heroes Novedades de DPS_Estrategia.pdf
01 Dell EMC Heroes Novedades de DPS_Estrategia.pdf01 Dell EMC Heroes Novedades de DPS_Estrategia.pdf
01 Dell EMC Heroes Novedades de DPS_Estrategia.pdf
Fernando564134
Exploring the Warhammer 40k Universe.pdf
Exploring the Warhammer 40k Universe.pdfExploring the Warhammer 40k Universe.pdf
Exploring the Warhammer 40k Universe.pdf
davidwarren322002
Odoo POS Development Company .pdf
Odoo POS Development Company .pdfOdoo POS Development Company .pdf
Odoo POS Development Company .pdf
dela33martin33
際際滷s: Eco Economic Epochs World Game's Great Redesign .pdf
際際滷s: Eco Economic Epochs World Game's Great Redesign .pdf際際滷s: Eco Economic Epochs World Game's Great Redesign .pdf
際際滷s: Eco Economic Epochs World Game's Great Redesign .pdf
Steven McGee
Lets make Cycling Smarter and Safer.pptx
Lets make Cycling Smarter and Safer.pptxLets make Cycling Smarter and Safer.pptx
Lets make Cycling Smarter and Safer.pptx
hapax77239
Microsoft Azure: Empowering the Future of Cloud Technology
Microsoft Azure: Empowering the Future of Cloud TechnologyMicrosoft Azure: Empowering the Future of Cloud Technology
Microsoft Azure: Empowering the Future of Cloud Technology
cyberpoint678
SITUS GACOR TERPERCAYA - KAJIAN4D!
SITUS GACOR TERPERCAYA - KAJIAN4D! SITUS GACOR TERPERCAYA - KAJIAN4D!
SITUS GACOR TERPERCAYA - KAJIAN4D!
KAJIAN4D
Chapter-2-NSA_Network System Administration.pdf
Chapter-2-NSA_Network System Administration.pdfChapter-2-NSA_Network System Administration.pdf
Chapter-2-NSA_Network System Administration.pdf
AssefaSen
BGP Best Practices, presented by Imtiaz Sajid
BGP Best Practices, presented by Imtiaz SajidBGP Best Practices, presented by Imtiaz Sajid
BGP Best Practices, presented by Imtiaz Sajid
APNIC
Generative artificial intelligence in EU Grant Writing
Generative artificial intelligence in EU Grant WritingGenerative artificial intelligence in EU Grant Writing
Generative artificial intelligence in EU Grant Writing
Peter Trkman
The-Power-of-Digital-Marketing-Fueling-Business-Growth.pdf
The-Power-of-Digital-Marketing-Fueling-Business-Growth.pdfThe-Power-of-Digital-Marketing-Fueling-Business-Growth.pdf
The-Power-of-Digital-Marketing-Fueling-Business-Growth.pdf
makelinkak002
Epochalypse 2038 - Remediating the 32-bit Timestamp Risk at Global Scale (Pub...
Epochalypse 2038 - Remediating the 32-bit Timestamp Risk at Global Scale (Pub...Epochalypse 2038 - Remediating the 32-bit Timestamp Risk at Global Scale (Pub...
Epochalypse 2038 - Remediating the 32-bit Timestamp Risk at Global Scale (Pub...
treyka
Odoo Service Provider .pdf
Odoo Service Provider .pdfOdoo Service Provider .pdf
Odoo Service Provider .pdf
dela33martin33
Measuring ECN, presented by Geoff Huston at IETF 122
Measuring ECN, presented by Geoff Huston at IETF 122Measuring ECN, presented by Geoff Huston at IETF 122
Measuring ECN, presented by Geoff Huston at IETF 122
APNIC
Hire Odoo Consultant .pdf
Hire Odoo Consultant .pdfHire Odoo Consultant .pdf
Hire Odoo Consultant .pdf
dela33martin33
Odoo demo .pdf
Odoo demo .pdfOdoo demo .pdf
Odoo demo .pdf
dela33martin33
Mobile App Security Essential Tips to Protect Your App in 2025.pdf
Mobile App Security Essential Tips to Protect Your App in 2025.pdfMobile App Security Essential Tips to Protect Your App in 2025.pdf
Mobile App Security Essential Tips to Protect Your App in 2025.pdf
WebConnect Pvt Ltd
Chapter 1 Handoutfffffffffffffffffffffffffffffffffffff.pdf
Chapter 1 Handoutfffffffffffffffffffffffffffffffffffff.pdfChapter 1 Handoutfffffffffffffffffffffffffffffffffffff.pdf
Chapter 1 Handoutfffffffffffffffffffffffffffffffffffff.pdf
hamsalubekana
Expert Odoo support services (1).pdf
Expert Odoo support services (1).pdfExpert Odoo support services (1).pdf
Expert Odoo support services (1).pdf
dela33martin33
Scope of Work by 際際滷sgo.pptx by school
Scope of Work by 際際滷sgo.pptx by schoolScope of Work by 際際滷sgo.pptx by school
Scope of Work by 際際滷sgo.pptx by school
larasgm2002
01 Dell EMC Heroes Novedades de DPS_Estrategia.pdf
01 Dell EMC Heroes Novedades de DPS_Estrategia.pdf01 Dell EMC Heroes Novedades de DPS_Estrategia.pdf
01 Dell EMC Heroes Novedades de DPS_Estrategia.pdf
Fernando564134
Exploring the Warhammer 40k Universe.pdf
Exploring the Warhammer 40k Universe.pdfExploring the Warhammer 40k Universe.pdf
Exploring the Warhammer 40k Universe.pdf
davidwarren322002
Odoo POS Development Company .pdf
Odoo POS Development Company .pdfOdoo POS Development Company .pdf
Odoo POS Development Company .pdf
dela33martin33
際際滷s: Eco Economic Epochs World Game's Great Redesign .pdf
際際滷s: Eco Economic Epochs World Game's Great Redesign .pdf際際滷s: Eco Economic Epochs World Game's Great Redesign .pdf
際際滷s: Eco Economic Epochs World Game's Great Redesign .pdf
Steven McGee
Lets make Cycling Smarter and Safer.pptx
Lets make Cycling Smarter and Safer.pptxLets make Cycling Smarter and Safer.pptx
Lets make Cycling Smarter and Safer.pptx
hapax77239
Microsoft Azure: Empowering the Future of Cloud Technology
Microsoft Azure: Empowering the Future of Cloud TechnologyMicrosoft Azure: Empowering the Future of Cloud Technology
Microsoft Azure: Empowering the Future of Cloud Technology
cyberpoint678
SITUS GACOR TERPERCAYA - KAJIAN4D!
SITUS GACOR TERPERCAYA - KAJIAN4D! SITUS GACOR TERPERCAYA - KAJIAN4D!
SITUS GACOR TERPERCAYA - KAJIAN4D!
KAJIAN4D
Chapter-2-NSA_Network System Administration.pdf
Chapter-2-NSA_Network System Administration.pdfChapter-2-NSA_Network System Administration.pdf
Chapter-2-NSA_Network System Administration.pdf
AssefaSen
BGP Best Practices, presented by Imtiaz Sajid
BGP Best Practices, presented by Imtiaz SajidBGP Best Practices, presented by Imtiaz Sajid
BGP Best Practices, presented by Imtiaz Sajid
APNIC
Generative artificial intelligence in EU Grant Writing
Generative artificial intelligence in EU Grant WritingGenerative artificial intelligence in EU Grant Writing
Generative artificial intelligence in EU Grant Writing
Peter Trkman
The-Power-of-Digital-Marketing-Fueling-Business-Growth.pdf
The-Power-of-Digital-Marketing-Fueling-Business-Growth.pdfThe-Power-of-Digital-Marketing-Fueling-Business-Growth.pdf
The-Power-of-Digital-Marketing-Fueling-Business-Growth.pdf
makelinkak002
Epochalypse 2038 - Remediating the 32-bit Timestamp Risk at Global Scale (Pub...
Epochalypse 2038 - Remediating the 32-bit Timestamp Risk at Global Scale (Pub...Epochalypse 2038 - Remediating the 32-bit Timestamp Risk at Global Scale (Pub...
Epochalypse 2038 - Remediating the 32-bit Timestamp Risk at Global Scale (Pub...
treyka
Odoo Service Provider .pdf
Odoo Service Provider .pdfOdoo Service Provider .pdf
Odoo Service Provider .pdf
dela33martin33
Measuring ECN, presented by Geoff Huston at IETF 122
Measuring ECN, presented by Geoff Huston at IETF 122Measuring ECN, presented by Geoff Huston at IETF 122
Measuring ECN, presented by Geoff Huston at IETF 122
APNIC
Hire Odoo Consultant .pdf
Hire Odoo Consultant .pdfHire Odoo Consultant .pdf
Hire Odoo Consultant .pdf
dela33martin33

Complete Nmap Scanning Commands CheatSheet by Hackopedia Utkarsh Thakur

  • 1. Complete Nmap Scanning Commands CheatSheet by Hackopedia Utkarsh Thakur 1. Basic Scans: nmap <target> - Basic scan (default is a SYN scan). nmap -sT <target> - TCP connect scan (slower but useful for unprivileged users). nmap -sS <target> - SYN scan (default, stealthy and fast). nmap -sU <target> - UDP scan. nmap -p <port> <target> - Scan specific port. nmap -p- <target> - Scan all 65535 ports. 2. Service and Version Detection: nmap -sV <target> - Detect service version. nmap -A <target> - Aggressive scan (OS detection, version, script scanning, and traceroute). nmap -O <target> - OS detection. nmap --version-intensity 5 <target> - More accurate version detection. 3. Port Scanning Techniques: nmap -p1-1000 <target> - Scan first 1000 ports. nmap -p80,443,22 <target> - Scan specific ports. nmap -F <target> - Fast scan (only scans commonly used ports). nmap -sN <target> - Null scan (no flags, stealthy). nmap -sF <target> - FIN scan (stealthy, used to bypass some firewalls). nmap -sX <target> - Xmas scan (stealthy but less effective). 4. Firewall and IDS Evasion: nmap -f <target> - Fragment packets to bypass firewalls. nmap --mtu 16 <target> - Custom packet sizes. nmap --scan-delay 5s <target> - Slower scanning to evade detection. nmap --badsum <target> - Send packets with bad checksums to evade firewalls. nmap -D RND:10 <target> - Use 10 random decoys to obscure the real scan. nmap -S <spoofed IP> <target> - Spoof source IP.
  • 2. 5. Script Scanning (NSE): nmap --script=http-enum <target> - Enumerate HTTP services. nmap --script=vuln <target> - Scan for known vulnerabilities. nmap --script=default <target> - Run default scripts. nmap --script=banner <target> - Grab service banners. nmap --script=smb-os-discovery <target> - Identify SMB services and OS version. 6. Network and Host Discovery: nmap -sn <network> - Ping scan (find live hosts). nmap -Pn <target> - Disable ping (useful if ICMP is blocked). nmap -PS22,80,443 <target> - TCP SYN Ping. nmap -PU53,123 <target> - UDP Ping. nmap --traceroute <target> - Traceroute with Nmap. nmap -R <target> - Reverse DNS resolution. 7. Performance and Speed Optimization: nmap -T0 <target> - Paranoid scan (very slow, avoids detection). nmap -T3 <target> - Normal scan (default speed). nmap -T4 <target> - Aggressive scan (fast but detectable). nmap -T5 <target> - Insane scan (fastest but easily detectable). nmap --max-retries 1 <target> - Reduce retry count. nmap --min-rate 1000 <target> - Set minimum scan rate. 8. IPv6 Scanning: nmap -6 <IPv6 address> - Scan an IPv6 target. nmap -sP -6 <network> - Discover IPv6 hosts. nmap -p80 -6 <IPv6 address> - Scan specific ports on IPv6. 9. Aggressive and Comprehensive Scans: nmap -A <target> - Full scan with OS, service detection, scripts, and traceroute. nmap -p- -A <target> - Aggressive scan on all ports. nmap -sS -sV -O -A -p- <target> - Full stealth scan with all details. nmap -sC <target> - Run default scripts. 10. Output and Logging: nmap -oN output.txt <target> - Save output in normal text format. nmap -oX output.xml <target> - Save output in XML format.
  • 3. nmap -oG output.gnmap <target> - Save output in greppable format. nmap -v <target> - Verbose mode (detailed output). nmap -d <target> - Debug mode. 11. Scanning Multiple Targets: nmap <target1> <target2> - Scan multiple hosts. nmap 192.168.1.1-100 - Scan a range of IPs. nmap -iL targets.txt - Scan targets from a file. nmap -iR 100 - Scan 100 random hosts. 12. Advanced Scanning and Exploitation: nmap --script=exploit <target> - Run exploit scripts. nmap --script=http-vuln* <target> - Scan for HTTP vulnerabilities. nmap --script=smb-vuln* <target> - Scan for SMB vulnerabilities. nmap --script=ftp-anon <target> - Check for anonymous FTP access. 13. Brute-Force and Password Attacks: nmap --script=ssh-brute <target> - SSH brute force attack. nmap --script=ftp-brute <target> - FTP brute force. nmap --script=http-brute <target> - HTTP brute force. nmap --script=smb-brute <target> - SMB brute force. This document provides all essential Nmap scanning commands, from basic to advanced techniques. It can be used as a quick reference guide for penetration testers, ethical hackers, and network administrators. For best performance, always scan responsibly and ensure legal compliance when testing networks. Prepared by HACKOPEDIA Utkarsh Thakur
AboutCopyright
息 2025 際際滷