NMAP Commands Cheat Sheet 2023
Basic Scanning Techniques
Nmap Query |
Nmap Command |
---|---|
nmap [target] |
|
nmap [target1,target2,etc] |
|
nmap -iL [list.txt] |
|
nmap [range of IP addresses] |
|
nmap [IP address/cdir] |
|
nmap -iR [number] |
|
nmap [targets] –exclude [targets] |
|
nmap [targets] –excludefile [list.txt] |
|
nmap -A [target] |
|
nmap -6 [target] |
Discovery Options
Nmap Query |
Nmap Command |
---|---|
Perform a ping scan only | nmap -sP [target] |
Don’t ping | nmap -PN [target] |
TCP SYN Ping | nmap -PS [target] |
TCP ACK ping | nmap -PA [target] |
UDP ping | nmap -PU [target] |
SCTP Init Ping | nmap -PY [target] |
ICMP echo ping | nmap -PE [target] |
ICMP Timestamp ping | nmap -PP [target] |
ICMP address mask ping | nmap -PM [target] |
IP protocol ping | nmap -PO [target] |
ARP ping | nmap -PR [target] |
Traceroute | nmap –traceroute [target] |
Force reverse DNS resolution | nmap -R [target] |
Disable reverse DNS resolution | nmap -n [target] |
Alternative DNS lookup | nmap –system-dns [target] |
Manually specify DNS servers | nmap –dns-servers [servers] [target] |
Create a host list | nmap -sL [targets] |
Firewall Evasion Techniques
Nmap Query |
Nmap Command |
---|---|
nmap -f [target] | |
nmap –mtu [MTU] [target] | |
nmap -D RND: [number] [target] | |
Idle zombie scan | nmap -sI [zombie] [target] |
Manually specify a source port | nmap –source-port [port] [target] |
Append random data | nmap –data-length [size] [target] |
Randomize target scan order | nmap –randomize-hosts [target] |
Spoof MAC Address | nmap –spoof-mac [MAC|0|vendor] [target] |
Send bad checksums | nmap –badsum [target] |
Version Detection
Nmap Query |
Nmap Command |
---|---|
Operating system detection | nmap -O [target] |
Attempt to guess an unknown | nmap -O –osscan-guess [target] |
Service version detection | nmap -sV [target] |
Troubleshooting version scans | nmap -sV –version-trace [target] |
Perform a RPC scan | nmap -sR [target] |
Output Options
Nmap Query |
Nmap Command |
---|---|
Save output to a text file | nmap -oN [scan.txt] [target] |
Save output to a xml file | nmap -oX [scan.xml] [target] |
Grepable output | nmap -oG [scan.txt] [target] |
Output all supported file types | nmap -oA [path/filename] [target] |
Periodically display statistics | nmap –stats-every [time] [target] |
133t output | nmap -oS [scan.txt] [target] |
Scripting Engine
Nmap Query |
Nmap Command |
---|---|
Execute individual scripts | nmap –script [script.nse] [target] |
Execute multiple scripts | nmap –script [expression] [target] |
Execute scripts by category | nmap –script [cat] [target] |
Execute multiple scripts categories | nmap –script [cat1,cat2, etc] |
Troubleshoot scripts | nmap –script [script] –script-trace [target] |
Update the script database | nmap –script-updatedb |
Nmap Cheat Sheet
Nmap (Network Mapper) is a free and open-source network detection and security scanning utility. Many network and system administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring server or service availability. Nmap uses raw IP packets in a novel way to determine the hosts available on the network, the services they offer (application name and version), and the operating systems they are running (and operating systems). version). It’s designed to scan large networks quickly but works well with a single host.
In this Nmap Cheat Sheet, You’ll learn all the basics to advanced like basic scanning techniques, discovery options in Nmap, Firewall evasion techniques, version detection, output options, scripting engines and more.