Nmap Cheat Sheet

parrotassassin15
Cheat Sheets
October 8, 2024
(0)

Post Views 1,570

Basic Scan Types

Command	Description
`nmap <target>`	Simple scan, default is a TCP connect scan
`nmap -sS <target>`	Stealth SYN scan (default for privileged users)
`nmap -sT <target>`	TCP connect scan (used if SYN scan isn’t an option)
`nmap -sU <target>`	UDP scan
`nmap -sP <target>`	Ping scan, lists live hosts (no port scan)
`nmap -sV <target>`	Version detection (finds version of services)
`nmap -O <target>`	OS detection

Port Scanning

Command	Description
`nmap -p <port> <target>`	Scan specific port
`nmap -p- <target>`	Scan all 65535 TCP ports
`nmap --top-ports <N> <target>`	Scan N most common ports
`nmap -F <target>`	Fast scan (100 most common ports)
`nmap --reason <target>`	Show why a port is reported as open/closed

Aggressive Scanning

Command	Description
`nmap -A <target>`	Aggressive scan (includes OS detection, version detection, script scanning, traceroute)
`nmap -T4 <target>`	Faster scan with aggressive timing (T0-T5, higher is faster)

Host Discovery

Command	Description
`nmap -sn <target>`	Ping scan (host discovery, no port scan)
`nmap -Pn <target>`	Disable ping (treats all hosts as up)
`nmap -PS/PA <target>`	TCP SYN/ACK ping (port selection: `-PS22,80` for 22, 80)
`nmap -PU <target>`	UDP ping (port selection: `-PU53` for port 53)

Service & Version Detection

Command	Description
`nmap -sV <target>`	Detect service version on open ports
`nmap --version-all <target>`	Attempt to detect version on all ports

Output Formats

Command	Description
`nmap -oN output.txt <target>`	Normal text output
`nmap -oX output.xml <target>`	XML output
`nmap -oG output.gnmap <target>`	Grepable output
`nmap -oA output <target>`	Output in all formats (normal, XML, grepable)

Scan Specific IP Range

Command	Description
`nmap <IP1>-<IP2>`	Scan a range of IP addresses (e.g., `nmap 192.168.1.1-20`)
`nmap <IP>/CIDR`	Scan a subnet (e.g., `nmap 192.168.1.0/24`)

Excluding Hosts

Command	Description
`nmap <target> --exclude <host>`	Exclude specific hosts from scan
`nmap <target> --excludefile <file>`	Exclude hosts listed in a file

Nmap Scripting Engine (NSE)

Command	Description
`nmap --script <script-name> <target>`	Run specific script
`nmap --script-help <script-name>`	Get help for a specific script
`nmap --script vuln <target>`	Scan target for vulnerabilities using NSE
`nmap --script safe <target>`	Only run non-intrusive scripts

Advanced Options

Command	Description
`nmap -6 <target>`	Enable IPv6 scanning
`nmap -D RND:10 <target>`	Use decoys to hide the real scanning source
`nmap --data-length <num> <target>`	Send packets with additional padding
`nmap --spoof-mac <mac address>`	Spoof MAC address
`nmap -S <source_ip> <target>`	Use specific source IP address

parrotassassin15

Founder of @ Parrot CTFs & Senior Cyber Security Consultant

Previous Post

What is the OWASP Top 10?

Next Post

Metasploit Cheat Sheet

Leave a Reply Cancel reply