Nmap Cheatsheet X

By

dbex

Network mapper (NMAP) is an opensource security tool used for network exploration, security scanning and auditing

In this article, I will be listing some important Nmap commands that will make network assessment easy. Let’s go!

  1. Scan single Ipaddress: nmap ipaddress
  2. Scan a host: nmap server1.abc.xyz
  3. Scan a host with more information: nmap -v server1.abc.xyz
  4. Scan multiple Ipaddress: nmap ipaddress1 ipaddress2 … ipaddress n
  5. Scan a range of Ipaddress using a wildcard: nmap 192.168.0. *
  6. Scan an entire subnet: nmap 192.168.1.0/24
  7. Read a list of hostnames/network from a file: nmap -iL /path/ eg nmap -iL /temp/host.txt
  8. Exclude hosts or ipaddress: namp 192.168.1.0/24 – exclude 192.168.1.5 or 192.168.1.0/24 – excludefile /temp/host.txt
  9. Turn on OS and version detection: nmap -A ipaddress  nmap -V -A ipaddress
  10. Find out if the network is behind a firewall: nmap -sA ipaddress
  11. Scan host when protected by firewall: namp -PN ipaddress
  12. Scan ipv6 address: nmap -6 ipv6 address
  13. Scan network for devices that are up (ping scan): namp -sP ipaddress
  14. Run a fast scan: nmap -F ipaddress
  15. Display reason why a port is in a particular state: nmap –reason ipaddress
  16. Display only open ports: nmap –open ipaddress
  17. Display all packets sent and received: nmap –packet-trace ipaddress
  18. Display all interfaces and routes: nmap –iflist
  19. Scan a specific port: nmap -p80 ipaddress
  20. Scan multiple ports: nmap -p 21,80 ipaddress
  21. Scan a range of ports: nmap -p 21 – 443 ipaddress
  22. Scan TCP Port: nmap -p T:80 ipaddress
  23. Scan UDP Port: nmap -p U:80 ipaddress
  24. Scan ports with wildcard: nmap -p“*” ipaddress
  25. Combine options: namp -p U: 21,53,443 T: 21-80, 443 ipaddress/hostname
  26. Scan top ports: nmap –top-ports 5 ipaddress
  27. Scan all devices fast (Quick scan): nmap -T5 ipaddress (T5: fastest, T1: slowest)
  28. Detect OS: nmap -O ipaddress or nmap -O –osscan-guess ipaddress
  29. Detect remote services: nmap -sV ipaddress
  30. Scan host using TCP ACK and TCP SYN. This is used if firewall is blocking standard ICMP pings
  31. ACK: nmap -PA ipaddress
  32. SYN: nmap -PS ipaddress
  33. Scan using UPD ping: nmap -PU ipaddress
  34. Stealth Scan: nmap -sS ipaddress
  35. OS fingerprinting: nmap -sT ipaddress
  36. Scan most used UDP ports: nmap -sU ipaddress
  37. Scan IP protocol supported by machine: nmap -sO ipaddress
  38. Scan a firewall for security weakness
  39. Null Scan: nmap -sN ipaddress
  40. Fin Scan: nmap -sF ipaddress
  41. Scan with decoy ipaddress: nmap -n -D ipaddress1, decoy ipaddress2, your ipaddress, decoy ipaddress
  42. Scan firewall spoofing MAC Address: nmap –spoof-mac “your mac address” ipaddress
  43. Save scan output to a text file: nmap -oN /fliepath/ ipaddress

I hope you find this cheatsheet useful.

About The Author

dbex

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts