Scribd
Upload
136 views

Nmap Commands

The document provides examples of how to use Nmap to scan individual IPs, ranges of IPs, subnets, and hostnames to scan specific ports or port ranges. It also gives examples for different scan types, service and OS detection, output formats, using Nmap scripts for vulnerabilities and web applications, and gathering IP address information.

Uploaded by

aniket kasturi
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
136 views

Nmap Commands

The document provides examples of how to use Nmap to scan individual IPs, ranges of IPs, subnets, and hostnames to scan specific ports or port ranges. It also gives examples for different scan types, service and OS detection, output formats, using Nmap scripts for vulnerabilities and web applications, and gathering IP address information.

Uploaded by

aniket kasturi
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

IP scan:

Scan a single IP nmap 192.168.1.1


Scan a host nmap www.testhostname.com
Scan a range of IPs nmap 192.168.1.1-20
Scan a subnet nmap 192.168.1.0/24

Nmap Port Selection

Scan a single Port nmap -p 22 192.168.1.1


Scan a range of ports nmap -p 1-100 192.168.1.1
Scan all 65535 ports nmap -p- 192.168.1.1
Scan 100 most common ports (Fast) nmap -F 192.168.1.1

Nmap Port Scan types

Scan using TCP connect nmap -sT 192.168.1.1


Scan using TCP SYN scan (default) nmap -sS 192.168.1.1
Scan UDP ports nmap -sU -p 123,161,162 192.168.1.1
Scan selected ports - ignore discovery nmap -Pn -F 192.168.1.1

Service and OS Detection

Detect OS and Services nmap -A 192.168.1.1


Standard service detection nmap -sV 192.168.1.1
More aggressive Service Detectio nmap -sV --version-intensity 5 192.168.1.1
Lighter banner grabbing detection nmap -sV --version-intensity 0 192.168.1.1

Nmap Output Formats

Save default output to file nmap -oN outputfile.txt 192.168.1.1


Save results as XML nmap -oX outputfile.xml 192.168.1.1
Save results in a format for grep nmap -oG outputfile.txt 192.168.1.1
Save in all formats nmap -oA outputfile 192.168.1.1

Digging deeper with NSE Scripts

Scan using default safe scripts nmap -sV -sC 192.168.1.1


Get help for a script nmap --script-help=ssl-heartbleed
Scan using a specific NSE script nmap -sV -p 443 �script=ssl-heartbleed.nse
192.168.1.1
Scan with a set of scripts nmap -sV --script=smb* 192.168.1.1

Scan for UDP DDOS reflectors nmap �sU �A �PN �n �pU:19,53,123,161 �script=ntp-
monlist,dns-recursion,snmp-sysdescr 192.168.1.0/24

Gather page titles from HTTP services nmap --script=http-title 192.168.1.0/24


Get HTTP headers of web services nmap --script=http-headers 192.168.1.0/24
Find web apps from known paths nmap --script=http-enum 192.168.1.0/24
Heartbleed Testing nmap -sV -p 443 --script=ssl-heartbleed 192.168.1.0/24

IP Address information

Find Information about IP address nmap --script=asn-query,whois,ip-geolocation-


maxmind 192.168.1.0/24

You might also like