SWITCH EXAMPLE DESCRIPTION

nmap 192.168.1.1 Scan a single IP

nmap 192.168.1.1 192.168.2.1
nmap 192.168.1.1-254
nmap scanme.nmap.org
nmap 192.168.1.0/24
-iL nmap -iL targets.txt
-iR nmap -iR 100
-exclude nmap -exclude 192.168.1.1
Scan specific IPs
Scan a range
Scan a domain
Scan using CIDR notation
Scan targets from a file
Scan 100 random hosts
Exclude listed hosts
SWITCH EXAMPLE DESCRIPTION

-sL nmap 192.168.1.1-3 -sL No Scan. List targets only

-sn nmap 192.168.1.1/24 -sn Disable port scanning. Host
discovery only.
-Pn nmap 192.168.1.1-5 -Pn Disable host discovery. Port
scan only.
-PS nmap 192.168.1.1-5 -PS22-25,80 TCP SYN discovery on port x.
Port 80 by default
-PA nmap 192.168.1.1-5 -PA22-25,80 TCP ACK discovery on port x.
Port 80 by default
-PU nmap 192.168.1.1-5 -PU53 UDP discovery on port x.
Port 40125 by default
-PR nmap 192.168.1.1-1/24 -PR ARP discovery on local network
-n nmap 192.168.1.1 -n Never do DNS resolution
SWITCH EXAMPLE DESCRIPTION

-p nmap 192.168.1.1 -p 21 Port scan for port x

-p nmap 192.168.1.1 -p 21-100 Port range
-p nmap 192.168.1.1 -p U:53,T:21- Port scan multiple
25,80 TCP and UDP ports
-p nmap 192.168.1.1 -p- Port scan all ports
-p nmap 192.168.1.1 -p http,https Port scan from service name
-F nmap 192.168.1.1 -F Fast port scan (100 ports)
-top-
ports nmap 192.168.1.1 -top-ports 2000 Port scan the top x ports
-p-65535 nmap 192.168.1.1 -p-65535 Leaving off initial port in range
makes the scan start at port 1

-p0- nmap 192.168.1.1 -p0- Leaving off end port in range

makes the scan go through to
port 65535
SWITCH EXAMPLE DESCRIPTION
Remote OS detection using TCP/IP
-O nmap 192.168.1.1 -O
stack fingerprinting

-O -osscan- nmap 192.168.1.1 -O If at least one open and one closed TCP
limit -osscan-limit port are not found it will not try OS
detection against host

-O -osscan nmap 192.168.1.1 Makes Nmap guess more aggressively

-guess -O -osscan-guess

-O -max-os- nmap 192.168.1.1 -O - Set the maximum number x of OS

tries max-os-tries 1 detection tries against a target

Enables OS detection, version detection,

-A nmap 192.168.1.1 -A
script scanning and traceroute
SWITCH EXAMPLE DESCRIPTION

-sV nmap 192.168.1.1 -sV Attempts to determine the version of

the service running on port
-sV -version nmap 192.168.1.1 -sV - Intensity level 0 to 9. Higher number
-intensity version-intensity 8 increases possibility of correctness

-sV -version nmap 192.168.1.1 -sV - Enable light mode. Lower possibility
-light version-light of correctness. Faster

-sV -version nmap 192.168.1.1 -sV - Enable intensity level 9. Higher

-all version-all possibility of correctness. Slower

Enables OS detection, version detection,

-A nmap 192.168.1.1 -A script scanning, and traceroute
SWITCH EXAMPLE DESCRIPTION

-sC nmap 192.168.1.1 -sC Scan with default NSE scripts. Considered
useful for discovery and safe

-script nmap 192.168.1.1 -script Scan with default NSE scripts. Considered
default default useful for discovery and safe

-script nmap 192.168.1.1 - Scan with a single script. Example banner

script=banner

-script nmap 192.168.1.1 - Scan with a wildcard. Example http

script=http*
-script nmap 192.168.1.1 - Scan with two scripts. Example http
script=http,banner and banner
-script nmap 192.168.1.1 -script
Scan default, but remove intrusive scripts
"not intrusive"

-script nmap -script snmp-sysdescr -script- NSE script with arguments

-args args snmpcommunity=admin
192.168.1.1