Scribd
Upload
75 views7 pages

Nmap

Uploaded by

avp
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
75 views7 pages

Nmap

Uploaded by

avp
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Nmap commands ranging from

basic to advanced

https://www.linkedin.com/in/jbassim/

🌟 🚀
Support me and follow my LinkedIn profile for more insights and updates! Thanks for your
support.
https://www.linkedin.com/in/jbassim/

🌟 🚀
Support me and follow my LinkedIn profile for more insights and updates! Thanks for your
support.

Command Description Example


Basic scan of a
nmap <target> nmap 192.168.1.1
target
Scan multiple
nmap <target1> <target2> nmap 192.168.1.1 192.168.1.2
targets
Scan a range of
nmap 192.168.1.1-50 nmap 192.168.1.1-50
IPs
Scan an entire
nmap 192.168.1.0/24 nmap 192.168.1.0/24
subnet
Scan specific
nmap -p 22,80,443 <target> nmap -p 22,80,443 192.168.1.1
ports
nmap -p- <target> Scan all ports nmap -p- 192.168.1.1
Service version
nmap -sV <target> nmap -sV 192.168.1.1
detection
Operating system
nmap -O <target> nmap -O 192.168.1.1
detection
TCP connect
nmap -sT <target> scan (full nmap -sT 192.168.1.1
connection)
SYN scan
nmap -sS <target> nmap -sS 192.168.1.1
(stealth)
nmap -sU <target> UDP scan nmap -sU 192.168.1.1
Aggressive scan
nmap -A <target> (version, OS, nmap -A 192.168.1.1
scripts)
Version detection
nmap -p <port> -sV <target> nmap -p 80 -sV 192.168.1.1
for a specific port
Disable host
nmap -Pn <target> nmap -Pn 192.168.1.1
discovery (ping)
List targets
nmap -sL <target> nmap -sL 192.168.1.0/24
without scanning
Ping scan to
nmap -sn <target> determine if hosts nmap -sn 192.168.1.0/24
are alive
Verbose mode
nmap -v <target> nmap -v 192.168.1.1
(more details)
Very verbose
nmap -vv <target> nmap -vv 192.168.1.1
mode
Command Description Example
Save output in
nmap -oN output.txt <target> nmap -oN output.txt 192.168.1.1
normal format
Save output in
nmap -oX output.xml <target> nmap -oX output.xml 192.168.1.1
XML format
Save output in
nmap -oG output.gnmap <target> nmap -oG output.gnmap 192.168.1.1
grepable format
Run specific
nmap --script <script> <target> nmap --script http-enum 192.168.1.1
scripts
Ping scan for
nmap -sP <target> determining if nmap -sP 192.168.1.0/24
hosts are up
nmap --top-ports <number> Scan the most
nmap --top-ports 20 192.168.1.1
<target> common ports
Show only open
nmap -p <port> --open <target> nmap -p <port> --open 192.168.1.1
ports
nmap --max-retries <num> Set the maximum
nmap --max-retries 2 192.168.1.1
<target> number of retries
Set minimum
nmap --min-rate <rate> <target> packet rate per nmap --min-rate 100 192.168.1.1
second
Scan the first
nmap -p 1-1000 <target> nmap -p 1-1000 192.168.1.1
1000 ports
nmap --scan-delay <time> Set wait time
nmap --scan-delay 1s 192.168.1.1
<target> between packets
TCP connect
nmap -sT -p 80 <target> scan for a specific nmap -sT -p 80 192.168.1.1
port
Run vulnerability
nmap --script vuln <target> nmap --script vuln 192.168.1.1
detection scripts
Scan ports
nmap -sR <target> recording nmap -sR 192.168.1.1
responses
nmap -6 <target> IPv6 scanning nmap -6 2001:db8::1
Adjust scan
nmap -T4 <target> nmap -T4 192.168.1.1
speed
Detailed version
nmap --version-all <target> nmap --version-all 192.168.1.1
detection
Run specific
nmap --script=http-* <target> nmap --script=http-* 192.168.1.1
HTTP scripts
Scan using a
nmap --source-port <port>
specific source nmap --source-port 53 192.168.1.1
<target>
port
nmap --data-length <length> Send packets nmap --data-length 50 192.168.1.1
Command Description Example
with custom data
<target>
length
Send packets
nmap --badsum <target> with incorrect nmap --badsum 192.168.1.1
checksum
Pass arguments nmap --script=http-brute --script-args
nmap --script-args <args>
to scripts user=admin,pass=pass 192.168.1.1
Set timeout for
nmap --script-timeout <time> nmap --script-timeout 30s 192.168.1.1
scripts
Adjust datagram nmap --datagram-length 1500
nmap --datagram-length <length>
length 192.168.1.1
Run Nmap default
nmap -sV --script=default <target> nmap -sV --script=default 192.168.1.1
scripts
Perform a
traceroute to
nmap --traceroute <target> nmap --traceroute 192.168.1.1
determine the
route
TCP port scan
nmap -sA <target> nmap -sA 192.168.1.1
with analysis flags
Show details of
nmap --packet-trace <target> packets sent and nmap --packet-trace 192.168.1.1
received
nmap -p 0-65535 <target> Scan all ports nmap -p 0-65535 192.168.1.1
Scan first 1000
nmap -p 1-1000 --open <target> ports that are nmap -p 1-1000 --open 192.168.1.1
open
SYN scan for a
nmap -sS -p <port> <target> nmap -sS -p 80 192.168.1.1
specific port
Run default
nmap -sC <target> nmap -sC 192.168.1.1
category scripts
Save output in all
nmap -oA <basename> <target> nmap -oA output 192.168.1.1
formats
nmap --script http-methods Detect supported nmap --script http-methods
<target> HTTP methods 192.168.1.1
nmap -sV --version-intensity Adjust version nmap -sV --version-intensity 5
<level> <target> detection intensity 192.168.1.1
Scan the top 100
nmap --top-ports 100 <target> most common nmap --top-ports 100 192.168.1.1
ports
Run a specific
nmap -p <port> --script <script> nmap -p 80 --script http-vuln-cve2014-
script on a
<target> 3704 192.168.1.1
specific port
nmap -sS -p 443 <target> Stealth scan on nmap -sS -p 443 192.168.1.1
port 443 (HTTPS)
Command Description Example
Check SSL/TLS
nmap -p 80,443 --script ssl-enum- nmap -p 80,443 --script ssl-enum-
ciphers on web
ciphers <target> ciphers 192.168.1.1
servers
Check for
nmap --script http-vuln-cve2006- nmap --script http-vuln-cve2006-3392
CVE-2006-3392
3392 <target> 192.168.1.1
vulnerability
Check for
nmap --script ftp-anon <target> anonymous FTP nmap --script ftp-anon 192.168.1.1
login
Check for SMB
nmap --script smb-vuln-* <target> nmap --script smb-vuln-* 192.168.1.1
vulnerabilities
Check for telnet
nmap --script telnet-encryption nmap --script telnet-encryption
encryption
<target> 192.168.1.1
vulnerabilities
Update the script
nmap -sC --script-updatedb nmap -sC --script-updatedb
database
Check for SQL
nmap --script http-sql-injection nmap --script http-sql-injection
injection
<target> 192.168.1.1
vulnerabilities
Check for
nmap --script http-shellshock nmap --script http-shellshock
Shellshock
<target> 192.168.1.1
vulnerability
Check for stored
nmap --script http-stored-xss nmap --script http-stored-xss
XSS
<target> 192.168.1.1
vulnerabilities
Enumerate user
nmap --script http-userdir-enum nmap --script http-userdir-enum
directories on
<target> 192.168.1.1
HTTP servers
Check for
nmap --script http-vuln-cve2017- nmap --script http-vuln-cve2017-5638
CVE-2017-5638
5638 <target> 192.168.1.1
vulnerability
Check for MySQL
nmap --script mysql-empty- nmap --script mysql-empty-password
empty password
password <target> 192.168.1.1
vulnerability
Get SSL
nmap --script ssl-cert <target> nmap --script ssl-cert 192.168.1.1
certificate details
nmap --script ssh2-enum-algos Enumerate SSH2 nmap --script ssh2-enum-algos
<target> algorithms 192.168.1.1
Disable DNS
nmap -sP -n <target> resolution during nmap -sP -n 192.168.1.0/24
ping scan
List scan without
nmap -sL -n <target> nmap -sL -n 192.168.1.0/24
DNS resolution
nmap --script http-vuln-cve2014- Check for nmap --script http-vuln-cve2014-3704
Command Description Example
CVE-2014-3704
3704 <target> 192.168.1.1
vulnerability
Ping scan for an
nmap -sP 192.168.1.0/24 nmap -sP 192.168.1.0/24
entire subnet
Generate a
nmap --script http-sitemap- nmap --script http-sitemap-generator
sitemap for the
generator <target> 192.168.1.1
web application
Stealth scan
nmap -n -sS 192.168.1.1 without DNS nmap -n -sS 192.168.1.1
resolution
Check for
nmap --script http-vuln-cve2017- nmap --script http-vuln-cve2017-5638
vulnerability in
5638 <target> 192.168.1.1
Apache Struts
Enumerate
directories and
nmap --script http-enum <target> nmap --script http-enum 192.168.1.1
files on HTTP
servers
Perform DNS
nmap --script dns-brute <target> nmap --script dns-brute 192.168.1.1
brute-forcing
Check for Cross-
Site Request
nmap --script http-csrf <target> nmap --script http-csrf 192.168.1.1
Forgery
vulnerabilities
Check for
nmap --script http-vuln-cve2018- nmap --script http-vuln-cve2018-11776
CVE-2018-11776
11776 <target> 192.168.1.1
vulnerability
Check for
nmap --script http-vuln-cve2015- nmap --script http-vuln-cve2015-1635
CVE-2015-1635
1635 <target> 192.168.1.1
vulnerability
Detect Web
nmap --script http-waf-detect nmap --script http-waf-detect
Application
<target> 192.168.1.1
Firewalls
Get HTTP
nmap --script http-headers nmap --script http-headers
headers from a
<target> 192.168.1.1
web server
SYN scan with
service version
nmap -sS -sV -p 80,443 <target> nmap -sS -sV -p 80,443 192.168.1.1
detection on
specific ports
Scan all ports and
nmap -p- --script http-title <target> nmap -p- --script http-title 192.168.1.1
get HTTP titles
nmap --script http-robots.txt Retrieve and nmap --script http-robots.txt
<target> analyze the 192.168.1.1
robots.txt file
Command Description Example
Test for Denial of
nmap --script http-dos <target> Service nmap --script http-dos 192.168.1.1
vulnerabilities
Check for Apache
nmap --script http-vuln-cve2017- nmap --script http-vuln-cve2017-5638
Struts
5638 <target> 192.168.1.1
vulnerability
Check DNS
nmap --script dns-cache-snoop nmap --script dns-cache-snoop
cache snooping
<target> 192.168.1.1
vulnerabilities
Check for SQL
nmap --script http-sql-injection nmap --script http-sql-injection
injection
<target> 192.168.1.1
vulnerabilities
Check for
nmap --script http-vuln-cve2017- nmap --script http-vuln-cve2017-10271
CVE-2017-10271
10271 <target> 192.168.1.1
vulnerability
Check for
nmap --script http-vuln-cve2017- CVE-2017- nmap --script http-vuln-cve2017-
1001000 <target> 1001000 1001000 192.168.1.1
vulnerability
Check for
nmap --script http-vuln-cve2018- nmap --script http-vuln-cve2018-14040
CVE-2018-14040
14040 <target> 192.168.1.1
vulnerability
Check for
nmap --script http-vuln-cve2018- nmap --script http-vuln-cve2018-11235
CVE-2018-11235
11235 <target> 192.168.1.1
vulnerability
Check for
nmap --script http-vuln-cve2018- nmap --script http-vuln-cve2018-11071
CVE-2018-11071
11071 <target> 192.168.1.1
vulnerability
Check for
nmap --script http-vuln-cve2018- nmap --script http-vuln-cve2018-1335
CVE-2018-1335
1335 <target> 192.168.1.1
vulnerability
Check for
nmap --script http-vuln-cve2018- nmap --script http-vuln-cve2018-1361
CVE-2018-1361
1361 <target> 192.168.1.1
vulnerability
Check for
nmap --script http-vuln-cve2018- nmap --script http-vuln-cve2018-7321
CVE-2018-7321
7321 <target> 192.168.1.1
vulnerability

https://www.linkedin.com/in/jbassim/

🌟 🚀
Support me and follow my LinkedIn profile for more insights and updates! Thanks for your
support.

You might also like