Scribd
Upload
13 views6 pages

NMAP Cheat Sheet

Nmap is a free and open-source tool used for network discovery and security auditing by sending packets and analyzing responses. It offers features such as host discovery, port scanning, OS detection, and version detection, with various commands for different scanning techniques. The document includes a comprehensive cheatsheet of Nmap commands categorized by their usage, including basic scanning, discovery options, advanced scanning, version detection, firewall evasion techniques, troubleshooting, and scripting engine commands.

Uploaded by

oussama mouhouchi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views6 pages

NMAP Cheat Sheet

Nmap is a free and open-source tool used for network discovery and security auditing by sending packets and analyzing responses. It offers features such as host discovery, port scanning, OS detection, and version detection, with various commands for different scanning techniques. The document includes a comprehensive cheatsheet of Nmap commands categorized by their usage, including basic scanning, discovery options, advanced scanning, version detection, firewall evasion techniques, troubleshooting, and scripting engine commands.

Uploaded by

oussama mouhouchi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

NMAP Cheat Sheet

Computer Network Network MCA

Nmap is a free open source tool, employed to discover hosts and services on a
computer network by sending packets and analyzing the retrieved responses. Nmap
offers some features for probing computer networks, including host discovery and service
and operating system detection.

Nmap can provide further information on targets, including reverse DNS names,
device types, and MAC addresses.

Host discovery – Identifying hosts on a network. For example, listing the hosts that
respond to TCP and/or ICMP requests or have a particular port open.

Port scanning – Enumerating the open ports on target hosts.

OS detection – Determining the operating system and hardware characteristics of


network devices.

Version detection – Interrogating network services on remote devices to determine


the application name and version number.

Scriptable interaction with the target support using the Nmap Scripting Engine
(NSE).

Usage of Nmap

Auditing the security of a device or firewall by identifying the network connections


which can be made to, or through it.

Identifying open ports on a target host in preparation for auditing.

Network inventory, network mapping, and maintenance and asset management.

Auditing the security of a network by identifying new servers.

Generating traffic to hosts on a network, response analysis and response time


measurement.

Finding and exploiting vulnerabilities in a network.

DNS queries and subdomain search

NMAP Commands Cheatsheet


The following section explains the usage of category-wise NMAP diverse commands with
examples as following -

Basic Scanning Commands

Goal Command Example

Scan a Single nmap [target] nmap 192.168.0.1


Target

Scan Multiple nmap [target1, nmap 192.168.0.1 192.168.0.2


Targets target2, etc

Scan a Range nmap [range of nmap 192.168.0.1-10


of Hosts ip addresses]

Scan an nmap [ip nmap 192.168.0.1/24


Entire Subnet address/cdir]

Scan nmap -iR nmap -iR 0


Random [number]
Hosts

Excluding nmap [targets] nmap 192.168.0.1/24 –exclude


Targets from – exclude 192.168.0.100, 192.168.0.200
a Scan [targets]

Excluding nmap [targets] nmap 192.168.0.1/24 –excludefile


Targets Using – excludefile notargets.txt
a List [list.txt]

Perform an nmap -A nmap -A 192.168.0.1


Aggressive [target]
Scan

Scan an IPv6 nmap -6 nmap -6


Target [target] 1aff:3c21:47b1:0000:0000:0000:0000:2afe

Discovery Options

Goal Command Example

Perform a Ping Only Scan nmap -sP [target] nmap -sP 192.168.0.1

Don’t Ping nmap -PN [target] nmap -PN 192.168.0.1

TCP SYN Ping nmap -PS [target] nmap -PS 192.168.0.1

TCP ACK Ping nmap -PA [target] nmap -PA 192.168.0.1


Goal Command Example

UDP Ping nmap -PU [target] nmap -PU 192.168.0.1

SCTP INIT Ping nmap -PY [target] nmap -PY 192.168.0.1

ICMP Echo Ping nmap -PE [target] nmap -PE 192.168.0.1

ICMP Timestamp Ping nmap -PP [target] nmap -PP 192.168.0.1

CMP Address Mask Ping nmap -PM [target] nmap -PM 192.168.0.1

IP Protocol Ping nmap -PO [target] nmap -PO 192.168.0.1

ARP Ping nmap -PR [target] nmap -PR 192.168.0.1

Traceroute nmap –traceroute nmap –traceroute 192.168.0.1


[target]

Force Reverse DNS nmap -R [target] nmap -R 192.168.0.1


Resolution

Disable Reverse DNS nmap -n [target] nmap -n 192.168.0.1


Resolution

Alternative DNS nmap –system-dns nmap –system-dns


Lookup [target] 192.168.0.1

Manually Specify nmap –dns-servers nmap –dns-servers


DNS Server(s) [servers] [target] 201.56.212.54 192.168.0.1

Create a Host List nmap -sL [targets] nmap -sL 192.168.0.1/24

Advanced Scanning Options

Goal Command Example

TCP SYN Scan nmap -sS [target] nmap -sS 192.168.0.1

TCP Connect Scan nmap -sT [target] nmap -sT 192.168.0.1

UDP Scan nmap -sU [target] nmap -sU 192.168.0.1

TCP NULL Scan nmap -sN [target] nmap -sN 192.168.0.1

TCP FIN Scan nmap -sF [target] nmap -sF 192.168.0.1

Xmas Scan nmap -sX [target] nmap -sX 192.168.0.1

TCP ACK Scan nmap -sA [target] nmap -sA 192.168.0.1

Custom TCP Scan nmap –scanflags [flags] nmap –scanflags SYNFIN


[target] 192.168.0.1
Goal Command Example

IP Protocol Scan nmap -sO [target] nmap -sO 192.168.0.1

Send Raw Ethernet nmap –send-eth [target] nmap –send-eth 192.168.0.1


Packets

Send IP Packets nmap –send-ip [target] nmap –send-ip 192.168.0.1

Port Scanning Options

Goal Command Example

Perform a Fast nmap -F [target] nmap -F 192.168.0.1


Scan

Scan Specific nmap -p [port(s)] nmap -p 21-25,80,139,8080


Ports [target] 192.168.1.1

Scan Ports by nmap -p [port nmap -p ftp,http* 192.168.0.1


Name name(s)] [target]

Scan Ports by nmap -sU -sT -p U: nmap -sU -sT -p


Protocol [ports],T:[ports] U:53,111,137,T:21-
[target] 25,80,139,8080 192.168.0.1

Scan All Ports nmap -p ‘*’ [target] nmap -p ‘*’ 192.168.0.1

Scan Top Ports nmap –top-ports nmap –top-ports 10 192.168.0.1


[number] [target]

Perform a nmap -r [target] nmap -r 192.168.0.1


Sequential Port
Scan

Version Detection

Goal Command Example

Operating System nmap -O [target] nmap -O 192.168.0.1


Detection

Submit TCP/IP www.nmap.org/submit/


Fingerprints

Fingerprints

Attempt to Guess an nmap -O –osscan guess nmap -O –osscan-


Unknown OS [target] guess 192.168.0.1
Goal Command Example

Service Version nmap -sV [target] nmap -sV 192.168.0.1


Detection

Troubleshooting Version nmap -sV –version trace nmap -sV –version-


Scans [target] trace 192.168.0.1

Perform a RPC Scan nmap -sR [target] nmap -sR 192.168.0.1

Firewall Evasion Techniques

Goal Command Example

augment Packets nmap -f [target] nmap -f 192.168.0.1

pacify a Specific MTU nmap –mtu [MTU] [target] nmap –mtu 32


192.168.0.

Use a Decoy nmap -D RND:[number] nmap -D RND:10


[target] 192.168.0.1

le Zombie Scan nmap -sI [zombie] [target] nmap -sI 192.168.0.38

Manually Specify a nmap –source-port [port] nmap –source-port 10


Source Port [target] 192.168.0.1

Append Random nmap –data-length [size] nmap –data-length 2


Data [target] 192.168.0.1

Randomize Target nmap –randomize-hosts nmap –randomize-ho


Scan Order [target] 192.168.0.1-20

Spoof MAC Address nmap –spoof-mac nmap –spoof-mac Cis


[MAC|0|vendor] [target] 192.168.0.1

Send Bad nmap –badsum [target] nmap –badsum


Checksums 192.168.0.1

Troubleshooting And Debugging

Goal Command Example

Getting Help nmap -h nmap -h

Display Nmap Version nmap -V nmap -V

Verbose Output nmap -v [target] nmap -v 192.168.0.1

Debugging nmap -d [target] nmap -d 192.168.0.1


Goal Command Example

Display Port State nmap –reason [target] nmap –reason 192.168.0.1


Reason

Only Display Open Ports nmap –open [target] nmap –open 192.168.0.1

Trace Packets nmap –packet-trace nmap –packet-trace


[target] 192.168.0.1

Display Host nmap –iflist nmap –iflist


Networking

Specify a Network nmap -e [interface] nmap -e eth0 192.168.0.1


Interface [target]

NMAP Scripting Engine

Goal Command Example

Execute nmap –script [script.nse] [target] nmap –script


Individual Scripts banner.nse
192.168.0.1

Execute Multiple nmap –script [expression] [target] nmap –script ‘http-*’


Scripts 192.168.0.1

Script Categories all, auth, default, discovery,


external, intrusive, malware, safe,
vuln

Execute Scripts nmap –script [category] [target] nmap –script ‘not


by Category intrusive’ 192.168.0.1

Execute Multiple nmap –script nmap –script ‘default


Script Categories [category1,category2,etc] or safe’ 192.168.0.1

Troubleshoot nmap –script [script] –script trace nmap –script


Scripts [target] banner.nse –script-
trace 192.168.0.1

Update the Script nmap –script-updatedb nmap –script-


Database updatedb

You might also like