Scribd
Upload
57 views3 pages

NMAP

The document provides a comprehensive guide to essential Nmap commands for network scanning, enumeration, and vulnerability detection in Kali Linux. It covers various categories including basic scanning, port scanning, service detection, OS detection, scan types, aggressive scans, firewall bypassing, live host scanning, vulnerability scanning with scripts, and saving scan results. Each command is accompanied by a brief description to facilitate understanding and usage.

Uploaded by

sharifidris8
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
57 views3 pages

NMAP

The document provides a comprehensive guide to essential Nmap commands for network scanning, enumeration, and vulnerability detection in Kali Linux. It covers various categories including basic scanning, port scanning, service detection, OS detection, scan types, aggressive scans, firewall bypassing, live host scanning, vulnerability scanning with scripts, and saving scan results. Each command is accompanied by a brief description to facilitate understanding and usage.

Uploaded by

sharifidris8
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

NMAP (Network Mapper) - Information Gathering &

Scanning

Essential nmap Commands to Learn in Kali Linux

Here’s a structured list of nmap commands that will help you master network scanning,
enumeration, and vulnerability detection. 🚀

🔹 1. Basic Scanning
Command Description
nmap 192.168.1.1 Scan a single target.
nmap 192.168.1.1 192.168.1.2 Scan multiple targets.
nmap 192.168.1.0/24 Scan an entire subnet (CIDR notation).
nmap google.com Scan a domain name instead of an IP.
nmap -iL targets.txt Scan targets listed in a file.

🔹 2. Port Scanning
Command Description
nmap -p 22 192.168.1.1 Scan a specific port (22 - SSH).
nmap -p 1-1000 192.168.1.1 Scan ports 1 to 1000.
nmap -p- 192.168.1.1 Scan all 65535 ports.
nmap -p 80,443 192.168.1.1 Scan multiple ports.
nmap -p 443 --open 192.168.1.1 Show only open ports.

🔹 3. Service and Version Detection


Command Description
nmap -sV 192.168.1.1 Detect service versions on open ports.
nmap -p 22,80 -sV 192.168.1.1 Detect services on specific ports.
nmap --version-light 192.168.1.1 Light service detection (faster).
nmap --version-all 192.168.1.1 Try all version detection methods.

🔹 4. OS and Device Detection


Command Description
nmap -O 192.168.1.1 Detect operating system.
nmap -A 192.168.1.1 Enable OS, service, and traceroute detection.
nmap -v -A 192.168.1.1 Enable detailed output (-v = verbose).

🔹 5. Scan Types
Command Description
nmap -sS 192.168.1.1 Stealth (SYN) scan – avoids detection.
nmap -sT 192.168.1.1 TCP Connect scan – noisier but reliable.
nmap -sU 192.168.1.1 UDP scan – for discovering open UDP ports.
nmap -sA 192.168.1.1 ACK scan – check firewall rules.
nmap -sW 192.168.1.1 Window scan – checks TCP Window size.

🔹 6. Aggressive and Comprehensive Scans


Command Description
nmap -A 192.168.1.1 Aggressive mode (OS, version, script scan).
nmap -T4 -A -v 192.168.1.1 Fast aggressive scan with verbosity.
nmap -T5 -A -p- 192.168.1.1 Insane mode (fastest but noisy).

🔹 7. Scan Firewalls and Bypass Restrictions


Command Description
nmap -Pn 192.168.1.1 Disable host discovery (assume target is alive).
nmap -D RND:10 192.168.1.1 Use decoys to hide your scan.
nmap -S spoofedIP 192.168.1.1 Spoof your IP address (requires root).
nmap --scan-delay 5s 192.168.1.1 Slow down scan to avoid detection.
nmap --data-length 50 192.168.1.1 Add random padding to packets to evade IDS.

🔹 8. Scanning Specific Hosts (Live Hosts Only)


Command Description
nmap -sn 192.168.1.0/24 Ping scan – find live hosts only.
nmap -PR 192.168.1.1 ARP request scan – for LAN environments.
nmap -PS22,80,443 192.168.1.1 SYN Ping scan – checks if target responds to SYN.
nmap -PU161 192.168.1.1 UDP Ping scan – checks if UDP ports respond.
🔹 9. Vulnerability Scanning with Nmap Scripts (NSE)
Command Description
nmap --script vuln 192.168.1.1 Scan for common vulnerabilities.
nmap --script http-vuln-cve2021-44228 Check for Log4j (CVE-2021-44228)
-p 443 192.168.1.1 vulnerability.
nmap --script ssl-heartbleed -p 443
192.168.1.1 Check for Heartbleed vulnerability.
nmap --script smb-vuln-ms17-010
192.168.1.1 Check for EternalBlue (MS17-010).
nmap --script ftp-anon,ssh-hostkey Run multiple scripts (FTP anonymous
192.168.1.1 access + SSH host key).
nmap --script-help http-title Get script description before using it.

🔹 10. Saving Scan Results


Command Description
nmap -oN output.txt 192.168.1.1 Save results in normal text format.
nmap -oX output.xml 192.168.1.1 Save results in XML format.
nmap -oG output.gnmap 192.168.1.1 Save results in grepable format.
nmap -oA scan_results 192.168.1.1 Save in all formats (XML, normal, grepable).

🔹 11. Running Nmap as Root (For More Power)


Some scans require root privileges. Run:

sudo nmap -sS -p 1-1000 192.168.1.1

or

sudo nmap -O 192.168.1.1

You might also like