Martin's public page
Posts Tags Categories
Martin's public page

Contents

Nmap Cheat sheet

 included in Cheat
   498 words   3 minutes 

Scanning command syntax

nmap [scan types] [options] {172.16.1.1 specification}

Port Specification options

SyntaxExampleDescription
-Pnmap –p 23 172.16.1.1Port scanning port specific port
-Pnmap –p 23-100 172.16.1.1Port scanning port specific port range
-pnmap -pU:110,T:23-25,443 172.16.1.1U-UDP,T-TCP different port types scan
-p-nmap -p- 172.16.1.1Port scan for all ports
-pnmap -smtp,https 172.16.1.1Port scan from specified protocols
-Fnmap –F 172.16.1.1Fast port scan for speed up
-P “*”nmap -p “*” ftp 172.16.1.1Port scan using name
-rnmap -r 172.16.1.1Sequential port scan

Host /172.16.1.1 discovery

SyntaxExampleDescription
-sLnmap 172.16.1.1-5 -sLList 172.16.1.1 without scanning
-snnmap 172.16.1.1/8 -snDisable port scanning
-Pnnmap 172.16.1.1-8 -PnPort scans only and no host discovery
-PSnmap 172.16.1.185 -PS22-25,80TCP SYN discovery on specified port
-PAnmap 172.16.1.185 -PA22-25,80TCP ACK discovery on specified port
-PUnmap 172.16.1.1-8 -PU53UDP discovery on specified port
-PRnmap 172.16.1.1-1/8 -PRARP discovery within local network
-nnmap 172.16.1.1 -nno DNS resolution

Nmap Port Scan types

SyntaxExampleDescription
-sSnmap 172.16.1.1 -sSTCP SYN port scan
-sTnmap 172.16.1.1 -sTTCP connect port scan
-sAnmap 172.16.1.1 -sATCP ACK port scan
-sUnmap 172.16.1.1 -sUUDP port scan
-Sfnmap -Sf 172.16.1.1TCP FIN scan
-sXnmap -SX 172.16.1.1XMAS scan
-Spnmap -Sp 172.16.1.1Ping scan
-sUnmap -Su 172.16.1.1UDP scan
-sAnmap -Sa 172.16.1.1TCP ACK scan
-SLnmap -Sl 172.16.1.1list scan

Nmap Port Selection

SyntaxDescription
nmap 172.16.1.1single IP scan
nmap 172.16.1.1 172.16.100.1scan specific IPs
nmap 172.16.1.1-254scan a range of IPs
nmap xyz.orgscan a domain
nmap 10.1.1.0/8scan using CIDR notation
nmap -iL scan.txtscan 172.16.1.1s from a file
nmap –exclude 172.16.1.1specified IP s exclude from scan

Use of NMAP scripts NSE

SyntaxDescription
nmap –script= test script 172.16.1.0/24execute thee listed script against target IP address
nmap –script-update-dbadding new scripts
nmap -sV -sCuse of safe default scripts for scan
nmap –script-help=“Test Script”get help for script

Firewall proofing

SyntaxDescription
nmap -f [172.16.1.1]scan fragment packets
nmap –mtu [MTU] [172.16.1.1]specify MTU
nmap -sI [zombie] [172.16.1.1]scan idle zoombie
nmap –source-port [port] [172.16.1.1]manual source port - specify
nmap –data-length [size] [172.16.1.1]randomly append data
nmap –randomize-hosts [172.16.1.1] 172.16.1.1scan order randomization
nmap –badsum [172.16.1.1]bad checksum

NMAP output formats

DescriptionSyntax
Default/normal outputnmap -oN scan.txt 172.16.1.1
XMLnmap -oX scanr.xml 172.16.1.1
Grepable formatnmap -oG grep.txt 172.16.1.1
All formatsnmap -oA 172.16.1.1

Scan options

SyntaxDescription
nmap -sP 172.16.1.1Ping scan only
nmap -PU 172.16.1.1UDP ping scan
nmap -PE 172.16.1.1ICMP echo ping
nmap -PO 172.16.1.1IP protocol ping
nmap -PR 172.16.1.1ARP ping
nmap -Pn 172.16.1.1Scan without pinging
nmap –traceroute 172.16.1.1Traceroute

NMAP Timing options

SyntaxDescription
nmap -T0 172.16.1.1Slowest scan
nmap -T1 172.16.1.1Tricky scan to avoid IDS
nmap -T2 172.16.1.1Timely scan
nmap -T3 172.16.1.1Default scan timer
nmap -T4 172.16.1.1Aggressive scan
nmap -T5 172.16.1.1Very aggressive scan
Updated on 2025-09-02
Read Markdown
 NmapCheatSheetLinuxCliNetwork
Back | Home