Show Menu

map (Network Mapper) is a free and open-source network detection and security scanning utility. Many network and system administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring server or service availability. Nmap uses raw IP packets in a novel way to determine the hosts available on the network, the services they offer (application name and version), and the operating systems they are running (and operating systems). version).

Basic Scanning Techin­iques

Nmap Query
Nmap Command
Scan a single target
nmap [target]
Scan multiple targets
nmap [targe­t1,­tar­get­2,etc]
Scan a list of targets
nmap -iL [list.txt]
Scan a range of hosts
nmap [range of IP addresses]
Scan an entire subnet
nmap [IP addres­s/cdir]
Scan random hosts
nmap -iR [number]
Excluding targets from a scan
nmap [targets] –exclude [targets]
Excluding targets using a list
nmap [targets] –exclu­defile [list.txt]
Perform an aggressive scan
nmap -A [target]
Scan an IPv6 target
nmap -6 [target]

Version Detection

Nmap Query
Nmap Command
Operating system detection
nmap -O [target]
Attempt to guess an unknown
nmap -O –ossca­n-guess [target]
Service version detection
nmap -sV [target]
Troubl­esh­ooting version scans
nmap -sV –versi­on-­trace [target]
Perform a RPC scan
nmap -sR [target]

Discover Options

Nmap Query
Nmap Command
Perform a ping scan only
nmap -sP [target]
Don’t ping
nmap -PN [target]
nmap -PS [target]
TCP ACK ping
nmap -PA [target]
UDP ping
nmap -PU [target]
SCTP Init Ping
nmap -PY [target]
ICMP echo ping
nmap -PE [target]
ICMP Timestamp ping
nmap -PP [target]
ICMP address mask ping
nmap -PM [target]
IP protocol ping
nmap -PO [target]
ARP ping
nmap -PR [target]
nmap –trace­route [target]
Force reverse DNS resolution
nmap -R [target]
Disable reverse DNS resolution
nmap -n [target]
Altern­ative DNS lookup
nmap –syste­m-dns [target]
Manually specify DNS servers
nmap –dns-s­ervers [servers] [target]
Create a host list
nmap -sL [targets]

Scripting Engine

Nmap Query
Nmap Command
Execute individual scripts
nmap –script [scrip­t.nse] [target]
Execute multiple scripts
nmap –script [expre­ssion] [target]
Execute scripts by category
nmap –script [cat] [target]
Execute multiple scripts categories
nmap –script [cat1,­cat2, etc]
Troubl­eshoot scripts
nmap –script [script] –scrip­t-trace [target]
Update the script database
nmap –scrip­t-u­pdatedb

Firewall Evasion Techniques

Nmap Query
Nmap Command
Fragment packets
nmap -f [target]
Specify a specific MTU
nmap –mtu [MTU] [target]
Use a decoy
nmap -D RND: [number] [target]
Idle zombie scan
nmap -sI [zombie] [target]
Manually specify a source port
nmap –sourc­e-port [port] [target]
Append random data
nmap –data-­length [size] [target]
Randomize target scan order
nmap –rando­miz­e-hosts [target]
Spoof MAC Address
nmap –spoof-mac [MAC|0­|ve­ndor] [target]
Send bad checksums
nmap –badsum [target]

Output Options

Nmap Query
Nmap Command
Save output to a text file
nmap -oN [scan.txt] [target]
Save output to a xml file
nmap -oX [scan.xml] [target]
Grepable output
nmap -oG [scan.txt] [target]
Output all supported file types
nmap -oA [path/­fil­ename] [target]
Period­ically display statistics
nmap –stats­-every [time] [target]
133t output
nmap -oS [scan.txt] [target]


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Nmap Basics Cheat Sheet
          Security+ 601 Exam Cheat Sheet

          More Cheat Sheets by xoulea

          Computer Networks Cheat Sheet
          GSEC - Essentials Cheat Sheet