Useful nmap Snippets

TOC

  1. Useful nmap Snippets
  2. TOC
    1. Basic Scans
    2. Port Scanning
    3. Service and Version Detection
    4. Operating System Detection
    5. Stealth Scanning
    6. UDP Scanning
    7. Script Scanning
    8. Output Control
    9. Firewall Evasion
    10. Network Discovery
    11. Advanced Options
    12. Vulnerability Scanning

Basic Scans

  1. Perform a simple scan:
    nmap 192.168.1.1
    
  2. Scan multiple targets:
    nmap 192.168.1.1 192.168.1.2
    
  3. Scan a range of IPs:
    nmap 192.168.1.1-254
    
  4. Scan an entire subnet:
    nmap 192.168.1.0/24
    

Port Scanning

  1. Scan specific ports:
    nmap -p 80,443 192.168.1.1
    
  2. Scan a range of ports:
    nmap -p 1-1000 192.168.1.1
    
  3. Scan all 65535 ports:
    nmap -p- 192.168.1.1
    

Service and Version Detection

  1. Detect services and versions:
    nmap -sV 192.168.1.1
    
  2. Aggressive service detection:
    nmap -sV --version-intensity 5 192.168.1.1
    

Operating System Detection

  1. Detect OS of a host:
    nmap -O 192.168.1.1
    
  2. Combine OS detection with version detection:
    nmap -A 192.168.1.1
    

Stealth Scanning

  1. Perform a TCP SYN scan:
    nmap -sS 192.168.1.1
    
  2. Perform a TCP connect scan:
    nmap -sT 192.168.1.1
    

UDP Scanning

  1. Scan UDP ports:
    nmap -sU 192.168.1.1
    

Script Scanning

  1. Run default scripts:
    nmap -sC 192.168.1.1
    
  2. Run specific scripts:
    nmap --script=http-title 192.168.1.1
    
  3. Run multiple scripts:
    nmap --script=http-title,ssl-cert 192.168.1.1
    

Output Control

  1. Save output to a file:
    nmap -oN output.txt 192.168.1.1
    
  2. Save output in all formats:
    nmap -oA output 192.168.1.1
    
  3. Generate machine-readable output:
    nmap -oX output.xml 192.168.1.1
    

Firewall Evasion

  1. Use decoys to mask scan origin:
    nmap -D RND:10 192.168.1.1
    
  2. Use a specific source port:
    nmap --source-port 80 192.168.1.1
    
  3. Fragment packets to bypass firewalls:
    nmap -f 192.168.1.1
    

Network Discovery

  1. Ping scan to find live hosts:
    nmap -sn 192.168.1.0/24
    
  2. Scan without pinging:
    nmap -Pn 192.168.1.1
    

Advanced Options

  1. Scan with maximum speed:
    nmap -T5 192.168.1.1
    
  2. Save a list of targets:
    nmap -iL targets.txt
    
  3. Scan IPv6 targets:
    nmap -6 2001:db8::1
    

Vulnerability Scanning

  1. Use vulnerability scanning scripts:
    nmap --script vuln 192.168.1.1