Useful nmap Snippets
TOC
Basic Scans
- Perform a simple scan:
nmap 192.168.1.1 - Scan multiple targets:
nmap 192.168.1.1 192.168.1.2 - Scan a range of IPs:
nmap 192.168.1.1-254 - Scan an entire subnet:
nmap 192.168.1.0/24
Port Scanning
- Scan specific ports:
nmap -p 80,443 192.168.1.1 - Scan a range of ports:
nmap -p 1-1000 192.168.1.1 - Scan all 65535 ports:
nmap -p- 192.168.1.1
Service and Version Detection
- Detect services and versions:
nmap -sV 192.168.1.1 - Aggressive service detection:
nmap -sV --version-intensity 5 192.168.1.1
Operating System Detection
- Detect OS of a host:
nmap -O 192.168.1.1 - Combine OS detection with version detection:
nmap -A 192.168.1.1
Stealth Scanning
- Perform a TCP SYN scan:
nmap -sS 192.168.1.1 - Perform a TCP connect scan:
nmap -sT 192.168.1.1
UDP Scanning
- Scan UDP ports:
nmap -sU 192.168.1.1
Script Scanning
- Run default scripts:
nmap -sC 192.168.1.1 - Run specific scripts:
nmap --script=http-title 192.168.1.1 - Run multiple scripts:
nmap --script=http-title,ssl-cert 192.168.1.1
Output Control
- Save output to a file:
nmap -oN output.txt 192.168.1.1 - Save output in all formats:
nmap -oA output 192.168.1.1 - Generate machine-readable output:
nmap -oX output.xml 192.168.1.1
Firewall Evasion
- Use decoys to mask scan origin:
nmap -D RND:10 192.168.1.1 - Use a specific source port:
nmap --source-port 80 192.168.1.1 - Fragment packets to bypass firewalls:
nmap -f 192.168.1.1
Network Discovery
- Ping scan to find live hosts:
nmap -sn 192.168.1.0/24 - Scan without pinging:
nmap -Pn 192.168.1.1
Advanced Options
- Scan with maximum speed:
nmap -T5 192.168.1.1 - Save a list of targets:
nmap -iL targets.txt - Scan IPv6 targets:
nmap -6 2001:db8::1
Vulnerability Scanning
- Use vulnerability scanning scripts:
nmap --script vuln 192.168.1.1