Table of Contents
- Common Nmap Command Snippets
Common Nmap Command Snippets
A collection of useful Nmap commands for quick reference.
Basic Scans
Scan a Single Host
nmap 192.168.1.1
Scan Multiple Hosts
nmap 192.168.1.1 192.168.1.2 192.168.1.3
Scan a Range of IPs
nmap 192.168.1.1-20
Scan a Subnet
nmap 192.168.1.0/24
Port Scanning
Scan Specific Ports
nmap -p 22,80,443 192.168.1.1
Scan a Range of Ports
nmap -p 1-1000 192.168.1.1
Scan All 65535 Ports
nmap -p- 192.168.1.1
Scan Types
TCP SYN Scan (Default, Stealth)
nmap -sS 192.168.1.1
TCP Connect Scan
nmap -sT 192.168.1.1
UDP Scan
nmap -sU 192.168.1.1
Aggressive Scan (Version Detection, OS Detection, Script Scanning, Traceroute)
nmap -A 192.168.1.1
Service and Version Detection
nmap -sV 192.168.1.1
OS Detection
nmap -O 192.168.1.1
Output Options
Save Output to File
nmap -oN output.txt 192.168.1.1
Save Output in Grepable Format
nmap -oG output.gnmap 192.168.1.1
Save All Formats
nmap -oA scan_results 192.168.1.1
Useful Nmap Scripting Engine (NSE) Examples
Run Vulnerability Scripts
nmap --script vuln 192.168.1.1
Run Default Scripts
nmap -sC 192.168.1.1
Detect HTTP Methods
nmap --script http-methods 192.168.1.1
Detect SSL/TLS Information
nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.1.1
Performance Tweaks
Increase Speed of Scan
nmap -T4 192.168.1.1
Maximum Speed (May Cause Inaccuracy)
nmap -T5 192.168.1.1
Limit Scan to Active Hosts Only
nmap -sn 192.168.1.0/24
Firewall Evasion
Decoy Scan
nmap -D RND:10 192.168.1.1
Fragment Packets
nmap -f 192.168.1.1
Source Port Manipulation
nmap --source-port 53 192.168.1.1
Combining Options
Fast, Aggressive, All Ports, Save Output
nmap -T4 -A -p- -oA full_scan 192.168.1.1