Table of Contents

  1. Common Nmap Command Snippets
    1. Basic Scans
      1. Scan a Single Host
      2. Scan Multiple Hosts
      3. Scan a Range of IPs
      4. Scan a Subnet
    2. Port Scanning
      1. Scan Specific Ports
      2. Scan a Range of Ports
      3. Scan All 65535 Ports
    3. Scan Types
      1. TCP SYN Scan (Default, Stealth)
      2. TCP Connect Scan
      3. UDP Scan
      4. Aggressive Scan (Version Detection, OS Detection, Script Scanning, Traceroute)
      5. Service and Version Detection
      6. OS Detection
    4. Output Options
      1. Save Output to File
      2. Save Output in Grepable Format
      3. Save All Formats
    5. Useful Nmap Scripting Engine (NSE) Examples
      1. Run Vulnerability Scripts
      2. Run Default Scripts
      3. Detect HTTP Methods
      4. Detect SSL/TLS Information
    6. Performance Tweaks
      1. Increase Speed of Scan
      2. Maximum Speed (May Cause Inaccuracy)
      3. Limit Scan to Active Hosts Only
    7. Firewall Evasion
      1. Decoy Scan
      2. Fragment Packets
      3. Source Port Manipulation
    8. Combining Options
      1. Fast, Aggressive, All Ports, Save Output

Common Nmap Command Snippets

A collection of useful Nmap commands for quick reference.

Basic Scans

Scan a Single Host 

nmap 192.168.1.1

Scan Multiple Hosts 

nmap 192.168.1.1 192.168.1.2 192.168.1.3

Scan a Range of IPs 

nmap 192.168.1.1-20

Scan a Subnet 

nmap 192.168.1.0/24

Port Scanning

Scan Specific Ports 

nmap -p 22,80,443 192.168.1.1

Scan a Range of Ports 

nmap -p 1-1000 192.168.1.1

Scan All 65535 Ports 

nmap -p- 192.168.1.1

Scan Types

TCP SYN Scan (Default, Stealth) 

nmap -sS 192.168.1.1

TCP Connect Scan 

nmap -sT 192.168.1.1

UDP Scan 

nmap -sU 192.168.1.1

Aggressive Scan (Version Detection, OS Detection, Script Scanning, Traceroute) 

nmap -A 192.168.1.1

Service and Version Detection 

nmap -sV 192.168.1.1

OS Detection 

nmap -O 192.168.1.1

Output Options

Save Output to File 

nmap -oN output.txt 192.168.1.1

Save Output in Grepable Format 

nmap -oG output.gnmap 192.168.1.1

Save All Formats 

nmap -oA scan_results 192.168.1.1

Useful Nmap Scripting Engine (NSE) Examples

Run Vulnerability Scripts 

nmap --script vuln 192.168.1.1

Run Default Scripts 

nmap -sC 192.168.1.1

Detect HTTP Methods 

nmap --script http-methods 192.168.1.1

Detect SSL/TLS Information 

nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.1.1

Performance Tweaks

Increase Speed of Scan 

nmap -T4 192.168.1.1

Maximum Speed (May Cause Inaccuracy) 

nmap -T5 192.168.1.1

Limit Scan to Active Hosts Only 

nmap -sn 192.168.1.0/24

Firewall Evasion

Decoy Scan 

nmap -D RND:10 192.168.1.1

Fragment Packets 

nmap -f 192.168.1.1

Source Port Manipulation 

nmap --source-port 53 192.168.1.1

Combining Options

Fast, Aggressive, All Ports, Save Output 

nmap -T4 -A -p- -oA full_scan 192.168.1.1