Table of Contents

  1. Common Nmap Command Snippets
    1. Basic Scans
      1. Scan a Single Host
      2. Scan Multiple Hosts
      3. Scan a Range of IPs
      4. Scan a Subnet
    2. Port Scanning
      1. Scan Specific Ports
      2. Scan a Range of Ports
      3. Scan All 65535 Ports
    3. Scan Types
      1. TCP SYN Scan (Default, Stealth)
      2. TCP Connect Scan
      3. UDP Scan
      4. Aggressive Scan (Version Detection, OS Detection, Script Scanning, Traceroute)
      5. Service and Version Detection
      6. OS Detection
    4. Output Options
      1. Save Output to File
      2. Save Output in Grepable Format
      3. Save All Formats
    5. Useful Nmap Scripting Engine (NSE) Examples
      1. Run Vulnerability Scripts
      2. Run Default Scripts
      3. Detect HTTP Methods
      4. Detect SSL/TLS Information
    6. Performance Tweaks
      1. Increase Speed of Scan
      2. Maximum Speed (May Cause Inaccuracy)
      3. Limit Scan to Active Hosts Only
    7. Firewall Evasion
      1. Decoy Scan
      2. Fragment Packets
      3. Source Port Manipulation
    8. Combining Options
      1. Fast, Aggressive, All Ports, Save Output

Common Nmap Command Snippets

A collection of useful Nmap commands for quick reference.


Basic Scans

Scan a Single Host

nmap 192.168.1.1

Scan Multiple Hosts

nmap 192.168.1.1 192.168.1.2 192.168.1.3

Scan a Range of IPs

nmap 192.168.1.1-20

Scan a Subnet

nmap 192.168.1.0/24

Port Scanning

Scan Specific Ports

nmap -p 22,80,443 192.168.1.1

Scan a Range of Ports

nmap -p 1-1000 192.168.1.1

Scan All 65535 Ports

nmap -p- 192.168.1.1

Scan Types

TCP SYN Scan (Default, Stealth)

nmap -sS 192.168.1.1

TCP Connect Scan

nmap -sT 192.168.1.1

UDP Scan

nmap -sU 192.168.1.1

Aggressive Scan (Version Detection, OS Detection, Script Scanning, Traceroute)

nmap -A 192.168.1.1

Service and Version Detection

nmap -sV 192.168.1.1

OS Detection

nmap -O 192.168.1.1

Output Options

Save Output to File

nmap -oN output.txt 192.168.1.1

Save Output in Grepable Format

nmap -oG output.gnmap 192.168.1.1

Save All Formats

nmap -oA scan_results 192.168.1.1

Useful Nmap Scripting Engine (NSE) Examples

Run Vulnerability Scripts

nmap --script vuln 192.168.1.1

Run Default Scripts

nmap -sC 192.168.1.1

Detect HTTP Methods

nmap --script http-methods 192.168.1.1

Detect SSL/TLS Information

nmap --script ssl-cert,ssl-enum-ciphers -p 443 192.168.1.1

Performance Tweaks

Increase Speed of Scan

nmap -T4 192.168.1.1

Maximum Speed (May Cause Inaccuracy)

nmap -T5 192.168.1.1

Limit Scan to Active Hosts Only

nmap -sn 192.168.1.0/24

Firewall Evasion

Decoy Scan

nmap -D RND:10 192.168.1.1

Fragment Packets

nmap -f 192.168.1.1

Source Port Manipulation

nmap --source-port 53 192.168.1.1

Combining Options

Fast, Aggressive, All Ports, Save Output

nmap -T4 -A -p- -oA full_scan 192.168.1.1