Complete Nmap Scanning Commands CheatSheet by Hackopedia Utkarsh Thakur
utkarshthakur135
82 views
3 slides
Mar 31, 2025
Slide 1 of 3
1
2
3
About This Presentation
Complete Nmap Scanning Commands CheatSheet by Hackopedia Utkarsh Thakur, ETHICAL HACKING , HACKOPEDIA
Slide Content
Complete Nmap Scanning Commands CheatSheet by
Hackopedia Utkarsh Thakur
1. Basic Scans:
●nmap <target> - Basic scan (default is a SYN scan).
●nmap -sT <target> - TCP connect scan (slower but useful for unprivileged
users).
●nmap -sS <target> - SYN scan (default, stealthy and fast).
●nmap -sU <target> - UDP scan.
●nmap -p <port> <target> - Scan specific port.
●nmap -p- <target> - Scan all 65535 ports.
2. Service and Version Detection:
●nmap -sV <target> - Detect service version.
●nmap -A <target> - Aggressive scan (OS detection, version, script scanning, and
traceroute).
●nmap -O <target> - OS detection.
●nmap --version-intensity 5 <target> - More accurate version detection.
3. Port Scanning Techniques:
●nmap -p1-1000 <target> - Scan first 1000 ports.
●nmap -p80,443,22 <target> - Scan specific ports.
●nmap -F <target> - Fast scan (only scans commonly used ports).
●nmap -sN <target> - Null scan (no flags, stealthy).
●nmap -sF <target> - FIN scan (stealthy, used to bypass some firewalls).
●nmap -sX <target> - Xmas scan (stealthy but less effective).
4. Firewall and IDS Evasion:
●nmap -f <target> - Fragment packets to bypass firewalls.
●nmap --mtu 16 <target> - Custom packet sizes.
●nmap --scan-delay 5s <target> - Slower scanning to evade detection.
●nmap --badsum <target> - Send packets with bad checksums to evade firewalls.
●nmap -D RND:10 <target> - Use 10 random decoys to obscure the real scan.
●nmap -S <spoofed IP> <target> - Spoof source IP.
Hackopedia Utkarsh Thakur
1. Basic Scans:
●nmap <target> - Basic scan (default is a SYN scan).
●nmap -sT <target> - TCP connect scan (slower but useful for unprivileged
users).
●nmap -sS <target> - SYN scan (default, stealthy and fast).
●nmap -sU <target> - UDP scan.
●nmap -p <port> <target> - Scan specific port.
●nmap -p- <target> - Scan all 65535 ports.
2. Service and Version Detection:
●nmap -sV <target> - Detect service version.
●nmap -A <target> - Aggressive scan (OS detection, version, script scanning, and
traceroute).
●nmap -O <target> - OS detection.
●nmap --version-intensity 5 <target> - More accurate version detection.
3. Port Scanning Techniques:
●nmap -p1-1000 <target> - Scan first 1000 ports.
●nmap -p80,443,22 <target> - Scan specific ports.
●nmap -F <target> - Fast scan (only scans commonly used ports).
●nmap -sN <target> - Null scan (no flags, stealthy).
●nmap -sF <target> - FIN scan (stealthy, used to bypass some firewalls).
●nmap -sX <target> - Xmas scan (stealthy but less effective).
4. Firewall and IDS Evasion:
●nmap -f <target> - Fragment packets to bypass firewalls.
●nmap --mtu 16 <target> - Custom packet sizes.
●nmap --scan-delay 5s <target> - Slower scanning to evade detection.
●nmap --badsum <target> - Send packets with bad checksums to evade firewalls.
●nmap -D RND:10 <target> - Use 10 random decoys to obscure the real scan.
●nmap -S <spoofed IP> <target> - Spoof source IP.
5. Script Scanning (NSE):
●nmap --script=http-enum <target> - Enumerate HTTP services.
●nmap --script=vuln <target> - Scan for known vulnerabilities.
●nmap --script=default <target> - Run default scripts.
●nmap --script=banner <target> - Grab service banners.
●nmap --script=smb-os-discovery <target> - Identify SMB services and OS
version.
6. Network and Host Discovery:
●nmap -sn <network> - Ping scan (find live hosts).
●nmap -Pn <target> - Disable ping (useful if ICMP is blocked).
●nmap -PS22,80,443 <target> - TCP SYN Ping.
●nmap -PU53,123 <target> - UDP Ping.
●nmap --traceroute <target> - Traceroute with Nmap.
●nmap -R <target> - Reverse DNS resolution.
7. Performance and Speed Optimization:
●nmap -T0 <target> - Paranoid scan (very slow, avoids detection).
●nmap -T3 <target> - Normal scan (default speed).
●nmap -T4 <target> - Aggressive scan (fast but detectable).
●nmap -T5 <target> - Insane scan (fastest but easily detectable).
●nmap --max-retries 1 <target> - Reduce retry count.
●nmap --min-rate 1000 <target> - Set minimum scan rate.
8. IPv6 Scanning:
●nmap -6 <IPv6 address> - Scan an IPv6 target.
●nmap -sP -6 <network> - Discover IPv6 hosts.
●nmap -p80 -6 <IPv6 address> - Scan specific ports on IPv6.
9. Aggressive and Comprehensive Scans:
●nmap -A <target> - Full scan with OS, service detection, scripts, and traceroute.
●nmap -p- -A <target> - Aggressive scan on all ports.
●nmap -sS -sV -O -A -p- <target> - Full stealth scan with all details.
●nmap -sC <target> - Run default scripts.
10. Output and Logging:
●nmap -oN output.txt <target> - Save output in normal text format.
●nmap -oX output.xml <target> - Save output in XML format.
●nmap --script=http-enum <target> - Enumerate HTTP services.
●nmap --script=vuln <target> - Scan for known vulnerabilities.
●nmap --script=default <target> - Run default scripts.
●nmap --script=banner <target> - Grab service banners.
●nmap --script=smb-os-discovery <target> - Identify SMB services and OS
version.
6. Network and Host Discovery:
●nmap -sn <network> - Ping scan (find live hosts).
●nmap -Pn <target> - Disable ping (useful if ICMP is blocked).
●nmap -PS22,80,443 <target> - TCP SYN Ping.
●nmap -PU53,123 <target> - UDP Ping.
●nmap --traceroute <target> - Traceroute with Nmap.
●nmap -R <target> - Reverse DNS resolution.
7. Performance and Speed Optimization:
●nmap -T0 <target> - Paranoid scan (very slow, avoids detection).
●nmap -T3 <target> - Normal scan (default speed).
●nmap -T4 <target> - Aggressive scan (fast but detectable).
●nmap -T5 <target> - Insane scan (fastest but easily detectable).
●nmap --max-retries 1 <target> - Reduce retry count.
●nmap --min-rate 1000 <target> - Set minimum scan rate.
8. IPv6 Scanning:
●nmap -6 <IPv6 address> - Scan an IPv6 target.
●nmap -sP -6 <network> - Discover IPv6 hosts.
●nmap -p80 -6 <IPv6 address> - Scan specific ports on IPv6.
9. Aggressive and Comprehensive Scans:
●nmap -A <target> - Full scan with OS, service detection, scripts, and traceroute.
●nmap -p- -A <target> - Aggressive scan on all ports.
●nmap -sS -sV -O -A -p- <target> - Full stealth scan with all details.
●nmap -sC <target> - Run default scripts.
10. Output and Logging:
●nmap -oN output.txt <target> - Save output in normal text format.
●nmap -oX output.xml <target> - Save output in XML format.
●nmap -oG output.gnmap <target> - Save output in greppable format.
●nmap -v <target> - Verbose mode (detailed output).
●nmap -d <target> - Debug mode.
11. Scanning Multiple Targets:
●nmap <target1> <target2> - Scan multiple hosts.
●nmap 192.168.1.1-100 - Scan a range of IPs.
●nmap -iL targets.txt - Scan targets from a file.
●nmap -iR 100 - Scan 100 random hosts.
12. Advanced Scanning and Exploitation:
●nmap --script=exploit <target> - Run exploit scripts.
●nmap --script=http-vuln* <target> - Scan for HTTP vulnerabilities.
●nmap --script=smb-vuln* <target> - Scan for SMB vulnerabilities.
●nmap --script=ftp-anon <target> - Check for anonymous FTP access.
13. Brute-Force and Password Attacks:
●nmap --script=ssh-brute <target> - SSH brute force attack.
●nmap --script=ftp-brute <target> - FTP brute force.
●nmap --script=http-brute <target> - HTTP brute force.
●nmap --script=smb-brute <target> - SMB brute force.
This document provides all essential Nmap scanning
commands, from basic to advanced techniques. It can be
used as a quick reference guide for penetration testers,
ethical hackers, and network administrators.
For best performance, always scan responsibly and ensure legal compliance when testing
networks.
Prepared by HACKOPEDIA Utkarsh Thakur
●nmap -v <target> - Verbose mode (detailed output).
●nmap -d <target> - Debug mode.
11. Scanning Multiple Targets:
●nmap <target1> <target2> - Scan multiple hosts.
●nmap 192.168.1.1-100 - Scan a range of IPs.
●nmap -iL targets.txt - Scan targets from a file.
●nmap -iR 100 - Scan 100 random hosts.
12. Advanced Scanning and Exploitation:
●nmap --script=exploit <target> - Run exploit scripts.
●nmap --script=http-vuln* <target> - Scan for HTTP vulnerabilities.
●nmap --script=smb-vuln* <target> - Scan for SMB vulnerabilities.
●nmap --script=ftp-anon <target> - Check for anonymous FTP access.
13. Brute-Force and Password Attacks:
●nmap --script=ssh-brute <target> - SSH brute force attack.
●nmap --script=ftp-brute <target> - FTP brute force.
●nmap --script=http-brute <target> - HTTP brute force.
●nmap --script=smb-brute <target> - SMB brute force.
This document provides all essential Nmap scanning
commands, from basic to advanced techniques. It can be
used as a quick reference guide for penetration testers,
ethical hackers, and network administrators.
For best performance, always scan responsibly and ensure legal compliance when testing
networks.
Prepared by HACKOPEDIA Utkarsh Thakur
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 82
- Slides 3
- Age 249 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views