| Command Description | |
|---|---|
| nmap [target] Scan a Singl | e Target |
| nmap [target1, target2, etc] Scan |
|
| nmap -iL [list.txt] Scan a List | of Targets |
| nmap [range of ip addresses] Scan |
|
| nmap [ip address/cdir] Scan an | Entire Subnet |
| nmap -iR [number] Scan Random | Hosts |
| nmap [targets] --exclude [targets] Excl | uding Targets from a Scan |
| nmap [targets] --excludefile [list.txt] | Excluding Targets Using a List |
| nmap -A [target] Perform an A | ggressive Scan |
| nmap -6 [target] Scan an IPv6 |
|
| Command Description | |
|---|---|
nmap -sP [target] Perform a Pi nmap -PN [target] Don’t Ping nmap -PS [target] TCP SYN Ping nmap -PA [target] TCP ACK Ping nmap -PU [target] UDP Ping |
ng Only Scan |
| nmap -PY [target] SCTP INIT Pi | ng |
| nmap -PE [target] ICMP Echo Pi | ng |
| nmap -PP [target] ICMP Timesta | mp Ping |
| nmap -PM [target] ICMP Address |
|
nmap -PO [target] IP Protocol nmap -PR [target] ARP Ping |
Ping |
| nmap --traceroute [target] Tracerou | te |
| nmap -R [target] Force Revers | e DNS Resolution |
| nmap -n [target] Disable Reve | rse DNS Resolution |
| nmap --system-dns [target] Alternat | ive DNS Lookup |
| nmap --dns-servers [servers] [target] | Manually Specify DNS Server(s) |
| nmap -sL [targets] Create a Hos | t List |
| Command Description | |
|---|---|
| nmap -sS [target] TCP SYN Scan | |
nmap -sT [target] TCP Connect nmap -sU [target] UDP Scan |
Scan |
nmap -sN [target] TCP NULL Sca nmap -sF [target] TCP FIN Scan nmap -sX [target] Xmas Scan nmap -sA [target] TCP ACK Scan |
n |
| nmap --scanflags [flags] [target] Cust | om TCP Scan |
| nmap -sO [target] IP Protocol | Scan |
| nmap --send-eth [target] Send Raw |
|
| nmap --send-ip [target] Send IP | Packets |
| Command Description | |
|---|---|
| nmap -F [target] Perform a Fast S | can |
| nmap -p [port(s)] [target] Scan Specifi | c Ports |
| nmap -p [port name(s)] [target] Scan Por | ts by Name |
| nmap -sU -sT -p U:[ports],T:[ports] [target] | Scan Ports by Protocol |
| nmap -p "*" [target] Scan All Por | ts |
| nmap --top-ports [number] [target] Scan Top |
|
| nmap -r [target] Perform a Sequen | tial Port Scan |
| Command Description | |
|---|---|
| nmap -O [target] Operating Sy | stem Detection |
| www.nmap.org/submit/ Submit T | CP/IP Fingerprints |
| nmap -O --osscan-guess [target] Atte | mpt to Guess an Unknown OS |
| nmap -sV [target] Service Vers | ion Detection |
| nmap -sV --version-trace [target] Trou | bleshooting Version Scans |
| nmap -sR [target] Perform a RP | C Scan |
| Command Description | |
|---|---|
| nmap -T[0-5] [target] Timing Templ | ates |
| nmap --ttl [time] [target] Set the Pack | et TTL |
| nmap --min-parallelism [number] [target] Mini | mum # of Parallel Operations |
| nmap --max-parallelism [number] [target] Maxi | mum # of Parallel Operations |
| nmap --min-hostgroup [number] [targets] Mini | mum Host Group Size |
| nmap --max-hostgroup [number] [targets] Maxi | mum Host Group Size |
| nmap --initial-rtt-timeout [time] [target] Maxi | mum RTT Timeout |
| nmap --max-rtt-timeout [TTL] [target] Init | ial RTT Timeout |
| nmap --max-retries [number] [target] Maxi | mum Retries |
| nmap --host-timeout [time] [target] Host Tim | eout |
| nmap --scan-delay [time] [target] Minimum | Scan Delay |
| nmap --max-scan-delay [time] [target] Maxi | mum Scan Delay |
| nmap --min-rate [number] [target] Minimum | Packet Rate |
| nmap --max-rate [number] [target] Maximum | Packet Rate |
| nmap --defeat-rst-ratelimit [target] Defe | at Reset Rate Limits |
| Command Description | |
|---|---|
| nmap -f [target] Fragment Packets | |
| nmap --mtu [MTU] [target] Specify a Sp | ecific MTU |
| nmap -D RND:[number] [target] Use a De | coy |
| nmap -sI [zombie] [target] Idle Zombie | Scan |
| nmap --source-port [port] [target] Manually |
|
| nmap --data-length [size] [target] Append R | andom Data |
| nmap --randomize-hosts [target] Randomiz | e Target Scan Order |
| nmap --spoof-mac [MACvendor] [target] Spoo | f MAC Address |
| nmap --badsum [target] Send Bad Che | cksums |
| Command Description | |
|---|---|
| nmap -oN [scan.txt] [target] Save |
|
| nmap -oX [scan.xml] [target] Save |
|
| nmap -oG [scan.txt] [targets] Grep | able Output |
| nmap -oA [path/filename] [target] Outp | ut All Supported File Types |
| nmap --stats-every [time] [target] Peri | odically Display Statistics |
| nmap -oS [scan.txt] [target] 133t |
|
| Command Description | |
|---|---|
| nmap -h Getting Help | |
| nmap -V Display Nmap |
|
| nmap -v [target] Verbose | Output |
| nmap -d [target] Debuggin | g |
| nmap --reason [target] Disp | lay Port State Reason |
| nmap --open [target] Only |
|
| nmap --packet-trace [target] | Trace Packets |
| nmap --iflist Display | Host Networking |
| nmap -e [interface] [target] | Specify a Network Interface |
- Script Categories
all, auth, default, discovery, external, intrusive, malware, safe, vuln
| Command Description | |
|---|---|
| nmap --script [script.nse] [target] Execute | Individual Scripts |
| nmap --script [expression] [target] Execute | Multiple Scripts |
| nmap --script [category] [target] Execute | Scripts by Category |
| nmap --script [category1,category2,etc] Exec | ute Multiple Script Categories |
| nmap --script [script] --script-trace [target] | Troubleshoot Scripts |
| nmap --script-updatedb Update the S | cript Database |
| Command Description | |
|---|---|
| ndiff [scan1.xml] [scan2.xml] Comp | arison Using Ndiff |
| ndiff -v [scan1.xml] [scan2.xml] Ndif | f Verbose Mode |
| ndiff --xml [scan1.xml] [scan2.xml] XML | Output Mode |