{"id":25088,"date":"2017-11-25T20:11:24","date_gmt":"2017-11-25T14:41:24","guid":{"rendered":"https:\/\/www.armourinfosec.com\/?p=25088"},"modified":"2020-02-07T14:15:57","modified_gmt":"2020-02-07T08:45:57","slug":"nmap-cheat-sheet","status":"publish","type":"post","link":"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/","title":{"rendered":"Nmap Cheat Sheet"},"content":{"rendered":"

Network Mapper (Nmap)<\/strong> also known as the God of Port Scanners<\/strong> used for network discovery and the basis for most security enumeration during the initial stages of a Penetration Testing<\/a>. Nmap has a multitude of options and when you first start playing with this excellent tool it can be a bit daunting. In this cheat sheet you will find a series of practical example commands for running Nmap and getting the most of this powerful tool. Below is Nmap Cheat Sheet and Helpful Tips and Techniques.<\/p>\n

Keep in mind that this cheat sheet merely touches the surface of the available options. The Nmap Documentation portal<\/a> is your reference for digging deeper into the options available.<\/p>\n

Nmap in a nutshell<\/strong><\/h4>\n
    \n
  • Target Specification<\/li>\n
  • Host Discovery<\/li>\n
  • Port Specification<\/li>\n
  • Service Discovery \/ Version Detection<\/li>\n
  • Operating System Version Detection<\/li>\n
  • Firewall \/ IDS Evasion and Spoofing<\/li>\n
  • Time and Performance based Scan<\/li>\n
  • Output of Scan<\/li>\n
  • Vulnerability \/ Exploit Detection, using Nmap Scripts (NSE)<\/li>\n<\/ul>\n
    Target Specification<\/strong><\/h5>\n

    Scan a single IP<\/p>\n

    nmap 192.168.1.1<\/pre>\n
    Scan specific IPs<\/p>\n
    nmap 192.168.1.1 192.168.1.5<\/pre>\n
    Scan a Range<\/p>\n
    nmap 192.168.1.1-254<\/pre>\n
    Scan a Domain \/ Host<\/p>\n
    nmap nmap scanme.nmap.org<\/pre>\n
    Scan Targets from a File<\/p>\n
    namp -iL targets.txt<\/pre>\n
    Exclude the Listed Host from the Target Range<\/p>\n
    nmap --exclude 192.168.1.5 192.168.1.1-10<\/pre>\n
    Host Discovery<\/strong><\/h5>\n
    To List given targets only, no Scan<\/p>\n
    nmap -sL 192.168.1.1-3<\/pre>\n
    To Disable Port Scanning, Host Discovery only<\/p>\n
    nmap -sn 192.168.1.1\/24<\/pre>\n
    To Disable Host Discovery. Port scan only<\/p>\n
    nmap -Pn 192.168.1.1-5<\/pre>\n
    TCP SYN discovery on given port<\/p>\n
    nmap -PS 80,21 192.168.1.1<\/pre>\n
    TCP ACK discovery on given port<\/p>\n
    nmap -PA 80,21 192.168.1.1<\/pre>\n
    UDP discovery on given port<\/p>\n
    nmap -PU 53 192.168.1.1<\/pre>\n
    Port Specification<\/strong><\/h5>\n
    Scan a given Port (i.e 21 here)<\/p>\n
    nmap -p 21 192.168.1.1<\/pre>\n
    Scan the given Port Range<\/p>\n
    nmap -p 21-100 192.168.1.1<\/pre>\n
    Scan the multiple TCP and UDP ports<\/p>\n
    nmap -p U:53,T:21-25,80 192.168.1.1<\/pre>\n
    Scan all 65535 ports<\/p>\n
    nmap -p- 192.168.1.1<\/pre>\n
    Scans the given Service Name<\/p>\n
    nmap -p http,https 192.168.1.1<\/pre>\n
    Scans the Top 100 ports<\/p>\n
    nmap -F 192.168.1.1<\/pre>\n
    Service Discovery \/ Version Detection<\/strong><\/h5>\n
    Detect Version of the Running Services<\/p>\n
    nmap -sV 192.168.1.1<\/pre>\n
    To set intensity range between 0 to 9. Higher number increases possibility of correctness<\/p>\n
    nmap -sV --version-intensity 5 192.168.1.1<\/pre>\n
    To enable the light mode(intensity =2). It is faster but have less possibility of correctness<\/p>\n
    nmap\u00a0 -sV --version-light 192.168.1.1<\/pre>\n
    To enables the intense mode(intensity =9). It is slower but have more possibility of correctness<\/p>\n
    nmap -sV --version-all 192.168.1.1<\/pre>\n
    Operating System Version Detection<\/strong><\/h5>\n
    Detect the Operating system<\/p>\n
    nmap -sV 192.168.1.1<\/pre>\n
    Aggressive mode i.e OS, Service Version, Trace route.<\/p>\n
    nmap -A 192.168.1.1<\/pre>\n
    Firewall \/ IDS Evasion and Spoofing<\/strong><\/h5>\n
    Use tiny fragmented IP packets. Its harder for packet filters<\/p>\n
    nmap -f 192.168.1.1<\/pre>\n
    Used to set our own offset size<\/p>\n
    nmap --mtu 32 192.168.1.1<\/pre>\n
    Use the Spoofed IP to scan<\/p>\n
    nmap -D decoy-ip1,decoy-ip2, your-own-ip remote-host-ip<\/pre>\n
    Scans target.com from example.com (Domain Name Spoofing)<\/p>\n
    nmap -S example.com target.com<\/pre>\n
    Uses the given port as a source<\/p>\n
    nmap -g 53 192.168.1.1<\/pre>\n
    Appends random data to sent packets<\/p>\n
    nmap --data-length 200 192.168.1.1<\/pre>\n
    Time and Performance based Scan<\/strong><\/h5>\n
    Slow scan<\/p>\n
    nmap -T0 192.168.1.1<\/pre>\n
    Sneaky scan<\/p>\n
    nmap -T1 192.168.1.1<\/pre>\n
    Timely scan<\/p>\n
    nmap -T2 192.168.1.1<\/pre>\n
    Default scan<\/p>\n
    nmap -T3 192.168.1.1<\/pre>\n
    Aggressive scan<\/p>\n
    nmap -T4 192.168.1.1<\/pre>\n
    Very Aggressive scan<\/p>\n
    nmap -T5 192.168.1.1<\/pre>\n
    Output of Scan<\/strong><\/h5>\n
    To scan in the Verbose mode (-vv for greater effect)<\/p>\n
    nmap -v 192.168.1.1<\/pre>\n
    Save the scan results to the scan.file<\/p>\n
    nmap 192.168.1.1 -oN scan.file<\/pre>\n
    Save the results in xml.file<\/p>\n
    nmap 192.168.1.1 -oX xml.file<\/pre>\n
    Save the results in grep.file<\/p>\n
    nmap 192.168.1.1 -oG grep.file<\/pre>\n
    Saves the Output in the three major formats at once<\/p>\n
    nmap 192.168.1.1 -oA result<\/pre>\n
    To scan in the debug mode (-dd for greater effect)<\/p>\n
    nmap 192.168.1.1 -d<\/pre>\n
    To see all the packets sent and received<\/p>\n
    nmap 192.168.1.1 -T4 --packet-trace<\/pre>\n
    Vulnerability \/ Exploit Detection, using Nmap Scripts (NSE)<\/strong><\/h5>\n
    Scan with default NSE Scripts<\/p>\n
    nmap 192.168.1.1 -sC<\/pre>\n
    Scan with given NSE Script ( Example: nmap.nse )<\/p>\n
    nmap 192.168.1.1 --script=nmap.nse<\/pre>\n
    Use script with arguments<\/p>\n
    nmap 192.168.1.1 \u2013script=nmap.nse --script-args user=admin<\/pre>\n
     <\/p>\n","protected":false},"excerpt":{"rendered":"
    Network Mapper (Nmap) also known as the God of Port Scanners used for network discovery and the basis for most…<\/p>\n","protected":false},"author":1,"featured_media":25485,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,25,13,90],"tags":[105,103,104],"yoast_head":"\nNmap Cheat Sheet and Helpful Tips and Techniques<\/title>\n<meta name=\"description\" content=\"Nmap cheat sheet consist of various tips and techniques which are very helpfull in scanning, information gathering, enumeration during penetration test.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Nmap Cheat Sheet and Helpful Tips and Techniques\" \/>\n<meta property=\"og:description\" content=\"Nmap cheat sheet consist of various tips and techniques which are very helpfull in scanning, information gathering, enumeration during penetration test.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/\" \/>\n<meta property=\"og:site_name\" content=\"Armour Infosec\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ArmourInfosec\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-25T14:41:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-07T08:45:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2017\/11\/nmap.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1251\" \/>\n\t<meta property=\"og:image:height\" content=\"670\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Armour Infosec\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ArmourInfosec\" \/>\n<meta name=\"twitter:site\" content=\"@ArmourInfosec\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Armour Infosec\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/\",\"url\":\"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/\",\"name\":\"Nmap Cheat Sheet and Helpful Tips and Techniques\",\"isPartOf\":{\"@id\":\"https:\/\/www.armourinfosec.com\/#website\"},\"datePublished\":\"2017-11-25T14:41:24+00:00\",\"dateModified\":\"2020-02-07T08:45:57+00:00\",\"author\":{\"@id\":\"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308\"},\"description\":\"Nmap cheat sheet consist of various tips and techniques which are very helpfull in scanning, information gathering, enumeration during penetration test.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.armourinfosec.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Nmap Cheat Sheet\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.armourinfosec.com\/#website\",\"url\":\"https:\/\/www.armourinfosec.com\/\",\"name\":\"Armour Infosec\",\"description\":\"Do Your Part - Be Security Smart\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.armourinfosec.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308\",\"name\":\"Armour Infosec\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.armourinfosec.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g\",\"caption\":\"Armour Infosec\"},\"sameAs\":[\"https:\/\/www.armourinfosec.com\/\"],\"url\":\"https:\/\/www.armourinfosec.com\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Nmap Cheat Sheet and Helpful Tips and Techniques","description":"Nmap cheat sheet consist of various tips and techniques which are very helpfull in scanning, information gathering, enumeration during penetration test.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/","og_locale":"en_US","og_type":"article","og_title":"Nmap Cheat Sheet and Helpful Tips and Techniques","og_description":"Nmap cheat sheet consist of various tips and techniques which are very helpfull in scanning, information gathering, enumeration during penetration test.","og_url":"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/","og_site_name":"Armour Infosec","article_publisher":"https:\/\/www.facebook.com\/ArmourInfosec","article_published_time":"2017-11-25T14:41:24+00:00","article_modified_time":"2020-02-07T08:45:57+00:00","og_image":[{"width":1251,"height":670,"url":"https:\/\/www.armourinfosec.com\/wp-content\/uploads\/2017\/11\/nmap.png","type":"image\/png"}],"author":"Armour Infosec","twitter_card":"summary_large_image","twitter_creator":"@ArmourInfosec","twitter_site":"@ArmourInfosec","twitter_misc":{"Written by":"Armour Infosec","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/","url":"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/","name":"Nmap Cheat Sheet and Helpful Tips and Techniques","isPartOf":{"@id":"https:\/\/www.armourinfosec.com\/#website"},"datePublished":"2017-11-25T14:41:24+00:00","dateModified":"2020-02-07T08:45:57+00:00","author":{"@id":"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308"},"description":"Nmap cheat sheet consist of various tips and techniques which are very helpfull in scanning, information gathering, enumeration during penetration test.","breadcrumb":{"@id":"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.armourinfosec.com\/nmap-cheat-sheet\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.armourinfosec.com\/"},{"@type":"ListItem","position":2,"name":"Nmap Cheat Sheet"}]},{"@type":"WebSite","@id":"https:\/\/www.armourinfosec.com\/#website","url":"https:\/\/www.armourinfosec.com\/","name":"Armour Infosec","description":"Do Your Part - Be Security Smart","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.armourinfosec.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.armourinfosec.com\/#\/schema\/person\/1d8ec30560e735c34fa5d464a1357308","name":"Armour Infosec","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.armourinfosec.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/17f812901d8294702576e81ddce5aa92?s=96&d=mm&r=g","caption":"Armour Infosec"},"sameAs":["https:\/\/www.armourinfosec.com\/"],"url":"https:\/\/www.armourinfosec.com\/author\/admin\/"}]}},"menu_order":0,"_links":{"self":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/posts\/25088"}],"collection":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/comments?post=25088"}],"version-history":[{"count":0,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/posts\/25088\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/media\/25485"}],"wp:attachment":[{"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/media?parent=25088"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/categories?post=25088"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.armourinfosec.com\/wp-json\/wp\/v2\/tags?post=25088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}