Scribd
Upload
94 views7 pages

Nmap Commands Collection

Nmap is a security scanning tool used to discover hosts and services on a computer network by sending packets and analyzing responses. This document provides examples of common Nmap commands and switches to scan specific IP addresses and ranges, ports, operating systems, services, and run scripts for discovery and analysis. Key switches include -p for port scanning, -O for operating system detection, -sV for service version detection, and -script for running Nmap Scripting Engine scripts.

Uploaded by

hammad.khan.4440k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
94 views7 pages

Nmap Commands Collection

Nmap is a security scanning tool used to discover hosts and services on a computer network by sending packets and analyzing responses. This document provides examples of common Nmap commands and switches to scan specific IP addresses and ranges, ports, operating systems, services, and run scripts for discovery and analysis. Key switches include -p for port scanning, -O for operating system detection, -sV for service version detection, and -script for running Nmap Scripting Engine scripts.

Uploaded by

hammad.khan.4440k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

SWITCH EXAMPLE DESCRIPTION

nmap 192.168.1.1 Scan a single IP


nmap 192.168.1.1 192.168.2.1 Scan specific IPs
nmap 192.168.1.1-254 Scan a range
nmap scanme.nmap.org Scan a domain
nmap 192.168.1.0/24 Scan using CIDR notation
-iL nmap -iL targets.txt Scan targets from a file
-iR nmap -iR 100 Scan 100 random hosts
-exclude nmap -exclude 192.168.1.1 Exclude listed hosts
SWITCH EXAMPLE DESCRIPTION

-sL nmap 192.168.1.1-3 -sL No Scan. List targets only


-sn nmap 192.168.1.1/24 -sn Disable port scanning. Host
discovery only.
-Pn nmap 192.168.1.1-5 -Pn Disable host discovery. Port
scan only.
-PS nmap 192.168.1.1-5 -PS22-25,80 TCP SYN discovery on port x.
Port 80 by default
-PA nmap 192.168.1.1-5 -PA22-25,80 TCP ACK discovery on port x.
Port 80 by default
-PU nmap 192.168.1.1-5 -PU53 UDP discovery on port x.
Port 40125 by default
-PR nmap 192.168.1.1-1/24 -PR ARP discovery on local network
-n nmap 192.168.1.1 -n Never do DNS resolution
SWITCH EXAMPLE DESCRIPTION

-p nmap 192.168.1.1 -p 21 Port scan for port x


-p nmap 192.168.1.1 -p 21-100 Port range
-p nmap 192.168.1.1 -p U:53,T:21- Port scan multiple
25,80 TCP and UDP ports
-p nmap 192.168.1.1 -p- Port scan all ports
-p nmap 192.168.1.1 -p http,https Port scan from service name
-F nmap 192.168.1.1 -F Fast port scan (100 ports)
-top-
ports nmap 192.168.1.1 -top-ports 2000 Port scan the top x ports
-p-65535 nmap 192.168.1.1 -p-65535 Leaving off initial port in range
makes the scan start at port 1

-p0- nmap 192.168.1.1 -p0- Leaving off end port in range


makes the scan go through to
port 65535
SWITCH EXAMPLE DESCRIPTION
Remote OS detection using TCP/IP
-O nmap 192.168.1.1 -O
stack fingerprinting

-O -osscan- nmap 192.168.1.1 -O If at least one open and one closed TCP
limit -osscan-limit port are not found it will not try OS
detection against host

-O -osscan nmap 192.168.1.1 Makes Nmap guess more aggressively


-guess -O -osscan-guess

-O -max-os- nmap 192.168.1.1 -O - Set the maximum number x of OS


tries max-os-tries 1 detection tries against a target

Enables OS detection, version detection,


-A nmap 192.168.1.1 -A
script scanning and traceroute
SWITCH EXAMPLE DESCRIPTION

-sV nmap 192.168.1.1 -sV Attempts to determine the version of


the service running on port
-sV -version nmap 192.168.1.1 -sV - Intensity level 0 to 9. Higher number
-intensity version-intensity 8 increases possibility of correctness

-sV -version nmap 192.168.1.1 -sV - Enable light mode. Lower possibility
-light version-light of correctness. Faster

-sV -version nmap 192.168.1.1 -sV - Enable intensity level 9. Higher


-all version-all possibility of correctness. Slower

Enables OS detection, version detection,


-A nmap 192.168.1.1 -A script scanning, and traceroute
SWITCH EXAMPLE DESCRIPTION

-sC nmap 192.168.1.1 -sC Scan with default NSE scripts. Considered
useful for discovery and safe

-script nmap 192.168.1.1 -script Scan with default NSE scripts. Considered
default default useful for discovery and safe

-script nmap 192.168.1.1 - Scan with a single script. Example banner


script=banner

-script nmap 192.168.1.1 - Scan with a wildcard. Example http


script=http*
-script nmap 192.168.1.1 - Scan with two scripts. Example http
script=http,banner and banner
-script nmap 192.168.1.1 -script
Scan default, but remove intrusive scripts
"not intrusive"

-script nmap -script snmp-sysdescr -script- NSE script with arguments


-args args snmpcommunity=admin
192.168.1.1

You might also like