Scan an IPv4 host/address
nmap 192.168.1.1
Scan an IPv6 host/address
nmap -6 2607:f8b0:4007:804::1009 nmap -v A -6 2607:f8b0:4007:804::1009
Scan FQDN
nmap server1.cyberciti.biz
Scan a host name with more info
nmap -v server1.cyberciti.biz
Scan a range of IP address
nmap 192.168.1.1-20 nmap 192.168.1.* nmap 192.168.1.0/24 nmap 192.168.1.1,2,3 nmap 192.168.1.1 192.168.1.2
Read list of hosts/networks from a file
nmap -iL /tmp/test.txt
Excluding hosts/networks (IPv4)
nmap 192.168.1.0/24 --exclude 192.168.1.5 nmap 192.168.1.0/24 --exclude 192.168.1.5,192.168.1.254 nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt
Turn on OS and version detection scanning script (IPv4)
nmap -A 192.168.1.254 nmap -v -A 192.168.1.1 nmap -A -iL /tmp/scanlist.txt
Find out if a host/network is protected by a firewall
nmap -sA 192.168.1.254
Scan a host when protected by the firewall
nmap -PN 192.168.1.1
Scan a network and find out which servers and devices are up and running
nmap -sP 192.168.1.0/24
Perform a fast scan
nmap -F 192.168.1.1
Display the reason a port is in a particular state
nmap --reason 192.168.1.1
Only show open (or possibly open) ports
nmap --open 192.168.1.1
Show all packets sent and received
nmap --packet-trace 192.168.1.1
Show host interfaces and routes (netsat -nr)
nmap --iflist
Scan specific ports
nmap -p 80 192.168.1.1 nmap -p 80,443 192.168.1.1 nmap -p 80-200 192.168.1.1 nmap -p T:80 192.168.1.1 nmap -p U:53 192.168.1.1 nmap -p U:53,111,137,T:21-25,80,139,8080 192.168.1.1 nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.1.254 nmap --top-ports 5 192.168.1.1
Fastest way to scan all your devices/computers for open ports
nmap -T5 192.168.1.0/24
Detect remote operating system
nmap -O 192.168.1.1 nmap -O --osscan-guess 192.168.1.1 nmap -v -O --osscan-guess 192.168.1.1
Detect remote services (server / daemon) version numbers
nmap -sV 192.168.1.1
Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
nmap -PS 192.168.1.1 nmap -PS 80,21,443 192.168.1.1 nmap -PA 192.168.1.1 nmap -PA 80,21,200-512 192.168.1.1
Scan a host using IP protocol ping
nmap -PO 192.168.1.1
Scan a host using UDP ping
nmap -PU 192.168.1.1 nmap -PU 2000.2001 192.168.1.1
Stealthy scan
nmap -sS 192.168.1.1
Find out the most commonly used TCP ports using TCP ACK scan
nmap -sA 192.168.1.1
Find out the most commonly used TCP ports using TCP Window scan
nmap -sW 192.168.1.1
Find out the most commonly used TCP ports using TCP Maimon scan
nmap -sM 192.168.1.1
Find out the most commonly used TCP ports using TCP connect scan
nmap -sT 192.168.1.1
Scan a host for UDP services (UDP scan)
nmap -sU 192.168.1.1
Scan for IP protocol
nmap -sO 192.168.1.1
Scan a firewall for security weakness. TCP Null Scan to fool a firewall to generate a response
Does not set any bits (TCP flag header is 0)
nmap -sN 192.168.1.254
TCP Fin scan to check firewall. Sets just the TCP FIN bit
nmap -sF 192.168.1.254
TCP Xmas scan to check firewall. Sets the FIN, PSH, & URG flags, lighting the packet up like a Christmas tree
nmap -sX 192.168.1.254
Scan a firewall for packets fragments
nmap -f 192.168.1.1
Set your own offset size with the –mtu option
nmap --mtu 32 192.168.1.1
Cloak a scan with decoys
nmap -n -Ddecoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4 remote-host-ip nmap -n -D192.168.1.5,10.5.1.2,172.1.2.4,3.4.2.1 192.168.1.5
Spoof your MAC address
nmap --spoof-mac MAC-ADDRESS-HERE 192.168.1.1
Add other options
nmap -v -sT -PN --spoof-mac MAC-ADDRESS-HERE 192.168.1.1
Use a random MAC address. The number 0, means nmap chooses a completely random MAC address
nmap -v -sT -PN --spoof-mac 0 192.168.1.1
Save output to a text file
nmap 192.168.1.1 > output.txt nmap -oN /tmp/filename 192.168.1.1 nmap -oN output.txt 192.168.1.1
Find host MAC address (can only be done on same LAN segment)
sudo nmap -sP -n 192.168.0.1 sudo nmap -sP -n 192.168.0.0/24
Recent Comments