๐Ÿ“„Nmap - CheatSheet

โœ… Basic Syntax

nmap [options] <target>

Examples of :

  • IP: 192.168.1.1

  • Hostname: example.com

  • Range: 192.168.1.1-50

  • Subnet: 192.168.1.0/24


๐ŸŸข Host Discovery

PurposeCommand
Ping sweep (live hosts)nmap -sn 192.168.1.0/24
Disable DNS resolutionnmap -n 192.168.1.1
Treat host as onlinenmap -Pn 192.168.1.1

๐Ÿšช Port Scanning

PurposeCommand
Default port scannmap 192.168.1.1
Scan all portsnmap -p- 192.168.1.1
Scan specific portsnmap -p 22,80,443 192.168.1.1
Top 1000 portsnmap --top-ports 1000 192.168.1.1

๐Ÿ” Scan Types

TypeCommand
TCP Connectnmap -sT 192.168.1.1
SYN (Stealth)nmap -sS 192.168.1.1
UDPnmap -sU 192.168.1.1
TCP + UDP Combonmap -sS -sU 192.168.1.1

๐Ÿ” Detection Features

PurposeCommand
Service version detectionnmap -sV 192.168.1.1
Operating system detectionnmap -O 192.168.1.1
Aggressive (all-in-one) scannmap -A 192.168.1.1

๐Ÿง  NSE (Nmap Scripting Engine)

TaskCommand
Default scriptsnmap -sC 192.168.1.1
Vulnerability scannmap --script vuln 192.168.1.1
Specific scriptnmap --script http-title 192.168.1.1
Multiple scripts (pattern)nmap --script "http*,ftp*" 192.168.1.1

๐Ÿ—‚๏ธ Output Formats

FormatCommand
Normalnmap -oN output.txt 192.168.1.1
XMLnmap -oX output.xml 192.168.1.1
Grepablenmap -oG output.gnmap 192.168.1.1
All formatsnmap -oA fullscan 192.168.1.1

โšก Performance & Timing

TaskCommand
Set timing (0 to 5)nmap -T4 192.168.1.1
Fast scan (top 100 ports)nmap -F 192.168.1.1
Set minimum packet ratenmap --min-rate 100

๐Ÿšซ Firewall Evasion

TaskCommand
Spoof MAC addressnmap --spoof-mac Apple 192.168.1.1
Packet fragmentationnmap -f 192.168.1.1
Decoy scannmap -D RND:10 192.168.1.1

๐ŸŽฏ Target List & Exclusion

TaskCommand
Scan targets from filenmap -iL targets.txt
Exclude specific IPnmap 192.168.1.0/24 --exclude 192.168.1.1

1
Subscribe to my newsletter

Read articles from Alpesh R Prajapati directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Alpesh R Prajapati
Alpesh R Prajapati