Show Menu
Cheatography

nmap cheatsheet Cheat Sheet by

Nmap CheatSheet

Basic Scanning with Nmap

Scan a single target
nmap [target]
Scan multiple targets
nmap [targe­t1,­tar­get­2,etc]
Scan a list of targets
nmap -iL [hackl­ist.txt]
Scan a range of hosts
nmap [range of IP addresses]
Scan an entire subnet
nmap [IP addres­s/cdir]
Scan random hosts
nmap -iR [number]
Excluding targets from a scan
nmap [targets] –exclude [targets]
Excluding targets using a list
nmap [targets] –exclu­defile [list.txt]
Perform an aggressive scan
nmap -A [target]
Scan an IPv6 target
nmap -6 [target]

Output Options

Save output to a text file
nmap -oN [scan.txt] [target]
Save output to a xml file
nmap -oX [scan.xml] [target]
Grepable output
nmap -oG [scan.txt] [target]
Output all supported file types
nmap -oA [path/­fil­ename] [target]
Period­ically display statistics
nmap –stats­-every [time] [target]
133t output
nmap -oS [scan.txt] [target]
 

Nmap Scripting Engine

Execute individual scripts
nmap –script [scrip­t.nse] [target]

Execute multiple scripts
nmap –script [expre­ssion] [target]

Execute scripts by category
nmap –script [cat] [target]

Execute multiple scripts categories
nmap –script [cat1,­cat2, etc]

Troubl­eshoot scripts
nmap –script [script] –scrip­t-trace [target]

Update the script database
nmap –scrip­t-u­pdatedb

Script categories
a
auth
default
discovery
external
intrusive
malware
safe
vuln

Version Detection with Nmap

Operating system detection
nmap -O [target]
Attempt to guess an unknown
nmap -O –ossca­n-guess [target]
Service version detection
nmap -sV [target]
Troubl­esh­ooting version scans
nmap -sV –versi­on-­trace [target]
Perform a RPC scan
nmap -sR [target]
 

Firewall Evasion Techniques with Nmap

Fragment packets
nmap -f [target]
Specify a specific MTU
nm ap –mtu [MTU] [target]
Use a decoy
nmap -D RND: [number] [target]
Idle zombie scan
nmap -sI [zombie] [target]
Manually specify a source port
nmap –sourc­e-port [port] [target]
Append random data
nmap –data-­length [size] [target]
Randomize target scan order
nmap –rando­miz­e-hosts [target]
Spoof MAC Address
nmap –spoof-mac [MAC|0­|ve­ndor] [target]
Send bad checksums
nmap –badsum [target]

Ndiff

Comparison using Ndiff
ndiff [scan1.xml] [scan2.xml]
Ndiff verbose mode
ndiff -v [scan1.xml] [scan2.xml]
XML output mode
ndiff –xml [scan1.xm] [scan2.xml]

About me

Name
netwrk­spider
website
Job Profile
Security Researcher & Developers
 

Nmap Discovery Options

Perform a ping scan only
nmap -sP [target]
Don’t ping
nmap -PN [target]
TCP SYN Ping
nmap -PS [target]
TCP ACK ping
nmap -PA [target]
UDP ping
nmap -PU [target]
SCTP Init Ping
nmap -PY [target]
ICMP echo ping
nmap -PE [target]
ICMP Timestamp ping
nmap -PP [target]
ICMP address mask ping
nmap -PM [target]
IP protocol ping
nmap -PO [target]
ARP ping
nmap -PR [target]
Traceroute
nmap –trace­route [target]
Force reverse DNS resolution
nmap -R [target]
Disable reverse DNS resolution
nmap -n [target]
Altern­ative DNS lookup
nmap –syste­m-dns [target]
Manually specify DNS servers
nmap –dns-s­ervers [servers] [target]
Create a host list
nmap -sL [targets]
       
 

Comments

For the version I'm using (nmap 7.0), ping scan changed from -sP to -sn

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Basic Mimikatz Usage Cheat Sheet