Open In App

Nmap Cheat Sheet

Last Updated : 06 Sep, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

Nmap (Network Mapper) is a free and open-source network detection and security scanning utility. Many network and system administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring server or service availability. Nmap uses raw IP packets in a novel way to determine the hosts available on the network, the services they offer (application name and version), and the operating systems they are running (and operating systems). version). It’s designed to scan large networks quickly but works well with a single host.

In this Nmap Cheat Sheet, You’ll learn all the basics to advanced like basic scanning techniques, discovery options in Nmap, Firewall evasion techniques, version detection, output options, scripting engines and more.

Nmap Cheat Sheet

Usage of Nmap

  • Auditing the security of a device or firewall by identifying the network connections that can be made to or through it.
  • In preparation for auditing, identify open ports on a target host.
  • Network inventory, network mapping, asset and maintenance management are all examples of network services.
  • Identifying additional servers to test the network’s security.
  • Creating network traffic, analysing responses, and measuring response time.
  • Used to Finding and exploiting vulnerabilities in a network.
  • DNS queries and subdomain search

Usage:

nmap [<Scan Type>] [<Options>] {<target specification>}

NMAP Commands Cheat Sheet 2023

Basic Scanning Techniques

Nmap Query

Nmap Command

Scan a single target

nmap [target]

Scan multiple targets

nmap [target1,target2,etc]

Scan a list of targets

nmap -iL [list.txt]

Scan a range of hosts

nmap [range of IP addresses]

Scan an entire subnet

nmap [IP address/cdir]

Scan random hosts

nmap -iR [number]

Excluding targets from a scan

nmap [targets] –exclude [targets]

Excluding targets using a list

nmap [targets] –excludefile [list.txt]

Perform an aggressive scan

nmap -A [target]

Scan an IPv6 target

nmap -6 [target]

Discovery Options

Nmap Query

Nmap Command
Perform a ping scan only nmap -sP [target]
Don’t ping nmap -PN [target]
TCP SYN Ping nmap -PS [target]
TCP ACK ping nmap -PA [target]
UDP ping nmap -PU [target]
SCTP Init Ping nmap -PY [target]
ICMP echo ping nmap -PE [target]
ICMP Timestamp ping nmap -PP [target]
ICMP address mask ping nmap -PM [target]
IP protocol ping nmap -PO [target]
ARP ping nmap -PR [target]
Traceroute nmap –traceroute [target]
Force reverse DNS resolution nmap -R [target]
Disable reverse DNS resolution nmap -n [target]
Alternative DNS lookup nmap –system-dns [target]
Manually specify DNS servers nmap –dns-servers [servers] [target]
Create a host list nmap -sL [targets]

Firewall Evasion Techniques

Nmap Query

Nmap Command

Fragment packets

 nmap -f [target]

Specify a specific MTU

 nmap –mtu [MTU] [target]

Use a decoy

 nmap -D RND: [number] [target]
Idle zombie scan nmap -sI [zombie] [target]
Manually specify a source port nmap –source-port [port] [target]
Append random data nmap –data-length [size] [target]
Randomize target scan order nmap –randomize-hosts [target]
Spoof MAC Address nmap –spoof-mac [MAC|0|vendor] [target]
Send bad checksums nmap –badsum [target]

Version Detection

Nmap Query

Nmap Command
Operating system detection nmap -O [target]
Attempt to guess an unknown nmap -O –osscan-guess [target]
Service version detection nmap -sV [target]
Troubleshooting version scans nmap -sV –version-trace [target]
Perform a RPC scan nmap -sR [target]

Output Options

Nmap Query

Nmap Command
Save output to a text file nmap -oN [scan.txt] [target]
Save output to a xml file nmap -oX [scan.xml] [target]
Grepable output nmap -oG [scan.txt] [target]
Output all supported file types nmap -oA [path/filename] [target]
Periodically display statistics nmap –stats-every [time] [target]
133t output nmap -oS [scan.txt] [target]

Scripting Engine

Nmap Query

Nmap Command
Execute individual scripts nmap –script [script.nse] [target]
Execute multiple scripts nmap –script [expression] [target]
Execute scripts by category nmap –script [cat] [target]
Execute multiple scripts categories nmap –script [cat1,cat2, etc]
Troubleshoot scripts nmap –script [script] –script-trace [target]
Update the script database nmap –script-updatedb

Nmap Cheat Sheet – FAQs

1. What is Nmap, and why is it used?

Nmap is a free network scanning tool used to discover hosts and services on a network by analyzing responses to various packets and requests.

2. What is the Nmap command used for?

Nmap is a free network scanning application that analyses replies to various packets and requests to discover hosts and services on a network.

3. How do I scan an IP with Nmap?

A simple scan of a single IP address is as simple as: nmap <ip>

This will tell you whether the host is online and responding to pings, what ports are open, and what services are running on it. The cheat sheet above contains more sophisticated commands.

4 Is it OK to Nmap Google?

The long answer is that it is determined by your jurisdiction. The short answer is no, and you should not do it. Even if it isn’t illegal in your country, it will undoubtedly violate Google’s terms of service.



Like Article
Suggest improvement
Previous
CCNA Cheatsheet
Next
Ethical Hacking Cheatsheet
Share your thoughts in the comments

Similar Reads

SQL Injection Cheat Sheet
Port Scanning Techniques By Using Nmap

R
ritikshrivas
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox