Open In App
Related Articles

Nmap Cheat Sheet

Like Article
Save Article
Report issue

Nmap (Network Mapper) is a free and open-source network detection and security scanning utility. Many network and system administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring server or service availability. Nmap uses raw IP packets in a novel way to determine the hosts available on the network, the services they offer (application name and version), and the operating systems they are running (and operating systems). version). It’s designed to scan large networks quickly but works well with a single host.

In this Nmap Cheat Sheet, You’ll learn all the basics to advanced like basic scanning techniques, discovery options in Nmap, Firewall evasion techniques, version detection, output options, scripting engines and more.

Nmap Cheat Sheet

Usage of Nmap

  • Auditing the security of a device or firewall by identifying the network connections that can be made to or through it.
  • In preparation for auditing, identify open ports on a target host.
  • Network inventory, network mapping, asset and maintenance management are all examples of network services.
  • Identifying additional servers to test the network’s security.
  • Creating network traffic, analysing responses, and measuring response time.
  • Used to Finding and exploiting vulnerabilities in a network.
  • DNS queries and subdomain search


nmap [<Scan Type>] [<Options>] {<target specification>}

NMAP Commands Cheat Sheet 2023

Basic Scanning Techniques

Nmap Query

Nmap Command

Scan a single target

nmap [target]

Scan multiple targets

nmap [target1,target2,etc]

Scan a list of targets

nmap -iL [list.txt]

Scan a range of hosts

nmap [range of IP addresses]

Scan an entire subnet

nmap [IP address/cdir]

Scan random hosts

nmap -iR [number]

Excluding targets from a scan

nmap [targets] –exclude [targets]

Excluding targets using a list

nmap [targets] –excludefile [list.txt]

Perform an aggressive scan

nmap -A [target]

Scan an IPv6 target

nmap -6 [target]

Discovery Options

Nmap Query

Nmap Command

Perform a ping scan onlynmap -sP [target]
Don’t pingnmap -PN [target]
TCP SYN Pingnmap -PS [target]
TCP ACK pingnmap -PA [target]
UDP pingnmap -PU [target]
SCTP Init Pingnmap -PY [target]
ICMP echo pingnmap -PE [target]
ICMP Timestamp pingnmap -PP [target]
ICMP address mask pingnmap -PM [target]
IP protocol pingnmap -PO [target]
ARP pingnmap -PR [target]
Traceroutenmap –traceroute [target]
Force reverse DNS resolutionnmap -R [target]
Disable reverse DNS resolutionnmap -n [target]
Alternative DNS lookupnmap –system-dns [target]
Manually specify DNS serversnmap –dns-servers [servers] [target]
Create a host listnmap -sL [targets]

Firewall Evasion Techniques

Nmap Query

Nmap Command

Fragment packets

nmap -f [target]

Specify a specific MTU

nmap –mtu [MTU] [target]

Use a decoy

nmap -D RND: [number] [target]
Idle zombie scannmap -sI [zombie] [target]
Manually specify a source portnmap –source-port [port] [target]
Append random datanmap –data-length [size] [target]
Randomize target scan ordernmap –randomize-hosts [target]
Spoof MAC Addressnmap –spoof-mac [MAC|0|vendor] [target]
Send bad checksumsnmap –badsum [target]

Version Detection

Nmap Query

Nmap Command

Operating system detectionnmap -O [target]
Attempt to guess an unknownnmap -O –osscan-guess [target]
Service version detectionnmap -sV [target]
Troubleshooting version scansnmap -sV –version-trace [target]
Perform a RPC scannmap -sR [target]

Output Options

Nmap Query

Nmap Command

Save output to a text filenmap -oN [scan.txt] [target]
Save output to a xml filenmap -oX [scan.xml] [target]
Grepable outputnmap -oG [scan.txt] [target]
Output all supported file typesnmap -oA [path/filename] [target]
Periodically display statisticsnmap –stats-every [time] [target]
133t outputnmap -oS [scan.txt] [target]

Scripting Engine

Nmap Query

Nmap Command

Execute individual scriptsnmap –script [script.nse] [target]
Execute multiple scriptsnmap –script [expression] [target]
Execute scripts by categorynmap –script [cat] [target]
Execute multiple scripts categoriesnmap –script [cat1,cat2, etc]
Troubleshoot scriptsnmap –script [script] –script-trace [target]
Update the script databasenmap –script-updatedb

Nmap Cheat Sheet – FAQs

1. What is Nmap, and why is it used?

Nmap is a free network scanning tool used to discover hosts and services on a network by analyzing responses to various packets and requests.

2. What is the Nmap command used for?

Nmap is a free network scanning application that analyses replies to various packets and requests to discover hosts and services on a network.

3. How do I scan an IP with Nmap?

A simple scan of a single IP address is as simple as: nmap <ip>

This will tell you whether the host is online and responding to pings, what ports are open, and what services are running on it. The cheat sheet above contains more sophisticated commands.

4 Is it OK to Nmap Google?

The long answer is that it is determined by your jurisdiction. The short answer is no, and you should not do it. Even if it isn’t illegal in your country, it will undoubtedly violate Google’s terms of service.

Last Updated : 06 Sep, 2023
Like Article
Save Article
Share your thoughts in the comments
Similar Reads