Nmap Cheat Sheet


nmap cheat sheet

Here are simple nmap commands that will make your penetration testing easier.

Nmap is a free and open-source network scanner. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap provides a number of features for probing Computer Networks, including Host Discovery and Services and Operating System detection.

Nmap Target Selection

Scan a single IP – nmap
Scan a host – nmap www.testhostname.com
Scan a range of IPs – nmap
Scan a subnet – nmap
Scan targets from a text file – nmap -iL list-of-ips.txt

Nmap Port Selection

Scan a single Port – nmap -p 22
Scan a range of ports – nmap -p 1-100
Scan 100 most common ports (Fast) – nmap -F
Scan all 65535 ports – nmap -p-

Nmap Port Scan types

Scan using TCP connect – nmap -sT
Scan using TCP SYN scan (default) – nmap -sS
Scan UDP ports – nmap -sU -p 123,161,162
Scan selected ports – ignore discovery – nmap -Pn -F

Service and OS Detection

Detect OS and Services – nmap -A
Standard service detection – nmap -sV
More aggressive Service Detection – nmap -sV –version-intensity 5
Lighter banner grabbing detection – nmap -sV –version-intensity 0

Nmap Output Formats

Save default output to file – nmap -oN outputfile.txt
Save results as XML – nmap -oX outputfile.xml
Save results in a format for grep – nmap -oG outputfile.txt
Save in all formats – nmap -oA outputfile

Digging deeper with NSE Scripts

Scan using default safe scripts – nmap -sV -sC
Get help for a script – nmap –script-help=ssl-heartbleed
Scan using a specific NSE script – nmap -sV -p 443 –script=ssl-heartbleed.nse
Scan with a set of scripts – nmap -sV –script=smb*

Scan for UDP DDOS reflectors

nmap –sU –A –PN –n –pU:19,53,123,161 –script=ntp-monlist,dns-recursion,snmp-sysdescr

HTTP Service Information

nmap –script=http-title
Get HTTP headers of web services – nmap –script=http-headers
Find web apps from known paths – nmap –script=http-enum

Detect Heartbleed SSL

nmap -sV -p 443 –script=ssl-heartbleed

IP Address information

nmap –script=asn-query,whois,ip-geolocation-maxmind
error: Content is protected !!

Our training courses are designed to help businesses develop the workforce with the vital skills any organization requires.

The #1 cyber security and data science training provider in Africa.

Our Courses


Sign up to our newsletter