Welcome to my little nmap cheat sheet!
To learn more about nmap – check out my articles: Getting Started with nmap and Deeper Scanning with nmap and Even Deeper Scanning with nmap and Advanced nmap Scripting Engine.
There was no intent here to recreate the full nmap capabilities, that would have been a waste of your and my time.
Instead, I tried to create a good cheat sheet reference for common/helpful uses of nmap. Did I miss one or two that really belong here? Probably. Please comment below.
For Reference: Usage format: nmap [Scan Type(s)] [Options] {target specification}
For Reference: nmap help: nmap —help
Simple Basic Scan
nmap 192.168.1.1
Look for all devices on a subnet using ARP
nmap -sn 192.168.1.0/24
Use a PING scan
nmap -sP 192.168.1.1 or nmap -sP 192.168.1.* or nmap -sP 192.168.1.1-254 or nmap -sP 192.168.1.0/24
Looking for open ports and OS detection
nmap -sS -P0 -sV -O 192.168.1.1-127
- -sS TCP SYN scan
- -P0 Looking for IP Protocols by protocol number (ICMP=1, TCP=6, UDP=7, etc)
- -sV Probe open ports looking for version information
- -O Enable the OS detection
Don’t wait very long, fast timing
nmap -T5 192.168.1.0/24
OS and version detection
nmap -A 192.168.1.1
nmap -A 192.168.1.252
- -A OS detection, version detection, script scanning and traceroute
Aggressive and Faster Scanning
nmap -A -T4 192.168.1.1
- -A agressive (enables -O and -sV and -sC (script) and –traceroute
- -T4 faster timing
Look for the top 20 ports
nmap –top-ports 20 192.168.1.0/24
Looking for hosts with specific open port
nmap -sT -p3325 192.168.1.1-127
- -sT TCP Connect scan
- -p3325 Try on port 3325
Ducking for cover – a TCP SYN Scan with decoy source IP
nmap -sS 192.168.1.1-5 -D 192.168.1.98,192.168.1.99
- -sS TCP SYN scan
- -D {decoy IP addresses}