Nmap Cheat Sheet

1. Nmap Basic Scanning

• Version Detection, default scan

nmap -sV [host]

• SYN Stealth Scan

  nmap -sS [host]

• UDP Scan

  nmap -sU [host]

• TCP Connect() Scan

  nmap -sT [host]

• TCP Null Scan

  nmap -sN [host]

• TCP FIN Scan

  nmap -sF [host]

2. Nmap Host Discovery

• List Scan - Discover targets by querying DNS or the targets in a network

  nmap -sL [host/network]

• Ping Scan - Determine if hosts are alive

  nmap -sn [host/network]

• Skip host discovery

  nmap -Pn [host/network]

3. Nmap Port Scanning

• Script Scan - Execute default nmap scripts

  nmap -sC [host]

• Scan specific ports

  nmap -p [ports] [host]

• Fast Scan - Scan for the most commonly used ports

  nmap -F [host]

4. Nmap Advertising Scanning

• Output scan in all formats

  nmap -oA [filename] [host]

• Probe Operating System fingerprints

  nmap -O [host]

• Trace host hops

  nmap [host] --traceroute

5. Nmap Version Detection

• Show versions of services and OS

  nmap -sV [host]

• Advanced Scan - OS and service version and script scanning

  nmap -A [host]

• Execute a custom script

  nmap --script [name] [host]

6. Nmap Timing Options

• Timing for scans

  nmap -T[0-5] [host]

7. Nmap Firewall/IDS Evasion

• Changes source MAC address

  nmap --spoof-mac [address]

• Decoy Scan - Appear to scan from multiple hosts

  nmap -D RND:10 [host]

• Fragmented Packets - Fragment Packets

  nmap -f

• Skip host discovery

  nmap -Pn [host]

• Append random data to packet

  nmap --data-length [length]