Simple Scanning

Fastest scan ever

nmap -T5

Scan a single ip address


Scan a host name

nmap server.domain.com

Scan a host name with more info

nmap -v server.domain.com

Scan multiple ip addresses

nmap nmap nmap,2,3 nmap nmap 10.0.0.*

Scan hosts from file

nmap -iL /tmp/test.txt

Scan and exclude networks

nmap –exclude nmap –exclude, nmap -iL /tmp/scanlist.txt –excludefile /tmp/exclude.txt

With OS detection

nmap -A nmap -v -A nmap -A -iL /tmp/scanlist.txt

Detect OS

nmap -O nmap -O –osscan-guess nmap -v -O –osscan-guess

Detect remote services

nmap -sV

Scan hosts and find out if protected by firewall

nmap -sA nmap -sA server.domain.com

Scan hosts when protected behind firewall

nmap -PN nmap -PN server.domain.com

Scan IPv6 hosts

nmap -6 IPv6-Address-Here nmap -6 server.domain.com nmap -6 2607:f0d0:1002:51::4 nmap -v A -6 2607:f0d0:1002:51::4

Host discovery with ping scan

nmap -sP

Fast scan

nmap -F

Show reason the state of the port is in

nmap –reason nmap –reason server.domain.com

Show only open ports

nmap –open nmap –open server.domain.com

Show packet traces

nmap –packet-trace nmap –packet-trace server.domain.com

Show the routes of all networks and interfaces

nmap –iflist

Scan specific ports

nmap -p 80 nmap -p T:80 nmap -p U:53 nmap -p 80,443 nmap -p 80-200 nmap -p U:53,111,137,T:21-25,80,139,8080 nmap -p U:53,111,137,T:21-25,80,139,8080 server.domain.com nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 nmap -p “*” nmap –top-ports 5 nmap –top-ports 10

If firewall is blocking ICMP pings

nmap -PS nmap -PS 80,21,443 nmap -PA nmap -PA 80,21,200-512

Scan with protocol ping

nmap -PO

Scan for IP protocol

nmap -sO

Scan for firewall weakness

null scan

nmap -sN


nmap -sF


nmap -sX

scan with frag packets

nmap -f nmap -f firewall.domain.com nmap -f 15 firewall.domain.com nmap –mtu 32

scan with other hosts to throw off IDS

nmap -n -Dfake-ip1,fake-ip2,your-own-ip,fake-ip3,fake-ip4 target.server.com nmap -n -D10.0.0.5,,,

scan with mac spoofing

nmap –spoof-mac MAC-ADDRESS-HERE nmap -v -sT -PN –spoof-mac MAC-ADDRESS-HERE nmap -v -sT -PN –spoof-mac 0

save output to file

nmap > output.txt nmap -oN /path/to/filename nmap -oN output.txt

comments powered by Disqus