Nmap Cheat Sheet Tutorial

Nmap Cheat Sheet Tutorial

Nmap is a free, open-source tool for discovering hosts and services on a computer network by sending packets and analyzing the responses. Nmap includes features such as host discovery, service detection, and operating system detection that are useful for probing computer networks.

  • Nmap can give you more information about your targets, such as reverse DNS names, device types, and MAC addresses.
  • The process of locating hosts on a network is known as host discovery. List the hosts that, for example, respond to TCP and/or ICMP requests or have a specific port open.
  • Port scanning is the process of identifying all open ports on a target host.
  • OS detection is the process of determining the operating system and hardware characteristics of network devices.
  • Version detection is the process of interrogating network services on remote devices to determine the application name and version number.
  • You can interact with the target support in a scripted manner by using the Nmap Scripting Engine (NSE).

Also Read: How to Install Nmap on windows, linux, mac, android and Top Penetration testing tools for Kali Linux

The application of Nmap

  • To assess a device’s or firewall’s security, identify the network connections that can be made to or through it.
  • Identifying open ports on a target host as part of audit preparation.
  • Network inventory includes things like network inventory, network mapping, and asset and maintenance management.
  • To assess a network’s security, new servers must be identified.
  • For hosts on a network, traffic generation, response analysis, and response time measurement are all available.
  • A network’s vulnerabilities are discovered and exploited.
  • DNS requests and subdomain lookups

Also Read: How to install WIRESHARK on kali linux/ubuntu/debain and How to Install burp suite on linux/ubuntu

Commands for NMAP Cheat sheet

The following section explains how to use different NMAP commands based on their type, with examples such as –

Common Scanning Commands

GoalCommand  Example
Scan just a single target[Target]nmap-nnmap
Scan Multiple targets at a time[Taget1, Target2, Target3 etc.] nmapnmap
Scan a Collection of hostsnmap [range of ip addresses]nmap
Scan a Subnet in Its Entiretynmap [ip address/cdir]nmap
Scan a set of hosts randomlynmap -iR [number]nmap -iR
Leaving Targets Out of a Scannmap [targets] – exclude [targets]nmap –exclude,
Leaving Targets Out of a Scan using a listnmap [targets] – excludefile [list.txt]nmap –excludefile notargets.tx
Performing an aggressive scannmap -A [target]nmap -A 192.168.0.
Scanning IPv6 Targetnmap -6 [target]nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2af

Exploring Options

Conduct a Ping-Only Scan.nmap -sP [target]nmap -sP
Please don’t ping.nmap -PN [target]nmap -PN 192.168.0.
TCP SYN Pingnmap -PS [target]nmap -PS 192.168.0.
TCP ACK Pingnmap -PA [target]nmap -PA 192.168.0.
UDP Pingnmap -PU [target]nmap -PU 192.168.0.
SCTP Pingnmap -PY [target]nmap -PY 192.168.0.
ICMP Echo Pingnmap -PE [target]nmap -PE 192.168.0.
ICMP Timestamp Pingnmap -PP [target]nmap -PP 192.168.0.
CMP Address Mask Pingnmap -PM [target]nmap -PM 192.168.0.
IP Protocol Pingnmap -PO [target]nmap -PO  

Options for Advanced Scanning

ARP Pingnmap -PR targetnmap -PR
Traceroutnmap –traceroute [target]nmap –traceroute
Force Reverse DNS Resolutionnmap -R [target]nmap -R
Disabling Reverse DNS Resolutionnmap -n [target]nmap -n
The Alternative DNS Lookupnmap –system-dns [target]nmap –system-dns
The Manually Specify DNS Server(s)nmap –dns-servers [servers] [target]nmap –dns-servers
Create a Host Listnmap -sL [targets]nmap -sL

Options for Port Scanning

Perform a quick scannmap -F [target]nmap -F
Examine Particular Portsnmap -p [port(s)] [target]nmap -p 21-25,80,139,8080
Examine Ports by Namenmap -p [port name(s)] [target]nmap -p ftp,http*
Examine Ports by Protocolnmap -sU -sT -p U: [ports],T:[ports] [target]nmap -sU -sT -p U:53,111,137,T:21- 25,80,139,8080 192. 168.0.1
Examine all Portsnmap -p ‘*’ [target]nmap -p ‘*’ 192.168.0.
Examine Top Portsnmap –top-ports [number] [target]nmap –top-ports 10 192.168.0.
Scan Ports in Sequential Ordernmap -r [target]nmap -r 192.168.0.

Detecting Versions

Detecting Operating Systemnmap -O [target]nmap -O
Attempting to Guess an Unknown OSnmap -O –osscan guess [target]nmap -O –osscan-guess
Detecting Service Versionnmap -sV [target]nmap -sV
Examining troubleshooting versionsnmap -sV –version trace [target]nmap -sV –version-trace
Performing a RPC Scannmap -sR [target]nmap -sR

Techniques for Getting Through Firewalls

Boost Packetsnmap -f [target]nmap -f
pacify a particular MTUnmap –mtu [MTU] [target]nmap –mtu 32 192.168.0
Use Decoynmap -D RND:[number] [target]nmap -D RND:10
The Zombie Scannmap -sI [zombie] [target]nmap -sI
Specify a Source Port Manuallynmap –source-port [port] [target]nmap –source-port 10
Include Random Datanmap –data-length [size] [target]nmap –data-length [size] [target]
Randomize Target Scanning Ordernmap –randomize-hosts [target]nmap –randomize-ho
Spoof MAC’s addressnmap –spoof-mac [MAC|0|vendor] [target]nmap –spoof-mac Cis
Sending Invalid Checksumnmap –badsum [target]nmap –badsum



No comments yet. Why don’t you start the discussion?

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.