Nmap Cheat Sheet Tutorial

Nmap is a free, open-source tool for discovering hosts and services on a computer network by sending packets and analyzing the responses. Nmap includes features such as host discovery, service detection, and operating system detection that are useful for probing computer networks.

  • Nmap can give you more information about your targets, such as reverse DNS names, device types, and MAC addresses.
  • The process of locating hosts on a network is known as host discovery. List the hosts that, for example, respond to TCP and/or ICMP requests or have a specific port open.
  • Port scanning is the process of identifying all open ports on a target host.
  • OS detection is the process of determining the operating system and hardware characteristics of network devices.
  • Version detection is the process of interrogating network services on remote devices to determine the application name and version number.
  • You can interact with the target support in a scripted manner by using the Nmap Scripting Engine (NSE).

Also Read: How to Install Nmap on windows, linux, mac, android and Top Penetration testing tools for Kali Linux

The application of Nmap

  • To assess a device’s or firewall’s security, identify the network connections that can be made to or through it.
  • Identifying open ports on a target host as part of audit preparation.
  • Network inventory includes things like network inventory, network mapping, and asset and maintenance management.
  • To assess a network’s security, new servers must be identified.
  • For hosts on a network, traffic generation, response analysis, and response time measurement are all available.
  • A network’s vulnerabilities are discovered and exploited.
  • DNS requests and subdomain lookups

Also Read: How to install WIRESHARK on kali linux/ubuntu/debain and How to Install burp suite on linux/ubuntu

Commands for NMAP Cheat sheet

The following section explains how to use different NMAP commands based on their type, with examples such as –

Common Scanning Commands

GoalCommand  Example
Scan just a single target[Target]nmap-nnmap
Scan Multiple targets at a time[Taget1, Target2, Target3 etc.] nmapnmap
Scan a Collection of hostsnmap [range of ip addresses]nmap
Scan a Subnet in Its Entiretynmap [ip address/cdir]nmap
Scan a set of hosts randomlynmap -iR [number]nmap -iR
Leaving Targets Out of a Scannmap [targets] – exclude [targets]nmap –exclude,
Leaving Targets Out of a Scan using a listnmap [targets] – excludefile [list.txt]nmap –excludefile notargets.tx
Performing an aggressive scannmap -A [target]nmap -A 192.168.0.
Scanning IPv6 Targetnmap -6 [target]nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2af

Exploring Options

Conduct a Ping-Only Scan.nmap -sP [target]nmap -sP
Please don’t ping.nmap -PN [target]nmap -PN 192.168.0.
TCP SYN Pingnmap -PS [target]nmap -PS 192.168.0.
TCP ACK Pingnmap -PA [target]nmap -PA 192.168.0.
UDP Pingnmap -PU [target]nmap -PU 192.168.0.
SCTP Pingnmap -PY [target]nmap -PY 192.168.0.
ICMP Echo Pingnmap -PE [target]nmap -PE 192.168.0.
ICMP Timestamp Pingnmap -PP [target]nmap -PP 192.168.0.
CMP Address Mask Pingnmap -PM [target]nmap -PM 192.168.0.
IP Protocol Pingnmap -PO [target]nmap -PO  

Options for Advanced Scanning

ARP Pingnmap -PR targetnmap -PR
Traceroutnmap –traceroute [target]nmap –traceroute
Force Reverse DNS Resolutionnmap -R [target]nmap -R
Disabling Reverse DNS Resolutionnmap -n [target]nmap -n
The Alternative DNS Lookupnmap –system-dns [target]nmap –system-dns
The Manually Specify DNS Server(s)nmap –dns-servers [servers] [target]nmap –dns-servers
Create a Host Listnmap -sL [targets]nmap -sL

Options for Port Scanning

Perform a quick scannmap -F [target]nmap -F
Examine Particular Portsnmap -p [port(s)] [target]nmap -p 21-25,80,139,8080
Examine Ports by Namenmap -p [port name(s)] [target]nmap -p ftp,http*
Examine Ports by Protocolnmap -sU -sT -p U: [ports],T:[ports] [target]nmap -sU -sT -p U:53,111,137,T:21- 25,80,139,8080 192. 168.0.1
Examine all Portsnmap -p ‘*’ [target]nmap -p ‘*’ 192.168.0.
Examine Top Portsnmap –top-ports [number] [target]nmap –top-ports 10 192.168.0.
Scan Ports in Sequential Ordernmap -r [target]nmap -r 192.168.0.

Detecting Versions

Detecting Operating Systemnmap -O [target]nmap -O
Attempting to Guess an Unknown OSnmap -O –osscan guess [target]nmap -O –osscan-guess
Detecting Service Versionnmap -sV [target]nmap -sV
Examining troubleshooting versionsnmap -sV –version trace [target]nmap -sV –version-trace
Performing a RPC Scannmap -sR [target]nmap -sR

Techniques for Getting Through Firewalls

Boost Packetsnmap -f [target]nmap -f
pacify a particular MTUnmap –mtu [MTU] [target]nmap –mtu 32 192.168.0
Use Decoynmap -D RND:[number] [target]nmap -D RND:10
The Zombie Scannmap -sI [zombie] [target]nmap -sI
Specify a Source Port Manuallynmap –source-port [port] [target]nmap –source-port 10
Include Random Datanmap –data-length [size] [target]nmap –data-length [size] [target]
Randomize Target Scanning Ordernmap –randomize-hosts [target]nmap –randomize-ho
Spoof MAC’s addressnmap –spoof-mac [MAC|0|vendor] [target]nmap –spoof-mac Cis
Sending Invalid Checksumnmap –badsum [target]nmap –badsum


Ovais Mirza

Ovais Mirza, a seasoned professional blogger, delves into an intriguing blend of subjects with finesse. With a passion for gaming, he navigates virtual realms, unraveling intricacies and sharing insights. His exploration extends to the realm of hacking, where he navigates the fine line between ethical and malicious hacking, offering readers a nuanced perspective. Ovais also demystifies the realm of AI, unraveling its potential and societal impacts. Surprisingly diverse, he sheds light on car donation, intertwining technology and philanthropy. Through his articulate prose, Ovais Mirza captivates audiences, fostering an intellectual journey through gaming, hacking, AI, and charitable endeavors.

Disclaimer: The articles has been written for educational purpose only. We don’t encourage hacking or cracking. In fact we are here discussing the ways that hackers are using to hack our digital assets. If we know, what methods they are using to hack, we are in very well position to secure us. It is therefore at the end of the article we also mention the prevention measures to secure us.

Leave a Comment