🧠 Nmap Cheat Sheet
🔍 Basic Scanning
| Command | Description |
|---|---|
nmap <target> | Default scan (no options) |
nmap -p 80 <target> | Scan specific port |
nmap -p 1-65535 <target> | Full port scan |
nmap -F <target> | Fast scan (predefined top ports) |
nmap -v <target> | Verbose output |
🕵️ Service & Version Detection
| Command | Description |
|---|---|
nmap -sV <target> | Detect service versions |
nmap -p 80,443 -sV <target> | Service/version scan on specific ports |
📦 OS & Host Discovery
| Command | Description |
|---|---|
nmap -O <target> | OS detection |
nmap -Pn <target> | Skip host discovery (treat hosts as up) |
nmap -sn <target> | Ping scan (host discovery only) |
nmap -PS/PA/PU/PY <target> | TCP SYN/ACK, UDP, SCTP discovery |
nmap --traceroute <target> | Trace network path |
💣 Aggressive & All-In-One Scans
| Command | Description |
|---|---|
nmap -A <target> | Aggressive scan (OS, version, script, traceroute) |
nmap -T4 -A <target> | Aggressive scan with faster timing |
nmap -p- -A <target> | Aggressive full port scan |
🔍 Output Formatting
| Command | Description |
|---|---|
nmap -oN output.txt <target> | Normal output |
nmap -oX output.xml <target> | XML format |
nmap -oG output.gnmap <target> | Grepable format |
nmap -oA allformats <target> | Output in all formats (adds .nmap, .xml, .gnmap) |
🧬 Scripting (NSE)
| Command | Description |
|---|---|
nmap --script default <target> | Run default scripts |
nmap --script vuln <target> | Run known vulnerability scripts |
nmap --script-help <script> | Get script info |
nmap -p 80 --script=http-enum <target> | Run specific HTTP script on port 80 |
🛡 Firewall & Evasion Techniques
| Command | Description |
|---|---|
nmap -f <target> | Fragment packets |
nmap --data-length 200 <target> | Add random payload data |
nmap -D RND:10 <target> | Decoy scan with 10 random IPs |
nmap --source-port 53 <target> | Spoof source port (e.g., DNS) |
nmap -S <spoofed IP> <target> | Spoof your IP (requires configuration) |