LinuxCommandLibrary

nmap

Scan network for open ports and services

TLDR

Scan the top 1000 ports of a remote host with various [v]erbosity levels

$ nmap -v[1|2|3] [ip_or_hostname]
copy

Run a ping sweep over an entire subnet or individual hosts very aggressively
$ nmap -T5 -sn [192.168.0.0/24|ip_or_hostname1,ip_or_hostname2,...]
copy

Enable OS detection, version detection, script scanning, and traceroute of hosts from a file
$ sudo nmap -A -iL [path/to/file.txt]
copy

Scan a specific list of ports (use -p- for all ports from 1 to 65535)
$ nmap -p [port1,port2,...] [ip_or_host1,ip_or_host2,...]
copy

Perform service and version detection of the top 1000 ports using default NSE scripts, writing results (-oA) to output files
$ nmap -sC -sV -oA [top-1000-ports] [ip_or_host1,ip_or_host2,...]
copy

Scan target(s) carefully using default and safe NSE scripts
$ nmap --script "default and safe" [ip_or_host1,ip_or_host2,...]
copy

Scan for web servers running on standard ports 80 and 443 using all available http-* NSE scripts
$ nmap --script "http-*" [ip_or_host1,ip_or_host2,...] -p 80,443
copy

Attempt evading IDS/IPS detection by using an extremely slow scan (-T0), decoy source addresses (-D), [f]ragmented packets, random data and other methods
$ sudo nmap -T0 -D [decoy_ip1,decoy_ip2,...] --source-port [53] -f --data-length [16] -Pn [ip_or_host]
copy

SYNOPSIS

nmap [Scan Type(s)] [Options] {target specification}

PARAMETERS

-iL
    Input from list. Scan targets from a list of hosts/networks.

-iR
    Choose random targets. Scans a number of randomly chosen hosts.

-sS/sT/sA/sW/sM
    TCP SYN/Connect()/ACK/Window/Maimon scans.

-sU
    UDP Scan.

-sN/sF/sX
    TCP Null, FIN, and Xmas scans.

-sV
    Version detection. Determines service and software version.

-O
    Enable operating system detection.

-p
    Only scan specified ports. E.g. -p22; -p1-65535; -p U:53,111,T:21-25,80,139,8080

-F
    Fast mode. Scan fewer ports than the default scan.

-T<0-5>
    Set timing template (higher is faster). 0 is paranoid, 5 is insane.

-A
    Aggressive scan mode. Enables OS detection, version detection, script scanning, and traceroute.

-v
    Increase verbosity level. (use -vv or more for greater effect)

-oN
    Output scan in normal format to the given filename.

-oX
    Output scan in XML format to the given filename.

--script=