Nmap Cheatheet
nmap $1 -p- -sV -T 4 -sC -oN output.txt
nmap $1 -Pn -sV -T 4 -sC -oN output.txt
#or this if you want to dive deeper
nmap $1 -Pn -p- -sV -T 4 -sC -oN output.txt
Easy access Chetsheet
Base Synatax
nmap {Targets} [ScanType] [Options]
Target
| Purpose |
Example |
| 1 target |
nmap IP |
| scan multiple targets |
nmap IP1, IP2, IP3 |
| scan a list |
nmap -iL list.txt |
| scan CIDR range |
nmap 192.168.1.0/24 |
Ports
| Purpose |
Example |
| Scan top 1k popular ports |
nmap IP |
| Port range |
nmap -p x-y |
| Port list |
nmap -p x,y,z |
| linear portrange |
nmap -r x-y |
Probing
| Purpose |
Example |
| Don't probe |
nmap IP -Pn |
| Default probe |
nmap IP -PB |
| ICMP Echo Request |
nmap IP -PE |
| ICMP Timestamp Request |
nmap IP -PP |
| ICMP Network Request |
nmap IP -PM |
Scan Type
| Purpose |
Example |
| Probe only |
nmap IP -sn |
| SYN Scan |
nmap IP -sS |
| TCP Connect Scan |
nmap IP -sT |
| UDP Scan |
nmap IP -su |
| Version scan |
nmap IP -sV |
| OS Detection |
nmap IP -PM |
| Set TCP flags |
nmap IP --scanflags: x,y,z |
Timing Options
| Purpose |
Example |
| Paranoid |
nmap IP -T0 |
| Sneaky |
nmap IP -T1 |
| Polite |
nmap IP -T2 |
| Normal |
nmap IP -T3 |
| Aggressive |
nmap IP -T4 |
| Insane |
nmap IP -T5 |
Output Format