Security
nmap CLI
nmap commands for network scanning and security auditing.
34 commands
Windows
MacOS
Linux
#network-scanning
#audit
Basic Scans
Scan default ports on a single host
nmap 192.168.1.1
Scan an entire subnet
nmap 192.168.1.0/24
Ping sweep without port scanning
nmap -sn 192.168.1.0/24
Scan multiple specific hosts
nmap 192.168.1.1 192.168.1.2
Scan hosts from an input file
nmap -iL targets.txt
Port Scanning
Scan specific ports only
nmap -p 80,443 192.168.1.1
Scan a range of ports
nmap -p 1-1024 192.168.1.1
Scan all 65535 ports
nmap -p- 192.168.1.1
Scan UDP ports
nmap -sU -p 53,161 192.168.1.1
Scan the 100 most common ports
nmap --top-ports 100 192.168.1.1
TCP connect scan
nmap -sT 192.168.1.1
TCP SYN stealth scan
nmap -sS 192.168.1.1
OS Detection
Enable OS detection
nmap -O 192.168.1.1
Aggressive scan with OS and version detection
nmap -A 192.168.1.1
Detect service versions on open ports
nmap -sV 192.168.1.1
Increase version detection intensity
nmap -sV --version-intensity 5 192.168.1.1
Script Scanning
Run a specific NSE script
nmap --script=http-title 192.168.1.1
Run vulnerability detection scripts
nmap --script=vuln 192.168.1.1
Enumerate SSL ciphers
nmap --script=ssl-enum-ciphers -p 443 192.168.1.1
Run all default category scripts
nmap --script=default 192.168.1.1
Grab service banners from open ports
nmap --script=banner 192.168.1.1
Output Formats
Save output in normal text format
nmap -oN scan.txt 192.168.1.1
Save output in XML format
nmap -oX scan.xml 192.168.1.1
Save output in grepable format
nmap -oG scan.gnmap 192.168.1.1
Save in all three formats at once
nmap -oA scan_results 192.168.1.1
Advanced
Faster scan with aggressive timing
nmap -T4 192.168.1.0/24
Slow sneaky scan to avoid detection
nmap -T1 192.168.1.1
Use decoy addresses to mask scan source
nmap -D RND:10 192.168.1.1
Spoof a random MAC address
nmap --spoof-mac 0 192.168.1.1
Fragment packets to evade firewalls
nmap -f 192.168.1.1
Scan an IPv6 address
nmap -6 ::1
Quick Commands
Discover live hosts on a subnet without port scanning
nmap -sn 192.168.1.0/24
Aggressive scan with OS and service detection
nmap -A 192.168.1.1
Scan all 65535 TCP ports on a host
nmap -p- 192.168.1.1