Useful Nmap commands:

Quick Ping Sweep(Single Host, Mulitple Hosts, Range, CIDR/*:

nmap -sP [Target IP] nmap -sP [Target1 IP] [Target2 IP] nmap -sP [Target Range] nmap -sP [Target Subnet/CIDR] or nmap -sP [Target Subnet *]

Check for a specific port(Check port on TCP/UDP):

nmap -p [Target Port] [Target IP] nmap -p T:[TCP Port] [Target IP] nmap -p U:[UDP Port] [Target IP]

Check for common ports(1-1024) / Scan a number of Top ports:

nmap [Target IP] nmap –top-ports 10 [Target IP]

Fast port scan only:

nmap -F [Target IP]

Increased verbosity:

nmap -v [Target IP] nmap -vv [Target IP]

Only Scan for TCP ports / Scan for only UDP ports / Attempt to identify service version:

nmap -sT [Target IP] sudo nmap -sU [Target IP] nmap -sV [Target IP]

Do OS detection:

nmap -O [Target IP]

Use a list / Exclude from list:

nmap -iL [/dir/targets.txt] nmap -iL [/dir/targets.txt] –exclude [Target IP]

IDS/IPS/Firwall Evasion with SYN Scan and FIN Scan / Don’t Ping!:

nmap -sS [Target IP] nmap -sF [Target IP] nmap [Target IP] -PN

Give a reason for detection or block:

nmap [Target IP] --reason

Stateful Device (Firwall/IDS/IPS) detection with an ACK scan/Null scan/Xmas Scan:

nmap -sA [Target IP] nmap -sN [Target IP] nmap -sX [Target IP]

Fragment Packets (More evasion):

nmap -f [Target IP]

Scan IPv6 host:

nmap -6 [Target IPv6]

Don’t Resolve DNS:

nmap -n [Target IP]

Decoy Scan(Add more IPs to throw off detectors):

nmap -D[Decoy IP1, Decoy IP2, Decoy IP3] [Target IP]

Different nmap Timings (Speed up or Slow down your scan):

nmap -T5 [Target IP]nmap -T0 [Target IP]

Saving nmap Output(normal / grepable / XML):

nmap -oN [/path/filename.txt] [Target IP]
nmap -oG [/path/filename] [Target IP] nmap -oX [/path/filename.xml] [Target IP]

Nmap Scripting Engine:

Execute Individual Scripts
nmap --script [script.nse] [target]

Execute Multiple Scripts
nmap --script [expression] [target]

Script Categories
all, auth, default, discovery, external, intrusive, malware, safe, vuln

Execute Scripts by Category
nmap --script [category] [target]

Execute Multiple Script Categories
nmap --script [category1,category2,etc]

IP-Geo Locate with nmap:

nmap --script ip-geolocation-* [Target IP]

Vuln Scanner:

nmap --script vuln [Target IP]