Nmap Cheat Sheet
Nmap network scanning commands reference
Nmap Cheat Sheet
Quick reference guide for Nmap network scanning commands. Click the copy button to copy any command.
81
Total Commands
81
Filtered Results
Basic Scanning
| Command | Copy | Description |
|---|---|---|
nmap <target> | Basic port scan | |
nmap 192.168.1.1 | Scan single IP | |
nmap 192.168.1.0/24 | Scan subnet (CIDR) | |
nmap 192.168.1.1-20 | Scan IP range | |
nmap scanme.nmap.org | Scan hostname | |
nmap -iL targets.txt | Scan targets from file |
Scan Types
| Command | Copy | Description |
|---|---|---|
nmap -sS <target> | TCP SYN scan (stealth) | |
nmap -sT <target> | TCP connect scan | |
nmap -sU <target> | UDP scan | |
nmap -sA <target> | TCP ACK scan | |
nmap -sW <target> | TCP Window scan | |
nmap -sM <target> | TCP Maimon scan | |
nmap -sN <target> | TCP Null scan | |
nmap -sF <target> | TCP FIN scan | |
nmap -sX <target> | TCP Xmas scan | |
nmap -sV <target> | Version detection scan | |
nmap -O <target> | OS detection | |
nmap -A <target> | Aggressive scan (OS, version, scripts) |
Port Specification
| Command | Copy | Description |
|---|---|---|
nmap -p 80 <target> | Scan specific port | |
nmap -p 80,443 <target> | Scan multiple ports | |
nmap -p 1-100 <target> | Scan port range | |
nmap -p- <target> | Scan all 65535 ports | |
nmap -p http,https <target> | Scan by service name | |
nmap --top-ports 100 <target> | Scan top 100 ports | |
nmap -F <target> | Fast scan (100 common ports) |
Host Discovery
| Command | Copy | Description |
|---|---|---|
nmap -sn <target> | Ping scan (no port scan) | |
nmap -Pn <target> | Skip host discovery | |
nmap -PS <target> | TCP SYN ping | |
nmap -PA <target> | TCP ACK ping | |
nmap -PU <target> | UDP ping | |
nmap -PR <target> | ARP ping | |
nmap -PE <target> | ICMP echo ping |
Timing and Performance
| Command | Copy | Description |
|---|---|---|
nmap -T0 <target> | Paranoid timing (slowest) | |
nmap -T1 <target> | Sneaky timing | |
nmap -T2 <target> | Polite timing | |
nmap -T3 <target> | Normal timing (default) | |
nmap -T4 <target> | Aggressive timing | |
nmap -T5 <target> | Insane timing (fastest) | |
nmap --min-rate 100 <target> | Minimum packet rate | |
nmap --max-rate 100 <target> | Maximum packet rate |
Output Options
| Command | Copy | Description |
|---|---|---|
nmap -oN output.txt <target> | Normal output to file | |
nmap -oX output.xml <target> | XML output to file | |
nmap -oG output.gnmap <target> | Grepable output | |
nmap -oA output <target> | All output formats | |
nmap -v <target> | Verbose output | |
nmap -vv <target> | Very verbose output | |
nmap -d <target> | Debug output |
NSE Scripts
| Command | Copy | Description |
|---|---|---|
nmap -sC <target> | Run default NSE scripts | |
nmap --script=<script> <target> | Run specific script | |
nmap --script=vuln <target> | Run vulnerability scripts | |
nmap --script=exploit <target> | Run exploit scripts | |
nmap --script=auth <target> | Run authentication scripts | |
nmap --script=brute <target> | Run brute force scripts | |
nmap --script=discovery <target> | Run discovery scripts | |
nmap --script=dos <target> | Run DoS scripts | |
nmap --script=safe <target> | Run safe scripts | |
nmap --script-args=<args> <target> | Pass arguments to script | |
nmap --script-help=<script> | Get script help |
Firewall/IDS Evasion
| Command | Copy | Description |
|---|---|---|
nmap -f <target> | Fragment packets | |
nmap -D RND:10 <target> | Use decoy IPs | |
nmap -S <spoofed-ip> <target> | Spoof source IP | |
nmap -e <interface> <target> | Use specific interface | |
nmap --source-port 53 <target> | Use specific source port | |
nmap --data-length 25 <target> | Add random data to packets | |
nmap --randomize-hosts <target> | Randomize host order | |
nmap --spoof-mac <mac> <target> | Spoof MAC address |
Advanced Options
| Command | Copy | Description |
|---|---|---|
nmap --reason <target> | Display reason for port state | |
nmap --open <target> | Show only open ports | |
nmap --packet-trace <target> | Show packet trace | |
nmap --iflist | List interfaces and routes | |
nmap -6 <target> | Enable IPv6 scanning | |
nmap --traceroute <target> | Trace path to host | |
nmap --version | Display nmap version |
Common Combinations
| Command | Copy | Description |
|---|---|---|
nmap -sS -sV -O -T4 <target> | Comprehensive scan | |
nmap -sS -p- -T4 <target> | Full port scan | |
nmap -A -T4 <target> | Aggressive scan with timing | |
nmap -sV --script=vuln <target> | Vulnerability scan | |
nmap -sn 192.168.1.0/24 | Network discovery | |
nmap -Pn -p- -T4 <target> | Full scan without ping |
Target Specification
| Command | Copy | Description |
|---|---|---|
nmap --exclude <target> | Exclude hosts from scan | |
nmap --excludefile <file> | Exclude hosts from file |
All operations are performed locally in your browser. No data is sent to any server.
About Nmap Cheat Sheet
This section will contain detailed, SEO-friendly content about the Nmap Cheat Sheet.
In the future, this content will be managed through a headless CMS, allowing you to:
- Add detailed explanations about how to use this tool
- Include examples and use cases
- Provide tips and best practices
- Add FAQs and troubleshooting guides
- Update content without touching the code
How to Use
Step-by-step instructions for using the Nmap Cheat Sheet will appear here. This content will be fully customizable through the admin panel.
Features
Key features and benefits of this tool will be listed here. All content is editable via the CMS.