Skip to content

Instantly share code, notes, and snippets.

@pathologicalhandwaving

pathologicalhandwaving/nmap.md

Last active November 24, 2021 00:26
Show Gist options
  • Save pathologicalhandwaving/afcad92f6e3e313b10dfcaa5dbbf1820 to your computer and use it in GitHub Desktop.
Save pathologicalhandwaving/afcad92f6e3e313b10dfcaa5dbbf1820 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nmap.md

Common NMap Commands

Check nmap version

nmap --version

If nmap is not installed:

sudo apt install nmap

Scan IPs

Scan Single Host or IP

nmap 192.168.1.1

nmap hostname.com

Verbose

nmap -v hostname.com

Multiple IPs

nmap 192.168.1.1 192.168.1.2 192.168.1.3

Works over same subnet

nmap 192.168.1.1,2,3

Scan Range of IP Addresses

nmap 192.168.1.1-20

Scan Range of IP Addresses using Wildcard

nmap 192.168.1.*

Scan Entire Subnet

nmap 192.168.1.0/24

Read List of Hosts/Networks from File

cat > /tmp/test.txt

Append:

server1.domain.com
192.168.1.0/24
192.168.1.1/24
10.1.2.3
localhost

nmap -iL /tmp/test.txt

Exclude Hosts/Networks from NMap Scan Examples

nmap 192.168.1.0/24 --exclude 192.168.1.5
nmap 192.168.1.0/24 --exclude 192.168.1.5,192.168.1.254

OR exclude using a file /tmp/exclude.txt

nmap -iL /tmp/scanlist.txt --excludefile /tmp/exclude.txt

Firewall

Check if Host is behind Firewall

nmap -sA 192.168.1.254

Scan Host Behind Firewall

nmap -PN 192.168.1.1

Firewall Blocking ICMP

nmap -PS 192.168.1.1
nmap -PS 80,21,443 192.168.1.1
nmap -PA 192.168.1.1
nmap -PA 80,21,200-512 192.168.1.1

Scan IPv6 Host/Addresses

nmap -6 IPv6-Address-Here
nmap -6 server1.cyberciti.biz
nmap -6 2607:f0d0:1002:51::4
nmap -v A -6 2607:f0d0:1002:51::4

Fast Scan

nmap -F 192.168.1.1
nmap -6 -F IPv6_Address_Here

Ports

Show Reason for Current State of Port

nmap --reason 192.168.1.1

Show Only Open or Possibly Open Ports

nmap --open 192.168.1.1

Scan Specific Ports

nmap -p [port] hostname

nmap -p 80 192.168.1.1

Scan TCP Port 80

nmap -p T:80 192.168.1.1

Scan UDP Port 80

nmap -p U:80 192.168.1.1

Scan Two Ports

nmap -p 80,443 192.168.1.1

Scan Range of Ports

nmap -p 80-200 192.168.1.1

All Combined Options

nmap -p U:53,111,137,T:21-25,80,139,8080 192.168.1.1
nmap -p U:53,111,137,T:21-25,80,139,8080 server1.domain.com
nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.1.254

Scan All Ports

nmap -p "*" 192.168.1.1

Scan particular number of most common ports

nmap --top-ports 5 192.168.1.1

Fast Scan All Devices for open ports

nmap -T5 192.168.1.0/24

Remote Host

Show Host Interfaces and Routes

nmap --iflist

Detect Remote Services

nmap -sV 192.168.1.1

Scan Network to find running Servers and Devices

nmap -sP 192.168.1.0/24

OS and Version Detection Scan

nmap -A 192.168.1.254
nmap -v -A 192.168.1.1
nmap -A -iL /tmp/scanlist.txt

Detect Remote OS

nmap -O 192.168.1.1
nmap -O  --osscan-guess 192.168.1.1
nmap -v -O --osscan-guess 192.168.1.1

Packets

Show all Sent/Received Packets

nmap --packet-trace 192.168.1.1

@pathologicalhandwaving
Copy link
Author

Reference document

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment