HxHippy

nmap Network Scanner

Network discovery and security auditing with nmap.

Last updated: 2025-01-15

nmap Guide

nmap is the industry-standard network discovery and security auditing tool.

Basic Scanning

# Scan single host
nmap 192.168.1.1

# Scan network range
nmap 192.168.1.0/24

# Scan specific ports
nmap -p 22,80,443 192.168.1.1

# Scan port range
nmap -p 1-1000 192.168.1.1

# Scan all ports
nmap -p- 192.168.1.1

Scan Types

# TCP SYN scan (default, requires root)
sudo nmap -sS 192.168.1.1

# TCP connect scan
nmap -sT 192.168.1.1

# UDP scan
sudo nmap -sU 192.168.1.1

# Version detection
nmap -sV 192.168.1.1

# OS detection
sudo nmap -O 192.168.1.1

# Aggressive scan (version, OS, scripts, traceroute)
nmap -A 192.168.1.1

NSE Scripts

# Default scripts
nmap -sC 192.168.1.1

# Specific script
nmap --script=http-title 192.168.1.1

# Script categories
nmap --script=vuln 192.168.1.1
nmap --script=auth 192.168.1.1
nmap --script=default,safe 192.168.1.1

# List available scripts
ls /usr/share/nmap/scripts/

Output Formats

# Normal output to file
nmap -oN scan.txt 192.168.1.1

# XML output
nmap -oX scan.xml 192.168.1.1

# Greppable output
nmap -oG scan.gnmap 192.168.1.1

# All formats
nmap -oA scan 192.168.1.1

Common Scan Profiles

# Quick scan (top 100 ports)
nmap -F 192.168.1.0/24

# Comprehensive scan
nmap -sV -sC -O -p- 192.168.1.1

# Stealth scan
nmap -sS -T2 --max-retries 1 192.168.1.1

# Service enumeration
nmap -sV --version-intensity 5 192.168.1.1

Timing Options

Option Name Speed
-T0 Paranoid Slowest
-T1 Sneaky Slow
-T2 Polite Slower
-T3 Normal Default
-T4 Aggressive Fast
-T5 Insane Fastest

Firewall Evasion

# Fragment packets
nmap -f 192.168.1.1

# Decoy scan
nmap -D RND:10 192.168.1.1

# Source port manipulation
nmap --source-port 53 192.168.1.1
intermediate Tools Updated 2025-01-15
  • nmap
  • network scanner
  • port scanning
  • security audit