nmap Guide
nmap is the industry-standard network discovery and security auditing tool.
Basic Scanning
# Scan single host
nmap 192.168.1.1
# Scan network range
nmap 192.168.1.0/24
# Scan specific ports
nmap -p 22,80,443 192.168.1.1
# Scan port range
nmap -p 1-1000 192.168.1.1
# Scan all ports
nmap -p- 192.168.1.1Scan Types
# TCP SYN scan (default, requires root)
sudo nmap -sS 192.168.1.1
# TCP connect scan
nmap -sT 192.168.1.1
# UDP scan
sudo nmap -sU 192.168.1.1
# Version detection
nmap -sV 192.168.1.1
# OS detection
sudo nmap -O 192.168.1.1
# Aggressive scan (version, OS, scripts, traceroute)
nmap -A 192.168.1.1NSE Scripts
# Default scripts
nmap -sC 192.168.1.1
# Specific script
nmap --script=http-title 192.168.1.1
# Script categories
nmap --script=vuln 192.168.1.1
nmap --script=auth 192.168.1.1
nmap --script=default,safe 192.168.1.1
# List available scripts
ls /usr/share/nmap/scripts/Output Formats
# Normal output to file
nmap -oN scan.txt 192.168.1.1
# XML output
nmap -oX scan.xml 192.168.1.1
# Greppable output
nmap -oG scan.gnmap 192.168.1.1
# All formats
nmap -oA scan 192.168.1.1Common Scan Profiles
# Quick scan (top 100 ports)
nmap -F 192.168.1.0/24
# Comprehensive scan
nmap -sV -sC -O -p- 192.168.1.1
# Stealth scan
nmap -sS -T2 --max-retries 1 192.168.1.1
# Service enumeration
nmap -sV --version-intensity 5 192.168.1.1Timing Options
| Option | Name | Speed |
|---|---|---|
| -T0 | Paranoid | Slowest |
| -T1 | Sneaky | Slow |
| -T2 | Polite | Slower |
| -T3 | Normal | Default |
| -T4 | Aggressive | Fast |
| -T5 | Insane | Fastest |
Firewall Evasion
# Fragment packets
nmap -f 192.168.1.1
# Decoy scan
nmap -D RND:10 192.168.1.1
# Source port manipulation
nmap --source-port 53 192.168.1.1 - nmap
- network scanner
- port scanning
- security audit