nmap¶

• Single target scan: nmap [target]

• Scan from a list of targets: nmap -iL [list.txt]

• Scan port for all available A records (useful when multiple A records are returned by the DNS server) nmap --script resolveall --script-args newtargets,resolveall.hosts=[target] -p [port]

• iPv6: nmap -6 [target]

• OS detection: nmap -O --osscan_guess [target]

• Save output to text file: nmap -oN [output.txt] [target]

• Save output to xml file: nmap -oX [output.xml] [target]

• Scan a specific port: nmap -p [port] [target]

• Do an aggressive scan: nmap -A [target]

• Speedup your scan:

• -n => disable ReverseDNS

• --min-rate=X => min X packets / sec nmap -T5 --min-parallelism=50 -n --min-rate=300 [target]

• Traceroute: nmap -traceroute [target]

• Ping scan only: -sP

• Don't ping: -PN <- Use full if a host don't reply to a ping.
• TCP SYN ping: -PS
• TCP ACK ping: -PA
• UDP ping: -PU

• ARP ping: -PR

• Example: Ping scan all machines on a class C network nmap -sP 192.168.0.0/24

• Force TCP scan: -sT

• Force UDP scan: -sU

• Use some script: nmap --script default,safe

Comments