Scribd
Upload
239 views5 pages

Nmap

The document describes various switches and parameters that can be used with the nmap network scanning tool. It covers options for specifying targets, scan techniques, host and port discovery, service and version detection, and OS detection. For example, -sS performs a TCP SYN port scan, -p21 scans only port 21, and -O enables remote OS detection using TCP/IP stack fingerprinting.

Uploaded by

Priyanshu Upadhyay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
239 views5 pages

Nmap

The document describes various switches and parameters that can be used with the nmap network scanning tool. It covers options for specifying targets, scan techniques, host and port discovery, service and version detection, and OS detection. For example, -sS performs a TCP SYN port scan, -p21 scans only port 21, and -O enables remote OS detection using TCP/IP stack fingerprinting.

Uploaded by

Priyanshu Upadhyay
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Target Specification

Switch Example Description

nmap [Link] Scan a single IP

nmap [Link] [Link] Scan specific IPs

nmap [Link]-254 Scan a range

nmap [Link] Scan a domain

nmap [Link]/24 Scan using CIDR notation

-iL nmap -iL [Link] Scan targets from a file

-iR nmap -iR 100 Scan 100 random hosts

--exclude nmap --exclude [Link] Exclude listed hosts

Scan Techniques

Switch Example Description

-sS nmap [Link] -sS TCP SYN port scan (Default)

-sT nmap [Link] -sT TCP connect port scan(Default without root privilege)
-sU nmap [Link] -sU UDP port scan

-sA nmap [Link] -sA TCP ACK port scan

-sW nmap [Link] -sW TCP Window port scan

-sM nmap [Link] -sM TCP Maimon port scan

Host Discovery

Switch Example Description

-sL nmap [Link]-3 -sL No Scan. List targets only

-sn nmap [Link]/24 -sn Disable port scanning. Host discovery only.

-Pn nmap [Link]-5 -Pn Disable host discovery. Port scan only.

-PS nmap [Link]-5 -PS22-25,80TCP SYN discovery on port x.

Port 80 by default

-PA nmap [Link]-5 -PA22-25,80 TCP ACK discovery on port x.

Port 80 by default
-PU nmap [Link]-5 -PU53 UDP discovery on port x.

Port 40125 by default

-PR nmap [Link]-1/24 -PR ARP discovery on local network

-n

nmap [Link] -n Never do DNS resolution

Port Specification

Switch Example Description

-p nmap [Link] -p 21 Port scan for port x

-p nmap [Link] -p 21-100 Port range

-p nmap [Link] -p U:53,T:21-25,80 Port scan multiple TCP and UDP ports

-p- nmap [Link] -p- Port scan all ports

-p nmap [Link] -p http,https Port scan from service name

-F nmap [Link] -F Fast port scan (100 ports)


--top-ports nmap [Link] --top-ports 2000 Port scan the top x ports

-p-65535 nmap [Link] -p-65535 Leaving off initial port in range makes the
scan start at port 1

-p0- nmap [Link] -p0- Leaving off end port in range makes the scan go
through to port 65535

Service and Version Detection

Switch Example Description

-sV nmap [Link] -sV Attempts to determine the version of the


service running on port

-sV --version-intensity nmap [Link] -sV --version-intensity 8 Intensity level 0 to 9. Higher


number increases possibility of correctness

-sV --version-light nmap [Link] -sV --version-light Enable light mode. Lower
possibility of correctness. Faster

-sV --version-all nmap [Link] -sV --version-all Enable intensity level 9. Higher
possibility of correctness. Slower

-A nmap [Link] -A Enables OS detection, version detection,


script scanning, and traceroute

OS Detection
Switch Example Description

-O nmap [Link] -O Remote OS detection using TCP/IP

stack fingerprinting

-O --osscan-limit nmap [Link] -O --osscan-limit If at least one open and one


closed TCP port are not found it will not try OS detection against host

-O --osscan-guess nmap [Link] -O --osscan-guess Makes Nmap guess more


aggressively

-O --max-os-tries nmap [Link] -O --max-os-tries 1 Set the maximum number x of


OS detection tries against a target

-A nmap [Link] -A Enables OS detection, version detection,


script scanning, and traceroute

You might also like