This command-line cheat sheet is designed to briefly reference some of the most commonly used NMAP commands, along with a brief description and practical examples to illustrate their use. Whether you’re a seasoned professional looking to brush up on your command-line skills or a newcomer eager to explore the possibilities of networking through NMAP, you’ll find valuable insights and shortcuts here.
Table of Contents
Installation
Distribution
Command
Debian/Ubuntu
sudo apt-get install nmap
CentOS/Fedora/Red Hat
sudo yum install nmap or sudo dnf install nmap
NixOS
nix-env -iA nixos.nmap
Usage
Basic Scans
Task
Command
Scan a single IP
nmap 192.168.1.1
Scan a range of IPs
nmap 192.168.1.1-20
Scan all ports
nmap -p "-" 192.168.1.1
Avoid DNS resolution
nmap -n 192.168.1.1
Port Specification and Scans
Switch
Example
Description
-p
nmap 192.168.1.1 -p 21
Port scan for port x
-p
nmap 192.168.1.1 -p 21-100
Port range
-p
nmap 192.168.1.1 -p U:53,T:21-25,80
Port scan multiple TCP and UDP ports
-p
nmap 192.168.1.1 -p-
Port scan all ports
-p
nmap 192.168.1.1 -p http,https
Port scan from service name
-F
nmap 192.168.1.1 -F
Fast port scan (100 ports)
--top-ports
nmap 192.168.1.1 --top-ports 2000
Port scan the top x ports
-p
nmap -p T:80,T:8080,U:80,U:8080 192.168.1.1
Scan specific TCP and UDP ports
Advanced Scans
Task
Command
OS detection
nmap -O 192.168.1.1
Service version detection
nmap -sV 192.168.1.1
Aggressive scan
nmap -A 192.168.1.1
Service and Version Detection
Switch
Example
Description
-sV
nmap 192.168.1.1 -sV
Enable intensity level 9. There is a higher possibility of correctness. Slower
-sV -version-intensity
nmap 192.168.1.1 -sV -version-intensity 8
Intensity level 0 to 9. A higher number increases the possibility of correctness
-sV -version-light
nmap 192.168.1.1 -sV -version-light
Enable light mode. Lower possibility of correctness. Faster
-sV -version-all
nmap 192.168.1.1 -sV -version-all
Enable intensity level 9. Higher possibility of correctness. Slower
OS Detection
Switch
Example
Description
-O
nmap 192.168.1.1 -O
Remote OS detection using TCP/IP stack fingerprinting
-O -osscan-limit
nmap 192.168.1.1 -O -osscan-limit
Limits OS detection to hosts with at least one open and one closed port
-O -osscan-guess
nmap 192.168.1.1 -O -osscan-guess
Makes Nmap guess more aggressively about OS
-O -max-os-tries
nmap 192.168.1.1 -O -max-os-tries 1
Set the maximum number of OS detection tries against a target
Timing and Performance
Switch
Example
Description
-T0 to -T5
nmap 192.168.1.1 -T0 … nmap 192.168.1.1 -T5
Varies from paranoid (IDS evasion) to insane speeds
This NMAP Command-Line Cheat Sheet concisely references the most commonly used commands in the powerful NMAP suite. Designed for beginners and experienced network administrators, it includes essential commands for various tasks—from simple IP scans to detailed service detection and security auditing.
Anto, a seasoned technologist with over two decades of experience, has traversed the tech landscape from Desktop Support Engineer to enterprise application consultant, specializing in AWS serverless technologies. He guides clients in leveraging serverless solutions while passionately exploring cutting-edge cloud concepts beyond his daily work. Anto's dedication to continuous learning, experimentation, and collaboration makes him a true inspiration, igniting others' interest in the transformative power of cloud computing.
