Nmap – Summary/Flags

Scanning Command Syntax

nmap [scan type] [option] [IP Specification]

Syntax Example Description
-p nmap -p 23 Port Scanning: SpecificPort(23) IP
-p nmap -p 23-100 Port Scanning: SpecificPortRange(23-100) IP
-p nmap -pU:110, T:23-25, 443 U(UDP), T(TCP)
-p- nmap -p- Port Scanning: all ports IP
-p nmap -smtp,https Port Scanning: Specific Protocol, IP
-F nmap -F Port Scanning: fast
-p “*” nmap -p “*” ftp Port Scanning: using name
-r nmap -r Port Scanning: Sequential scan

Switch/Syntax Example Description
-sL nmap -sL List IP without scanning
-sn nmap -sn Disable port scanning
-Pn nmap -Pn Port scans only and no host discovery
-PS nmap -PS22-25,80 TCP SYN discovery on specific port
-PA nmap -PA22-25,80 TCP ACK discovery on specific port
-PU nmap -PU53 UDP discovery on specific port
-PR nmap -PR ARP discovery within local network
-n nmap -n No DNS resolution

Switch/Syntax Example Description
-sS nmap -sS TCP SYN port scan (Stealthy)
-sT nmap -sT TCP connect port scan
-sA nmap -sA TCP ACK port scan
-sU nmap -sU UDP port scan
-Sf nmap -Sf TCP FIN scan
-SX nmap -sX XMAS scan
-Sp nmap -Sp Ping scan

Switch/Syntax Example Description
-sV nmap -sV Try to find version of service running on port
-sV –version-intensity 6 nmap -sV –version-intensity 6 Intensity levels 0 to 9
-sV –version-all nmap -sV –version-all Intensity level 9
-sV –version-light nmap -sV –version-light Enable light mode
-A nmap -A Enables OS detection, version detection, script scanning and traceroute
-O nmap -O Remote OS detection

Switch/Syntax Example Description
-f nmap -f Scan fragment packets
-stu nmap -stu specify MTU
-sI nmap -sI Scan idle zombie
-source-port {port} nmap -source-port 80 Manual source port specify
-data-length {size} nmap -data-length 32 Randomly append data
-randomise-hosts nmap -randomise-hosts Remote OS detection
-badsum nmap -badsum Bad checksum

Switch/Syntax Example Description
-T{0-6} nmap -T4 Timing options 0 Slowest, 5 Very Aggressive
-oN {file.txt} nmap -oN scan.txt Default/normal output
-oG {grep.txt} nmap -oG grep.txt Output grepable format
-oA nmap -oA Output all formats
-open nmap -open Show open ports only

Welcome to your Nmap

Check for live systems across network (ping entire network)