Scanning Command Syntax
nmap [scan type] [option] [IP Specification]
Scanning Command Syntax
nmap [scan type] [option] [IP Specification]
Syntax | Example | Description |
---|---|---|
-p | nmap -p 23 172.16.1.1 | Port Scanning: SpecificPort(23) IP |
-p | nmap -p 23-100 172.16.1.1 | Port Scanning: SpecificPortRange(23-100) IP |
-p | nmap -pU:110, T:23-25, 443 172.16.1.1 | U(UDP), T(TCP) |
-p- | nmap -p- 172.16.1.1 | Port Scanning: all ports IP |
-p | nmap -smtp,https 172.16.1.1 | Port Scanning: Specific Protocol, IP |
-F | nmap -F 172.16.1.1 | Port Scanning: fast |
-p “*” | nmap -p “*” ftp 172.16.1.1 | Port Scanning: using name |
-r | nmap -r 172.16.1.1 | Port Scanning: Sequential scan |
Switch/Syntax | Example | Description |
---|---|---|
-sL | nmap 172.16.1.1 -sL | List IP without scanning |
-sn | nmap 172.16.1.1/8 -sn | Disable port scanning |
-Pn | nmap 172.16.1.1-8 -Pn | Port scans only and no host discovery |
-PS | nmap 172.16.1.1 -PS22-25,80 | TCP SYN discovery on specific port |
-PA | nmap 172.16.1.1 -PA22-25,80 | TCP ACK discovery on specific port |
-PU | nmap 172.16.1.1 -PU53 | UDP discovery on specific port |
-PR | nmap 172.16.1.1 -PR | ARP discovery within local network |
-n | nmap 172.16.1.1 -n | No DNS resolution |
Switch/Syntax | Example | Description |
---|---|---|
-sS | nmap 172.16.1.1 -sS | TCP SYN port scan (Stealthy) |
-sT | nmap 172.16.1.1 -sT | TCP connect port scan |
-sA | nmap 172.16.1.1 -sA | TCP ACK port scan |
-sU | nmap 172.16.1.1 -sU | UDP port scan |
-Sf | nmap 172.16.1.1 -Sf | TCP FIN scan |
-SX | nmap -sX 172.16.1.1 | XMAS scan |
-Sp | nmap 172.16.1.1 -Sp | Ping scan |
Switch/Syntax | Example | Description |
---|---|---|
-sV | nmap 172.16.1.1 -sV | Try to find version of service running on port |
-sV –version-intensity 6 | nmap 172.16.1.1 -sV –version-intensity 6 | Intensity levels 0 to 9 |
-sV –version-all | nmap 172.16.1.1 -sV –version-all | Intensity level 9 |
-sV –version-light | nmap 172.16.1.1 -sV –version-light | Enable light mode |
-A | nmap 172.16.1.1 -A | Enables OS detection, version detection, script scanning and traceroute |
-O | nmap 172.16.1.1 -O | Remote OS detection |
Switch/Syntax | Example | Description |
---|---|---|
-f | nmap -f 172.16.1.1 | Scan fragment packets |
-stu | nmap -stu 172.16.1.1 | specify MTU |
-sI | nmap -sI 172.16.1.1 | Scan idle zombie |
-source-port {port} | nmap -source-port 80 172.16.1.1 | Manual source port specify |
-data-length {size} | nmap -data-length 32 172.16.1.1 | Randomly append data |
-randomise-hosts | nmap -randomise-hosts 172.16.1.1 | Remote OS detection |
-badsum | nmap -badsum 172.16.1.1 | Bad checksum |
Switch/Syntax | Example | Description |
---|---|---|
-T{0-6} | nmap -T4 172.16.1.1 | Timing options 0 Slowest, 5 Very Aggressive |
-oN {file.txt} | nmap -oN scan.txt 172.16.1.1 | Default/normal output |
-oG {grep.txt} | nmap -oG grep.txt 172.16.1.1 | Output grepable format |
-oA | nmap -oA 172.16.1.1 | Output all formats |
-open | nmap -open 172.16.1.1 | Show open ports only |