Nmap – Summary/Flags

Scanning Command Syntax

nmap [scan type] [option] [IP Specification]

Syntax	Example	Description
-p	nmap -p 23 172.16.1.1	Port Scanning: SpecificPort(23) IP
-p	nmap -p 23-100 172.16.1.1	Port Scanning: SpecificPortRange(23-100) IP
-p	nmap -pU:110, T:23-25, 443 172.16.1.1	U(UDP), T(TCP)
-p-	nmap -p- 172.16.1.1	Port Scanning: all ports IP
-p	nmap -smtp,https 172.16.1.1	Port Scanning: Specific Protocol, IP
-F	nmap -F 172.16.1.1	Port Scanning: fast
-p “*”	nmap -p “*” ftp 172.16.1.1	Port Scanning: using name
-r	nmap -r 172.16.1.1	Port Scanning: Sequential scan

Switch/Syntax	Example	Description
-sL	nmap 172.16.1.1 -sL	List IP without scanning
-sn	nmap 172.16.1.1/8 -sn	Disable port scanning
-Pn	nmap 172.16.1.1-8 -Pn	Port scans only and no host discovery
-PS	nmap 172.16.1.1 -PS22-25,80	TCP SYN discovery on specific port
-PA	nmap 172.16.1.1 -PA22-25,80	TCP ACK discovery on specific port
-PU	nmap 172.16.1.1 -PU53	UDP discovery on specific port
-PR	nmap 172.16.1.1 -PR	ARP discovery within local network
-n	nmap 172.16.1.1 -n	No DNS resolution

Switch/Syntax	Example	Description
-sV	nmap 172.16.1.1 -sV	Try to find version of service running on port
-sV –version-intensity 6	nmap 172.16.1.1 -sV –version-intensity 6	Intensity levels 0 to 9
-sV –version-all	nmap 172.16.1.1 -sV –version-all	Intensity level 9
-sV –version-light	nmap 172.16.1.1 -sV –version-light	Enable light mode
-A	nmap 172.16.1.1 -A	Enables OS detection, version detection, script scanning and traceroute
-O	nmap 172.16.1.1 -O	Remote OS detection

Switch/Syntax	Example	Description
-T{0-6}	nmap -T4 172.16.1.1	Timing options 0 Slowest, 5 Very Aggressive
-oN {file.txt}	nmap -oN scan.txt 172.16.1.1	Default/normal output
-oG {grep.txt}	nmap -oG grep.txt 172.16.1.1	Output grepable format
-oA	nmap -oA 172.16.1.1	Output all formats
-open	nmap -open 172.16.1.1	Show open ports only