1. BASIC SCANS
Quick default scan:
bash
nmap 192.168.1.10
Scan multiple targets:
bash
nmap 192.168.1.10 192.168.1.20
Scan range:
bash
nmap 192.168.1.1-50
Scan full subnet:
bash
nmap 192.168.1.0/24
2. PORT SCANNING
Scan specific ports:
bash
nmap -p 22,80,443
Scan port range:
bash
nmap -p 1-1000
Scan all ports:
bash
nmap -p-
Example:
bash
nmap -p- 10.10.10.5
3. SERVICE & OS DETECTION
Detect service versions:
bash
nmap -sV
Detect OS:
bash
nmap -O
Example:
bash
nmap -sV -O 10.10.10.5
4. SCAN TYPES
SYN scan (stealth):
bash
nmap -sS
TCP connect (if not root):
bash
nmap -sT
UDP scan:
bash
nmap -sU -p 53,161 192.168.1.10
Aggressive scan:
bash
nmap -A 10.10.10.5
5. HOST DISCOVERY
Ping sweep:
bash
nmap -sn
List targets only:
bash
nmap -sL
Disable ping (treat host as online):
bash
nmap -Pn
6. NSE SCRIPTING ENGINE
Run default scripts:
bash
nmap -sC
Run vulnerability scripts:
bash
nmap --script vuln
Check SQL injection:
bash
nmap --script http-sql-injection
Check Heartbleed:
bash
nmap --script ssl-heartbleed
Example:
bash
nmap -sV --script vuln 10.10.10.5
7. OUTPUT OPTIONS
Save human-readable output:
bash
nmap -oN scan.txt
Save XML:
bash
nmap -oX scan.xml
Save grep-friendly:
bash
nmap -oG scan.grep
Example:
bash
nmap -sV -oN results.txt 192.168.1.10
8. ADVANCED OPTIONS
Faster scanning:
bash
nmap -T4
Traceroute:
bash
nmap --traceroute
Decoy scan:
bash
nmap -D decoy1,decoy2
Spoof MAC:
bash
nmap --spoof-mac 00:11:22:33:44:55
Example:
bash
nmap -sS -T4 --spoof-mac 00:11:22:33:44:55 10.10.10.5
← Back to tutorial