Subscribe by RSS RSS Icon
Follow me on Twitter Twitter Icon

Important Nmap Commands

Nmap is short for Network Mapper. It is an open source security tool for network exploration, security scanning and auditing.

Basic scan

Host discovery
nmap -sP

Exclude Host
nmap --exclude,

Find out if host is behind a firewall
nmap -sA

Scan host behind a firewall
nmap -PN
nmap -PS
nmap -PA

Scan IPv6
nmap -6 IPv6-Address

Fast scan
nmap -F -T5

Display the reason for a port in particular state
nmap --reason

Show only open port
nmap --open

Show host interface and route
nmap --iflist

OS detection

nmap -O

Scan using IP protocol ping
nmap -PO

IP protocol scan
nmap -sO

Scan firewall for security weaknesses
nmap -sN
nmap -sF
nmap -sX

Firewall scan with fragmented packets
nmap -f --mtu 32

Decoy scan
nmap -n -D decoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4 remote-host-ip

MAC address spoofing
nmap -v -sT -PN --spoof-mac MAC-ADDRESS-HERE

SMB scan using NSE
nmap -v -O -sV -T4 --osscan-guess -oA ms-smbscan --script=smb-enum-domains, smb-enum-processes,smb-enum-sessions,smb-enum-shares,smb-enum-users,smb-os-discovery,smb-security-mode,smb-system-info <target ip>

Scan for SMTP Open Relay
nmap --script smtp-open-relay.nse <domain> -p 25,465,587 <mail-server>

Scanning the Internet
nmap -T4 --top-ports 50 -sV -O --osscan-limit --osscan-guess --min-hostgroup 128 --host-timeout 10m -oA ms-vscan-%D

parse result
grep " open " ms-vscan.nmap | seed -r 's/ +/ /g' | sort | unique -c | sort -rn | less

Web Scanning
nmap --script http-headers,http-title <target>
nmap -sV --script "(http-*) and not(http-slowloris or httpbrute)" <target>

Scanning Website for Malware
nmap -sV --script http-google-malware.nse,http-malware-host.nse -p80,443 <target>


Copyright Info.

Only for my personal reference. I do not own any of these materials here. Use it at your own risk!

XHTML/CSS validations
Valid XHTML 1.0 Transitional Valid CSS!