Skip to main content

NMAP commands

This page contain list of NMAP commands

Scan a single IPnmap
Scan a hostnmap
Scan a range of lPsnmap
Scan a subnetnmap
Scan targets from a text filenmap -iL list-of-ips.txt
Scan a single Portnmap -p 22
Scan a range of portsnmap -p 1-100
Scan 100 most common ports (Fast)nmap —F
Scan all 65535 portsnmap -p-
Scan using TCP connectnmap -sT
Scan using TCP SYN scan (default)nmap -sS
Scan UDP portsnmap -sU -p 123,161,162
Scan selected ports -ignore discoverynmap -Pn -F
Detect OS and Servicesnmap -A
Standard service detectionnmap -sV
More aggressive Service Detectionnmap -sV --version—intensity 5
Lighter banner grabbing detectionnmap -sV --version-intensity 0
Save default output to filenmap -oN outputfile.txt
Save results as XMLnmap -oX outputfile.xml
Save results in a format for grepnmap -oG outputfile.txt
Save in all formatsnmap -oA outputfile
Scan using default safe scriptsnmap -sV —sC
Get help for a scriptnmap --script-help=ssl-heartbleed
Scan using a specific NSE scriptnmap -sV -p 443 —script=sslheartbleed.nse
Scan with a set of scriptsnmap -sV --script=smb*
Gather page titles from HTTP servicesnmap --script=http-title
Get HTTP headers of web servicesnmap --script=http-headers
Find web apps from known pathsnmap --script=http—enum
Find Information about IP addressnmap --script:asn-query,whois,ipgeolocation-maxmind