NMAP Commands Cheatsheet — Essential Reference
Nmap (Network Mapper) is a free and open-source utility for network discovery and security auditing. It's widely used by network administrators and security professionals to identify hosts and services on a computer network, creating a 'map' of the network.
Master NMAP with Top Reference Books
Level up your DevOps skills. Find the best guide books and cheatsheet references for your engineering stack.
Commands
| Command | Description | Example |
|---|---|---|
nmap <target> |
Basic host scan, discovers open ports and services. | nmap scanme.nmap.org |
nmap -sS <target> |
SYN scan (stealth scan), faster and less conspicuous than a full TCP connect scan. | nmap -sS 192.168.1.1 |
nmap -sU <target> |
UDP scan, used to find open UDP ports. | nmap -sU 10.0.0.5 |
nmap -p <port_range> <target> |
Scan specific ports or port ranges. | nmap -p 22,80,443-8080 192.168.1.100 |
nmap -A <target> |
Aggressive scan, enables OS detection, version detection, script scanning, and traceroute. | nmap -A example.com |
nmap -O <target> |
OS detection, attempts to determine the operating system of the target host. | nmap -O 172.16.0.1 |
nmap -sV <target> |
Version detection, determines the service and version running on open ports. | nmap -sV localhost |
nmap -Pn <target> |
Treat all hosts as online (skip host discovery). Useful when you know the host is up but Nmap can't ping it. | nmap -Pn 192.168.1.200 |
nmap -oN <output_file> <target> |
Output scan results in normal format to a file. | nmap -oN scan_results.txt 192.168.1.0/24 |
nmap --script=<script_name> <target> |
Run Nmap Scripting Engine (NSE) scripts for advanced discovery, vulnerability detection, etc. | nmap --script=http-enum example.com |
Pro Tips
- Always obtain proper authorization before scanning any network you don't own or manage.
- Combine options for more targeted and efficient scans, e.g., `nmap -sS -sV -O -p 1-1000 <target>`.
- Use `-v` or `-vv` for verbose output to see what Nmap is doing in real-time.
- Explore the Nmap Scripting Engine (NSE) for a vast array of advanced scanning capabilities (`nmap --script-help <script_name>`).
- Consider using `nmap -T<0-5>` to adjust scan timing (0 for paranoid, 5 for insane) based on network conditions and stealth requirements.
Frequently Asked Questions
What is nmap used for?
Nmap is primarily used for network discovery, security auditing, and port scanning. It helps identify live hosts, open ports, running services, operating systems, and potential vulnerabilities on a network.
How do I install nmap?
Nmap is available for most operating systems. On Debian/Ubuntu, use `sudo apt install nmap`. On Fedora/RHEL, use `sudo dnf install nmap` or `sudo yum install nmap`. For macOS, use `brew install nmap` (with Homebrew). For Windows, download the installer from the official Nmap website (nmap.org).