Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
124 views

Nmap Cheat Sheet

The document provides a cheat sheet for the Nmap tool, listing various commands, flags, and switches to help users master Nmap's capabilities. It covers topics like target specification, scan techniques, host discovery, port specification, service and version detection, OS detection, and timing/performance options.

Uploaded by

solicitadasenha
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
124 views

Nmap Cheat Sheet

The document provides a cheat sheet for the Nmap tool, listing various commands, flags, and switches to help users master Nmap's capabilities. It covers topics like target specification, scan techniques, host discovery, port specification, service and version detection, OS detection, and timing/performance options.

Uploaded by

solicitadasenha
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 43

Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Table of
Contents

Nmap Cheat Sheet 2024:


All the Commands, Flags
& Switches
December 12, 2023 Nathan House

Level Up in Cyber Security:


Join Our Membership Today!
 Listen to the article
LEARN MORE
The one downside to a tool as robust and powerful
as Nmap is remembering so many commands.
Even many seasoned industry professionals fail to
make the most of Nmap simply because keeping
track of all its flags can prove such a challenge.

We have compiled and organized this Nmap cheat


sheet to help you master what is arguably the
most useful tool in any penetration tester’s arsenal.
Whether you use it to memorize Nmap’s options,
as a quick reference to keep nearby, or as a study
sheet for your CEH/Pentest+ exam, we’re certain it
will help you become a Nmap pro.

https://www.stationx.net/nmap-cheat-sheet/ 1
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
Download your own copy of this cheat sheet here.
Now, let’s get to the Nmap commands.

Nmap Cheat Sheet Search


Search our Nmap cheat sheet to find the
right cheat for the term you're looking for.
Simply enter the term in the search bar and
you'll receive the matching cheats
available.

Search cheats here

Target Specification
SWITCH EXAMPLE DESCRIPTION

nmap 192.168.1.1 Scan a single IP

nmap 192.168.1.1
Scan specific IPs
192.168.2.1

nmap 192.168.1.1-254 Scan a range

nmap
Scan a domain
scanme.nmap.org

Scan using CIDR


nmap 192.168.1.0/24
notation

https://www.stationx.net/nmap-cheat-sheet/ 2
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

-iL nmap -iL targets.txt Scan targets from


a file

Scan 100 random


-iR nmap -iR 100
hosts

- nmap -exclude Exclude listed


exclude 192.168.1.1 hosts

Nmap Scan Techniques


SWITCH EXAMPLE DESCRIPTION

nmap
-sS 192.168.1.1 TCP SYN port scan (Default)
-sS

nmap TCP connect port scan


-sT 192.168.1.1 (Default without root
-sT privilege)

nmap
-sU 192.168.1.1 UDP port scan
-sU

nmap
-sA 192.168.1.1 TCP ACK port scan
-sA

nmap
-sW 192.168.1.1 TCP Window port scan
-sW

https://www.stationx.net/nmap-cheat-sheet/ 3
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
nmap
-sM TCP Maimon port scan
192.168.1.1
-sM

Host Discovery
SWITCH EXAMPLE DESCRIPTION

nmap No Scan. List targets


-sL
192.168.1.1-3 -sL only

nmap
Disable port scanning.
-sn 192.168.1.1/24 -
Host discovery only.
sn

nmap Disable host discovery.


-Pn
192.168.1.1-5 -Pn Port scan only.

nmap TCP SYN discovery on


-PS 192.168.1.1-5 - port x.
PS22-25,80 Port 80 by default

nmap TCP ACK discovery on


-PA 192.168.1.1-5 - port x.
PA22-25,80 Port 80 by default

nmap UDP discovery on port


-PU 192.168.1.1-5 - x.
PU53 Port 40125 by default

nmap
ARP discovery on local
-PR 192.168.1.1-1/24
network
-PR

https://www.stationx.net/nmap-cheat-sheet/ 4
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
nmap 192.168.1.1 Never do DNS
-n
-n resolution

Nmap Command Generator


Say goodbye to the hassle of trying to
remember the exact syntax for your Nmap
commands! With our Nmap Command
Generator, you can simply say what you
need Nmap to do and we will generate the
command for you.

UDP por

Generate

Port Specification
SWITCH EXAMPLE DESCRIPTION

nmap
-p 192.168.1.1 -p Port scan for port x
21

nmap
-p 192.168.1.1 -p Port range
21-100

https://www.stationx.net/nmap-cheat-sheet/ 5
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
nmap
192.168.1.1 -p Port scan multiple TCP
-p
U:53,T:21- and UDP ports
25,80

nmap
-p Port scan all ports
192.168.1.1 -p-

nmap
Port scan from service
-p 192.168.1.1 -p
name
http,https

nmap
-F Fast port scan (100 ports)
192.168.1.1 -F

nmap
-top-
192.168.1.1 - Port scan the top x ports
ports
top-ports 2000

nmap Leaving off initial port in


-p-
192.168.1.1 -p- range makes the scan
65535
65535 start at port 1

Leaving off end port in


nmap
range
-p0- 192.168.1.1 -
makes the scan go
p0-
through to port 65535

Service and Version Detection


SWITCH EXAMPLE DESCRIPTION

nmap Attempts to determine the

https://www.stationx.net/nmap-cheat-sheet/ 6
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
-sV 192.168.1.1 - version of the service
sV running on port

nmap
-sV - Intensity level 0 to 9.
192.168.1.1 -
version- Higher number increases
sV -version-
intensity possibility of correctness
intensity 8

nmap
-sV - Enable light mode. Lower
192.168.1.1 -
version- possibility of correctness.
sV -version-
light Faster
light

-sV - nmap Enable intensity level 9.


version- 192.168.1.1 - Higher possibility of
all sV -version-all correctness. Slower

Enables OS detection,
nmap
-A version detection, script
192.168.1.1 -A
scanning, and traceroute

OS Detection
SWITCH EXAMPLE DESCRIPTION

nmap
Remote OS detection using
-O 192.168.1.1
TCP/IP stack fingerprinting
-O

nmap If at least one open and one


-O - 192.168.1.1 closed TCP port are not found
osscan- -O -osscan- it will not try OS detection

https://www.stationx.net/nmap-cheat-sheet/ 7
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
limit limit against host

nmap
-O -
192.168.1.1 Makes Nmap guess more
osscan-
-O -osscan- aggressively
guess
guess

nmap
-O - Set the maximum number x of
192.168.1.1
max- OS detection tries against a
-O -max-
os-tries target
os-tries 1

nmap Enables OS detection, version


-A 192.168.1.1 detection, script scanning, and
-A traceroute

Timing and Performance


SWITCH EXAMPLE DESCRIPTION

Paranoid (0)
-T0 nmap 192.168.1.1 -T0 Intrusion Detection
System evasion

Sneaky (1) Intrusion


-T1 nmap 192.168.1.1 -T1 Detection System
evasion

Polite (2) slows


down the scan to
-T2 nmap 192.168.1.1 -T2 use less bandwidth
and use less target
https://www.stationx.net/nmap-cheat-sheet/ 8
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
machine resources

Normal (3) which is


-T3 nmap 192.168.1.1 -T3
default speed

Aggressive (4)
speeds scans;
assumes you are on
-T4 nmap 192.168.1.1 -T4
a reasonably fast
and reliable
network

Insane (5) speeds


scan; assumes you
-T5 nmap 192.168.1.1 -T5 are on an
extraordinarily fast
network

Timing and Performance


Switches
EXAMPLE
SWITCH DESCRIPTION
INPUT

Give up on
1s; 4m;
-host-timeout <time> target after this
2h
long

-min-rtt-timeout/max-rtt-
1s; 4m; Specifies probe
timeout/initial-rtt-
2h round trip time
timeout <time>

Parallel host

https://www.stationx.net/nmap-cheat-sheet/ 9
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

-min-hostgroup/max- 50; scan group


hostgroup <size<size> 1024 sizes

-min-parallelism/max- Probe
10; 1
parallelism <numprobes> parallelization

Specify the
maximum
-max-retries <tries> 3 number of port
scan probe
retransmissions

Send packets
no slower
-min-rate <number> 100
than <number>
per second

Send packets
no faster
-max-rate <number> 100
than <number>
per second

NSE Scripts
SWITCH EXAMPLE DESCRIPTION

Scan with default


NSE scripts.
-sC nmap 192.168.1.1 -sC Considered useful
for discovery and
safe

https://www.stationx.net/nmap-cheat-sheet/ 10
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
Scan with default

-script nmap 192.168.1.1 - NSE scripts.

default script default Considered useful


for discovery and
safe

Scan with a single


nmap 192.168.1.1 -
-script script. Example
script=banner
banner

Scan with a
nmap 192.168.1.1 -
-script wildcard. Example
script=http*
http

Scan with two


nmap 192.168.1.1 -
-script scripts. Example
script=http,banner
http and banner

Scan default, but


nmap 192.168.1.1 -
-script remove intrusive
script "not intrusive"
scripts

nmap -script snmp-


-script- sysdescr -script-args NSE script with
args snmpcommunity=admin arguments
192.168.1.1

Useful NSE Script Examples


COMMAND DESCRIPTION

nmap -Pn -script=http-sitemap- http site map


generator scanme.nmap.org generator
https://www.stationx.net/nmap-cheat-sheet/ 11
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Fast search
nmap -n -Pn -p 80 -open -sV -vvv -
for random
script banner,http-title -iR 1000
web servers

Brute forces
DNS
nmap -Pn -script=dns-brute
hostnames
domain.com
guessing
subdomains

nmap -n -Pn -vv -O -sV -script smb-


enum*,smb-ls,smb-mbenum,smb-os- Safe SMB
discovery,smb-s*,smb-vuln*,smbv2* - scripts to run
vv 192.168.1.1

nmap -script whois* domain.com Whois query

Detect cross
nmap -p80 -script http-unsafe-
site scripting
output-escaping scanme.nmap.org
vulnerabilities

Check for
nmap -p80 -script http-sql-injection
SQL
scanme.nmap.org
injections

Firewall / IDS Evasion and


Spoofing
SWITCH EXAMPLE

https://www.stationx.net/nmap-cheat-sheet/ 12
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

-f nmap 192.168.1.1 -f

 00:00 00:00 1 

-mtu nmap 192.168.1.1 -mtu 32

nmap -D
-D 192.168.1.101,192.168.1.102,192.168.1.103,192.168.1.23
192.168.1.1

nmap -D decoy-ip1,decoy-ip2,your-own-ip,decoy-
-D
ip3,decoy-ip4 remote-host-ip

-S nmap -S www.microsoft.com www.facebook.com

-g nmap -g 53 192.168.1.1

- nmap -proxies http://192.168.1.1:8080,


proxies http://192.168.1.2:8080 192.168.1.1

https://www.stationx.net/nmap-cheat-sheet/ 13
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

-data-
nmap -data-length 200 192.168.1.1
length

Example IDS Evasion command

nmap -f -t 0 -n -Pn --data-length 200 -D


192.168.1.101,192.168.1.102,192.168.1.103,192.
168.1.23 192.168.1.1

Output
SWITCH EXAMPLE DESCRIPTION

nmap
Normal output to the file
-oN 192.168.1.1 -oN
normal.file
normal.file

nmap
XML output to the file
-oX 192.168.1.1 -oX
xml.file
xml.file

nmap
Grepable output to the
-oG 192.168.1.1 -oG
file grep.file
grep.file

nmap
Output in the three
-oA 192.168.1.1 -oA
major formats at once
results

nmap Grepable output to

https://www.stationx.net/nmap-cheat-sheet/ 14
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
-oG - 192.168.1.1 -oG screen. -oN -, -oX - also
- usable

nmap
-
192.168.1.1 -oN Append a scan to a
append-
file.file -append- previous scan file
output
output

Increase the verbosity


nmap
-v level (use -vv or more
192.168.1.1 -v
for greater effect)

Increase debugging
nmap
-d level (use -dd or more
192.168.1.1 -d
for greater effect)

Display the reason a


nmap
port is in a particular
-reason 192.168.1.1 -
state, same output as -
reason
vv

nmap
Only show open (or
-open 192.168.1.1 -
possibly open) ports
open

nmap
-packet- Show all packets sent
192.168.1.1 -T4
trace and received
-packet-trace

Shows the host


-iflist nmap -iflist
interfaces and routes

nmap -resume
-resume Resume a scan

https://www.stationx.net/nmap-cheat-sheet/ 15
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
results.file

Helpful Nmap Output examples


COMMAND DESCRIPTION

nmap -p80 -sV -oG - - Scan for web servers and


open 192.168.1.1/24 | grep to show which IPs
grep open are running web servers

nmap -iR 10 -n -oX


out.xml | grep "Nmap" | Generate a list of the IPs
cut -d " " -f5 > live- of live hosts
hosts.txt

nmap -iR 10 -n -oX


out2.xml | grep "Nmap" | Append IP to the list of
cut -d " " -f5 >> live- live hosts
hosts.txt

Compare output from


ndiff scanl.xml scan2.xml
nmap using the ndif

xsltproc nmap.xml -o Convert nmap xml files to


nmap.html html files

grep " open "


results.nmap | sed -r ‘s/ +/ Reverse sorted list of
/g’ | sort | uniq -c | sort -rn how often ports turn up
| less

Miscellaneous Nmap Flags


https://www.stationx.net/nmap-cheat-sheet/ 16
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

SWITCH EXAMPLE DESCRIPTION

nmap -6 Enable IPv6


-6
2607:f0d0:1002:51::4 scanning

nmap help
-h nmap -h
screen

Other Useful Nmap Commands


COMMAND DESCRIPTION

nmap -iR 10 -PS22-


Discovery only on ports x, no
25,80,113,1050,35000
port scan
-v -sn

nmap 192.168.1.1- Arp discovery only on local


1/24 -PR -sn -vv network, no port scan

nmap -iR 10 -sn - Traceroute to random


traceroute targets, no port scan

nmap 192.168.1.1-50
Query the Internal DNS for
-sL -dns-server
hosts, list targets only
192.168.1.1

Show the details of the


nmap 192.168.1.1 -- packets that are sent and
packet-trace received during a scan and
capture the traffic.

You are only doing yourself a disservice by failing


to learn and utilize all of Nmap’s features. It is the

https://www.stationx.net/nmap-cheat-sheet/ 17
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
first go-to tool you will use in the scanning and
enumeration stage of many assessments, setting
the foundation for the rest of your pentest.

Keep a copy of this Nmap cheat sheet to refer back


to, and consider our Complete Nmap Ethical
Hacking Course. It, and many other ethical hacking
courses, are available in our VIP Member’s Section.

Frequently Asked Questions

What is Nmap, and why is it used?

Nmap is a free network scanning tool used to


discover hosts and services on a network by
analyzing responses to various packets and
requests.

What is the Nmap command used for?

Is Nmap scanning legal?

What can we hack with Nmap?

How do I scan an IP with Nmap?

Is it OK to Nmap Google?

Do firewalls block Nmap?

Is Nmap a vulnerability?

https://www.stationx.net/nmap-cheat-sheet/ 18
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Can Nmap bypass a firewall?

Can Nmap hack WiFi?

Can Nmap crack passwords?

How do I read Nmap results?

https://www.stationx.net/nmap-cheat-sheet/ 19
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Level Up in Cyber
Security: Join Our
Membership Today!

FIND OUT MORE

https://www.stationx.net/nmap-cheat-sheet/ 20
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Nathan House
Nathan House is the founder and CEO of StationX. He
has over 25 years of experience in cyber security, where
he has advised some of the largest companies in the
world. Nathan is the author of the popular "The Complete
Cyber Security Course", which has been taken by over
half a million students in 195 countries. He is the winner
of the AI "Cyber Security Educator of the Year 2020"
award and finalist for Influencer of the year 2022.

Related Articles

Linux Command Line Cheat Sheet:


All the Commands You Need
Read More »

https://www.stationx.net/nmap-cheat-sheet/ 21
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Social Engineering Example


Read More »

Top 10 jobs you can hire a black


hat hacker to do!
Read More »

The Best Hacker Movies to Watch:


From Algorithm to Zero Days
https://www.stationx.net/nmap-cheat-sheet/ 22
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
From Algorithm to Zero Days
Read More »

93 comments
Oldest comments first

Enter your comment...

Comment as a guest:

Name

Email (not displayed publicly)

Save the details above in this browser for the next time I comment

Submit comment

Milton

July 20, 2017

Thanks a lot for the information. it is very useful.


https://www.stationx.net/nmap-cheat-sheet/ 23
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
Thanks a lot for the information. it is very useful.

Reply to Milton

Jimmy Toriola

July 20, 2017

That will be a helpful tipsheet. Thank you so much. I

can learn more about it. looking forward to the


hacking course from you.

Reply to Jimmy Toriola

Eddie
July 21, 2017

Looking forward to it. I use nmap most days but only


use a limited number of switches.

https://www.stationx.net/nmap-cheat-sheet/ 24
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Reply to Eddie

Oliver Suzuki
July 21, 2017

Keep the good hands-on stuff coming

Reply to Oliver Suzuki

Fran

July 21, 2017

Thank you very much in deed, very useful, I will buy


your course on nmap, I want to insist about a
Firewall course there aren’t around, I guess it is a
good investment for you, I bought already all your
courses and they are the best! Please keep going!

Reply to Fran
https://www.stationx.net/nmap-cheat-sheet/ 25
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Celestino J
July 24, 2017

Great news.
In expectation of this course.
As usual ,
Thanks for what you doing.

Reply to Celestino J

Marious
October 18, 2017

I think this is very Useful,Thank you soo much.Am


enjoying the training and practice.

Reply to Marious

https://www.stationx.net/nmap-cheat-sheet/ 26
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Arthur

November 2, 2017

Love it. Thank you Nathan!

14

Reply to Arthur

nathan
April 26, 2022

your welcome

Reply to nathan

Horacio Castellini
December 1, 2017

Muchas gracias ,,, me fue de utilidad,,,

2
https://www.stationx.net/nmap-cheat-sheet/ 27
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
2

Reply to Horacio Castellini

krishna
December 11, 2017

How to test .net Web services using ZenMap

Reply to krishna

Nathan House

December 11, 2017

You will need to expand on this question as I’m not


clear what you are asking?

Reply to Nathan House

https://www.stationx.net/nmap-cheat-sheet/ 28
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Abdulrahman Mogram
December 31, 2017

Thank you for sharing this information!

Reply to Abdulrahman Mogram

reike
January 10, 2018

Thank you for this cheatsheet.


I think there is a mistake concerning the -sS switch. It
is not the default one.
Normally, -sT is the default one and -sS needs root
privileges.

Reply to reike

Nathan House
https://www.stationx.net/nmap-cheat-sheet/ 29
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

January 10, 2018

Default with root. I assume you are running as root!

Reply to Nathan House

sudo

January 13, 2018

Hi

This is very helpful. Thanks a lot!

Reply to sudo

Suraj

July 21, 2018

Sir this is very helpfull and very important for


https://www.stationx.net/nmap-cheat-sheet/ 30
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
Sir this is very helpfull and very important for
firewall point of view,
But what about port knock if a system or server is
using port knock to active its any port for a client.
Any method by nmap that can bypass port knock.

Thank you

Reply to Suraj

Nathan House

July 23, 2018

The basic port knocking method uses a fixed


sequence of ports. This method is not protected
cryptographically so there are the following attacks
possible:

brute-force — If you use the full range of possible


ports 1—65535 then even very short knocking
sequences give impressive number of combinations
to test. For example for 3 knocks with randomly
generated sequence it is 65535³ ≈ 2.8×10¹⁴. Another
aspect to consider is that the port which will open
after the knocking could be unknown so the attacker
would have to repeatedly scan the ports during the
https://www.stationx.net/nmap-cheat-sheet/ 31
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
would have to repeatedly scan the ports during the
port knocking attempts. — The number of
combinations to try can be lowered if some
information about the ports being used is known (for
example a subset of ports) or if there is a successful
random number generator attack.
Measure against such attacks except securing the
mentioned possible vulnerabilities could be
disabling of the access from the attacker source IP
address after certain number of unsuccessful
attempts during certain time period. Unfortunately
this makes the system vulnerable to DoS attacks by
attacker locking your access by using your IP
address as a spoofed source address.
sniffing — The port knocking sequence is not
protected cryptographically so an attacker can sniff
the successful port knocking sequence. The port
knocking sequence could also leak from logs of the
destination system itself of from a network
monitoring system.
Measure against this attack is use of one-time
knocking sequences (analogy of one-time
passwords). The one-time sequence could be a hash
computed from a secret and some of the following:
source IP address, time, event counter etc.
man in the middle — Captured one-time knocking
sequences cannot be reused but a port-knocking
access can be exploited by a man-in-the-middle
attack. The attacker in the path of your
communication (possibly redirected) can relay your
successful communication, see and modify anything.
https://www.stationx.net/nmap-cheat-sheet/ 32
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
successful communication, see and modify anything.
The port-knocking itself is performed by one-way
communication as such it cannot be protected
against MITM. Also the communication following
the port knocking must be secured against MITM to
retain the security. To ensure this we can use
standard encrypted protocols like SSL or SSH.

Reply to Nathan House

Manik
August 1, 2018

Great stuff!

Can you please help me understand the main


difference between
nmap 192.168.1.1 -O and nmap 192.168.1.1 -A

Reply to Manik

https://www.stationx.net/nmap-cheat-sheet/ 33
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Nathan House

August 4, 2018

nmap 192.168.1.1 -O = Remote OS detection using


TCP/IP stack fingerprinting

nmap 192.168.1.1 -A = Enables OS detection PLUS


– version detection, script scanning, and traceroute

So -O is only OS detection, -A is OS detection


PLUS – version detection, script scanning, and
traceroute

Reply to Nathan House

DEM
September 1, 2018

Thanks Man , That’s Help me a lot .


i wanna ask , what is the main different between -sn
AND -Pn ;
what is the network discovery do exactly and port
scan !!

2
https://www.stationx.net/nmap-cheat-sheet/ 34
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
2

Reply to DEM

Nathan House

September 1, 2018

-sn just finds hosts that are up. No port scan. -Pn is
the opposite. No host discovery. Port scan if it
appears up or not.

Reply to Nathan House

Aetos
September 24, 2021

Pn is for no ping
command which dosen’t TCP handshake

Reply to Aetos

https://www.stationx.net/nmap-cheat-sheet/ 35
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

tad

September 2, 2018

hi sir ,
i just wanna know , is there any benefit for this -sL
option ? and when do i use -P0 ?

Reply to tad

Nathan House

September 2, 2018

-sL does no scan and just lists targets only to be


scanned.
The list scan is a degenerate form of host discovery
that simply lists each host of the network(s)
specified, without sending any packets to the target
hosts. By default, Nmap still does reverse-DNS
resolution on the hosts to learn their names. It is
often surprising how much useful information
https://www.stationx.net/nmap-cheat-sheet/ 36
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
simple hostnames give out. For example, fw.chi is
the name of one company’s Chicago firewall. Nmap
also reports the total number of IP addresses at the
end. The list scan is a good sanity check to ensure
that you have proper IP addresses for your targets. If
the hosts sport domain names you do not recognize,
it is worth investigating further to prevent scanning
the wrong company’s network. Since the idea is to
simply print a list of target hosts, options for higher
level functionality such as port scanning, OS
detection, or ping scanning cannot be combined with
this. If you wish to disable ping scanning while still
performing such higher level functionality, read up

on the -Pn (skip ping) option.

-PO (IP Protocol Ping)


One of the newer host discovery options is the IP
protocol ping, which sends IP packets with the
specified protocol number set in their IP header. The
protocol list takes the same format as do port lists in
the previously discussed TCP, UDP and SCTP host
discovery options. If no protocols are specified, the
default is to send multiple IP packets for ICMP
(protocol 1), IGMP (protocol 2), and IP-in-IP
(protocol 4). The default protocols can be configured
at compile-time by
changingDEFAULT_PROTO_PROBE_PORT_SPE
C in nmap.h. Note that for the ICMP, IGMP, TCP
(protocol 6), UDP (protocol 17) and SCTP (protocol
132), the packets are sent with the proper protocol
https://www.stationx.net/nmap-cheat-sheet/ 37
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

headers while other protocols are sent with no


additional data beyond the IP header (unless any of –
data, –data-string, or –data-length options are
specified). This host discovery method looks for
either responses using the same protocol as a probe,
or ICMP protocol unreachable messages which
signify that the given protocol isn’t supported on the
destination host. Either type of response signifies
that the target host is alive.

Reply to Nathan House

tad

September 3, 2018

Yea i read this , but i dont get it , in short words


give me what is -P0 used for ??

Reply to tad

Nathan House
https://www.stationx.net/nmap-cheat-sheet/ 38
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
Nathan House

September 3, 2018

Do you know what IP protocols are? like 1 ICMP


Internet Control Message Protocol RFC 792, 2
IGMP Internet Group Management Protocol RFC
1112.

It sends IP packets with the specified protocol


number set in the IP header. It’s an alternative
discovery method.

Reply to Nathan House

UJJWAL
July 2, 2019

I AM YOUR BIG FAN SIR..LOVE U

Reply to UJJWAL

https://www.stationx.net/nmap-cheat-sheet/ 39
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Leslie
September 10, 2021

What would you recommend I study to understand


IP Protocols, Packets etc.

Reply to Leslie

Count

October 20, 2018

Great! I was just wondering “gosh, if there could be a


pdf version and – woah, there is”

Reply to Count

https://www.stationx.net/nmap-cheat-sheet/ 40
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45

Nathan House

October 20, 2018

Gald to help!

Reply to Nathan House

Gul Mohhammad Jin


October 25, 2018

sirr i need your help


i thing u help mee

Reply to Gul Mohhammad Jin

Nathan House

October 25, 2018

https://www.stationx.net/nmap-cheat-sheet/ 41
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
How can I help?

Reply to Nathan House

Wangol Joel
June 16, 2019

Very good article

Reply to Wangol Joel

Load more comments

Add your comment...

INFO

Affiliates

Legal Notices

https://www.stationx.net/nmap-cheat-sheet/ 42
Nmap Cheat Sheet 2024: All the Commands, Flags & Switches 12/14/23 00:45
Privacy Policy

Site Map

Careers

SECURITY ASSESSMENT

Penetration Testing

Vulnerability Scanning

Build Reviews

Source Code Review

Social Engineering

CONSULTING

Audit & Compliance

Incident Response

Security Architecture

Risk Assessment

Security Training

COPYRIGHT © 2023 STATIONX LTD. ALL RIGHTS RESERVED.


Nathan House

https://www.stationx.net/nmap-cheat-sheet/ 43

You might also like