N Map Cheat Sheet For Beginners, Study Guides, Projects, Research of Computer Security

This is best for beginners and N Map Cheat Sheet For Beginners

Typology: Study Guides, Projects, Research

2025/2026

Uploaded on 12/09/2025

xavia-vicente
xavia-vicente 🇮🇳

2 documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Switch Example Description
-sL nmap 192.168.1.1-3 -sL No Scan. List targets only
-sn nmap 192.168.1.1/24 -sn Disable port scanning
-Pn nmap 192.168.1.1-5 -Pn Disable host discovery. Port scan only
-PS nmap 192.168.1.1-5 -PS22-25,80 TCP SYN discovery on port x. Port 80 by default
-PA nmap 192.168.1.1-5 -PA22-25,80 TCP ACK discovery on port x. Port 80 by default
-PU nmap 192.168.1.1-5 -PU53 UDP discovery on port x. Port 40125 by default
-PR nmap 192.168.1.1-1/24 -PR ARP discovery on local network
-n nmap 192.168.1.1 -n Never do DNS resolution
Host Discovery
Nmap Cheat Sheet
Switch Example Description
nmap 192.168.1.1 Scan a single IP
nmap 192.168.1.1 192.168.2.1 Scan specific IPs
nmap 192.168.1.1-254 Scan a range
nmap scanme.nmap.org Scan a domain
nmap 192.168.1.0/24 Scan using CIDR notation
-iL nmap -iL targets.txt Scan targets from a file
-iR nmap -iR 100 Scan 100 random hosts
--exclude nmap --exclude 192.168.1.1 Exclude listed hosts
Target Specification Scan Techniques
Switch Example Description
-sS nmap 192.168.1.1 -sS TCP SYN port scan (Default)
-sT nmap 192.168.1.1 -sT TCP connect port scan
(Default without root privilege)
-sU nmap 192.168.1.1 -sU UDP port scan
-sA nmap 192.168.1.1 -sA TCP ACK port scan
-sW nmap 192.168.1.1 -sW TCP Window port scan
-sM nmap 192.168.1.1 -sM TCP Maimon port scan
Switch Example Description
-p nmap 192.168.1.1 -p 21 Port scan for port x
-p nmap 192.168.1.1 -p 21-100 Port range
-p nmap 192.168.1.1 -p U:53,T:21-25,80 Port scan multiple TCP and UDP ports
-p- nmap 192.168.1.1 -p- Port scan all ports
-p nmap 192.168.1.1 -p http,https Port scan from service name
-F nmap 192.168.1.1 -F Fast port scan (100 ports)
--top-ports nmap 192.168.1.1 --top-ports 2000 Port scan the top x ports
-p-65535 nmap 192.168.1.1 -p-65535 Leaving off initial port in range makes the scan start at port 1
-p0- nmap 192.168.1.1 -p0- Leaving off end port in range makes the scan go through to port 65535
Port Specification
www.stationx.net/nmap-cheat-sheet/
1
pf3
pf4
pf5

Partial preview of the text

Download N Map Cheat Sheet For Beginners and more Study Guides, Projects, Research Computer Security in PDF only on Docsity!

Switch Example Description -sL nmap 192.168.1.1-3 -sL No Scan. List targets only -sn nmap 192.168.1.1/24 -sn Disable port scanning -Pn nmap 192.168.1.1-5 -Pn Disable host discovery. Port scan only -PS nmap 192.168.1.1-5 -PS22-25,80 TCP SYN discovery on port x. Port 80 by default -PA nmap 192.168.1.1-5 -PA22-25,80 TCP ACK discovery on port x. Port 80 by default -PU nmap 192.168.1.1-5 -PU53 UDP discovery on port x. Port 40125 by default -PR nmap 192.168.1.1-1/24 -PR ARP discovery on local network -n nmap 192.168.1.1 -n Never do DNS resolution

Host Discovery

Nmap Cheat Sheet

Switch Example Description nmap 192.168.1.1 Scan a single IP nmap 192.168.1.1 192.168.2.1 Scan specific IPs nmap 192.168.1.1-254 Scan a range nmap scanme.nmap.org Scan a domain nmap 192.168.1.0/24 Scan using CIDR notation -iL nmap -iL targets.txt Scan targets from a file -iR nmap -iR 100 Scan 100 random hosts --exclude nmap --exclude 192.168.1.1 Exclude listed hosts

Target Specification Scan Techniques

Switch Example Description -sS nmap 192.168.1.1 -sS TCP SYN port scan (Default) -sT nmap 192.168.1.1 -sT TCP connect port scan (Default without root privilege) -sU nmap 192.168.1.1 -sU UDP port scan -sA nmap 192.168.1.1 -sA TCP ACK port scan -sW nmap 192.168.1.1 -sW TCP Window port scan -sM nmap 192.168.1.1 -sM TCP Maimon port scan

Switch Example Description -p nmap 192.168.1.1 -p 21 Port scan for port x -p nmap 192.168.1.1 -p 21-100 Port range -p nmap 192.168.1.1 -p U:53,T:21-25,80 Port scan multiple TCP and UDP ports -p- nmap 192.168.1.1 -p- Port scan all ports -p nmap 192.168.1.1 -p http,https Port scan from service name -F nmap 192.168.1.1 -F Fast port scan (100 ports) --top-ports nmap 192.168.1.1 --top-ports 2000 Port scan the top x ports -p-65535 nmap 192.168.1.1 -p-65535 Leaving off initial port in range makes the scan start at port 1 -p0- nmap 192.168.1.1 -p0- Leaving off end port in range makes the scan go through to port 65535

Port Specification

www.stationx.net/nmap-cheat-sheet/

Timing and Performance

Switch Example Description -T0 nmap 192.168.1.1 -T0 Paranoid (0) Intrusion Detection System evasion -T1 nmap 192.168.1.1 -T1 Sneaky (1) Intrusion Detection System evasion -T2 nmap 192.168.1.1 -T2 Polite (2) slows down the scan to use less bandwidth and use less target machine resources -T3 nmap 192.168.1.1 -T3 Normal (3) which is default speed -T4 nmap 192.168.1.1 -T4 Aggressive (4) speeds scans; assumes you are on a reasonably fast and reliable network -T5 nmap 192.168.1.1 -T5 Insane (5) speeds scan; assumes you are on an extraordinarily fast network

Switch Example input Description --host-timeout

Switch Example Description -sV nmap 192.168.1.1 -sV Attempts to determine the version of the service running on port -sV --version-intensity nmap 192.168.1.1 -sV --version-intensity 8 Intensity level 0 to 9. Higher number increases possibility of correctness -sV --version-light nmap 192.168.1.1 -sV --version-light Enable light mode. Lower possibility of correctness. Faster -sV --version-all nmap 192.168.1.1 -sV --version-all Enable intensity level 9. Higher possibility of correctness. Slower -A nmap 192.168.1.1 -A Enables OS detection, version detection, script scanning, and traceroute

Service and Version Detection

OS Detection

www.stationx.net/nmap-cheat-sheet/

Switch Example Description -O nmap 192.168.1.1 -O Remote OS detection using TCP/IP stack fingerprinting -O --osscan-limit nmap 192.168.1.1 -O --osscan-limit If at least one open and one closed TCP port are not found it will not try OS detection against host -O --osscan-guess nmap 192.168.1.1 -O --osscan-guess Makes Nmap guess more aggressively -O --max-os-tries nmap 192.168.1.1 -O --max-os-tries 1 Set the maximum number x of OS detection tries against a target -A nmap 192.168.1.1 -A Enables OS detection, version detection, script scanning, and traceroute

Command Description nmap -iR 10 -PS22-25,80,113,1050,35000 -v -sn Discovery only on ports x, no port scan nmap 192.168.1.1-1/24 -PR -sn -vv Arp discovery only on local network, no port scan nmap -iR 10 -sn -traceroute Traceroute to random targets, no port scan nmap 192.168.1.1-50 -sL --dns-server 192.168.1.1 Query the Internal DNS for hosts, list targets only

Switch Example Description -oN nmap 192.168.1.1 -oN normal.file Normal output to the file normal.file -oX nmap 192.168.1.1 -oX xml.file XML output to the file xml.file -oG nmap 192.168.1.1 -oG grep.file Grepable output to the file grep.file -oA nmap 192.168.1.1 -oA results Output in the three major formats at once -oG - nmap 192.168.1.1 -oG - Grepable output to screen. -oN -, -oX - also usable --append-output nmap 192.168.1.1 -oN file.file --append-output Append a scan to a previous scan file -v nmap 192.168.1.1 -v Increase the verbosity level (use -vv or more for greater effect) -d nmap 192.168.1.1 -d Increase debugging level (use -dd or more for greater effect) --reason nmap 192.168.1.1 --reason Display the reason a port is in a particular state, same output as -vv --open nmap 192.168.1.1 --open Only show open (or possibly open) ports --packet-trace nmap 192.168.1.1 -T4 --packet-trace Show all packets sent and received --iflist nmap --iflist Shows the host interfaces and routes --resume nmap --resume results.file Resume a scan

Helpful Nmap Output examples Command Description nmap -p80 -sV -oG - --open 192.168.1.1/24 | grep open Scan for web servers and grep to show which IPs are running web servers nmap -iR 10 -n -oX out.xml | grep "Nmap" | cut -d " " -f5 > live-hosts.txt Generate a list of the IPs of live hosts nmap -iR 10 -n -oX out2.xml | grep "Nmap" | cut -d " " -f5 >> live-hosts.txt Append IP to the list of live hosts ndiff scanl.xml scan2.xml Compare output from nmap using the ndiff xsltproc nmap.xml -o nmap.html Convert nmap xml files to html files grep " open " results.nmap | sed -r 's/ +/ /g' | sort | uniq -c | sort -rn | less Reverse sorted list of how oen ports turn up

Switch Example Description -6 nmap -6 2607:f0d0:1002:51::4 Enable IPv6 scanning -h nmap -h nmap help screen

Output

Miscellaneous Options

Other Useful Nmap Commands

www.stationx.net/nmap-cheat-sheet/

www.stationx.net/nmap-cheat-sheet/

Identifying Open Ports with Nmap

TCP SYN SCAN (-sS) TCP connect() SCAN (-sT) TCP FIN SCAN (-sF)

TCP XMAS TREE SCAN (-sX) TCP NULL SCAN (-sN)^ TCP PING SCAN (-sP)

VERSION DETECTION SCAN (-sV) UDP SCAN (-sU) IP PROTOCOL SCAN (-sO)

TCP ACK SCAN (-sA) TCP WINDOW SCAN (-sW)

Version scan identifies open pots with a TCP SYN scan…

…and then queries the port with a customized signature.