Nmap
Nmap (Network Mapper) is an open‑source utility for network discovery, security auditing, and host fingerprinting.
It is one of the most widely used tools in active reconnaissance, offering port scanning, OS detection, service versioning, and a powerful scripting interface (Nmap Scripting Engine – NSE).
Common Options
Scan Types
| Option |
Description
|
-sS |
TCP SYN scan (stealth mode)
|
-sT |
TCP connect scan (full handshake)
|
-sU |
Scan UDP ports
|
-sP |
Ping scan to discover live hosts (alias for -sn)
|
-sL |
List targets without scanning
|
Host Discovery & Targeting
| Option |
Description
|
-Pn |
Treat all hosts as online (skip ping)
|
-p [PORT] |
Specify port(s) to scan
|
-iL [FILE] |
Input list of hosts from file
|
-6 |
Use IPv6 addresses
|
Detection & Enumeration
| Option |
Description
|
-sV |
Detect service versions
|
-O |
Enable OS detection
|
-A |
Aggressive scan: OS detection, version, script scan, traceroute
|
--script [NAME] |
Run specific NSE script(s)
|
Performance & Output
| Option |
Description
|
-T[0‒5] |
Timing template (T0 = slow, T5 = fast)
|
-d |
Enable debugging output
|
-oN [FILE] |
Save output in normal format
|
-oX [FILE] |
Save output in XML format
|
Examples
SYN Scan
↑ Options
TCP Connect Scan
↑ Options
UDP Scan
↑ Options
Ping Scan
↑ Options
Skip Host Discovery
↑ Options
Scan Specific Ports
nmap -p 22,80 192.168.1.1
↑ Options
Aggressive Scan
↑ Options
OS Detection Only
↑ Options
Fast Timing Template
↑ Options
Run NSE Script
nmap --script default example.com
↑ Options
Scan From File
↑ Options
Save Output (Normal)
nmap -oN output.txt 192.168.1.1
↑ Options
Save Output (XML)
nmap -oX output.xml 192.168.1.1
↑ Options
List Targets Only
↑ Options
Debug Mode
↑ Options
See Also