Nmap

From HackOps
Revision as of 15:37, 12 May 2025 by Vegard (talk | contribs) (Undo revision 35 by Vegard (talk))
Jump to navigation Jump to search

Nmap

Nmap (Network Mapper) is an open‑source utility for network discovery, security auditing, and host fingerprinting. It is one of the most widely used tools in active reconnaissance, offering port scanning, OS detection, service versioning, and a powerful scripting interface (Nmap Scripting Engine – NSE).

Common Options

Scan Types

Option Description
-sS TCP SYN scan (stealth mode)
-sT TCP connect scan (full handshake)
-sU Scan UDP ports
-sP Ping scan to discover live hosts (alias for -sn)
-sL List targets without scanning

Host Discovery & Targeting

Option Description
-Pn Treat all hosts as online (skip ping)
-p [PORT] Specify port(s) to scan
-iL [FILE] Input list of hosts from file
-6 Use IPv6 addresses
-n Do not resolve hostnames (skip DNS resolution)
--exclude [HOST] Exclude specific host(s) from the scan
--excludefile [FILE] Exclude hosts listed in a file


Detection & Enumeration

Option Description
-sV Detect service versions
-O Enable OS detection
-A Aggressive scan: OS detection, version, script scan, traceroute
--script [NAME] Run specific NSE script(s)
--version-all Try every version detection method (used with -sV)
--osscan-guess Guess OS more aggressively when uncertain

Performance & Output

Option Description
-T[0‒5] Timing template (T0 = slow, T5 = fast)
-d Enable debugging output
-oN [FILE] Save output in normal format
-oX [FILE] Save output in XML format
-v Increase verbosity (can be stacked: -vv, -vvv)
--reason Show the reason each port is in its state (e.g. response flags)
--open Show only open (or relevant) ports

Examples

SYN Scan

nmap -sS 192.168.1.1

↑ Options

TCP Connect Scan

nmap -sT 192.168.1.1

↑ Options

UDP Scan

nmap -sU 192.168.1.1

↑ Options

Ping Scan

nmap -sP 192.168.1.0/24

↑ Options

Skip Host Discovery

nmap -Pn 192.168.1.100

↑ Options

Scan Specific Ports

nmap -p 22,80 192.168.1.1

↑ Options

Aggressive Scan

nmap -A 10.0.0.1

↑ Options

OS Detection Only

nmap -O 10.0.0.1

↑ Options

Fast Timing Template

nmap -T5 example.com

↑ Options

Run NSE Script

nmap --script default example.com

↑ Options

Scan From File

nmap -iL targets.txt

↑ Options

Save Output (Normal)

nmap -oN output.txt 192.168.1.1

↑ Options

Save Output (XML)

nmap -oX output.xml 192.168.1.1

↑ Options

List Targets Only

nmap -sL 192.168.1.0/30

↑ Options

Debug Mode

nmap -d 192.168.1.1

↑ Options

See Also

Retrieved from "https://hackops.wiki/index.php?title=Nmap&oldid=36"