nmap - cheatsheet

Updated: 2023-12-31
2 min read
[Linux Network Scan]

Scanning Options

Nmap OptionDescription network range.
-snDisables port scanning.
-PnDisables ICMP Echo Requests
-nDisables DNS Resolution.
-PEPerforms the ping scan by using ICMP Echo Requests against the target.
--packet-traceShows all packets sent and received.
--reasonDisplays the reason for a specific result.
--disable-arp-pingDisables ARP Ping Requests.
--top-ports=<num>Scans the specified top ports that have been defined as most frequent.
-p-Scan all ports.
-p22-110Scan all ports between 22 and 110.
-p22,25Scans only the specified ports 22 and 25.
-FScans top 100 ports.
-sSPerforms an TCP SYN-Scan.
-sAPerforms an TCP ACK-Scan.
-sUPerforms an UDP Scan.
-sVScans the discovered services for their versions.
-sCPerform a Script Scan with scripts that are categorized as “default”.
--script <script>Performs a Script Scan by using the specified scripts.
-OPerforms an OS Detection Scan to determine the OS of the target.
-APerforms OS Detection, Service Detection, and traceroute scans.
-D RND:5Sets the number of random Decoys that will be used to scan the target.
-eSpecifies the network interface that is used for the scan.
-S the source IP address for the scan.
-gSpecifies the source port for the scan.
--dns-server <ns>DNS resolution is performed by using a specified name server.

Output Options

Nmap OptionDescription
-oA filenameStores the results in all available formats starting with the name of “filename”.
-oN filenameStores the results in normal format with the name “filename”.
-oG filenameStores the results in “grepable” format with the name of “filename”.
-oX filenameStores the results in XML format with the name of “filename”.

Performance Options

Nmap OptionDescription
--max-retries <num>Sets the number of retries for scans of specific ports.
--stats-every=5sDisplays scan’s status every 5 seconds.
-v/-vvDisplays verbose output during the scan.
--initial-rtt-timeout 50msSets the specified time value as initial RTT timeout.
--max-rtt-timeout 100msSets the specified time value as maximum RTT timeout.
--min-rate 300Sets the number of packets that will be sent simultaneously.
-T <0-5>Specifies the specific timing template.