Nmap Cheat Sheet

All essential Nmap commands for network scanning & security testing

Master basic scans first, then move to advanced techniques! 🚀

1. Basic Nmap Scans

Scan a Single IP
nmap 192.168.1.1
Scan an Entire Network
nmap 192.168.1.0/24
Scan a Website (Domain Name)
nmap example.com

2. Port Scanning

Scan Specific Ports
nmap -p 22,80,443 192.168.1.1
Scan All 65535 Ports
nmap -p- 192.168.1.1

3. Service & OS Detection

Detect Running Services and Versions
nmap -sV 192.168.1.1
Detect Operating System
nmap -O 192.168.1.1
Aggressive Scan (OS, Services, Scripts)
nmap -A 192.168.1.1

4. Stealth Scanning

SYN Scan (Stealth Mode)
nmap -sS 192.168.1.1
Null Scan (Bypass Some Firewalls)
nmap -sN 192.168.1.1
FIN Scan (Stealthier than SYN)
nmap -sF 192.168.1.1

5. Vulnerability & Script Scanning

Scan for Vulnerabilities
nmap --script=vuln 192.168.1.1
Enumerate HTTP Services
nmap --script=http-enum example.com

6. Bypassing Firewalls & IDS

Fragment Packets to Bypass Firewalls
nmap -f 192.168.1.1
Set Custom MTU to Evade Detection
nmap --mtu 16 192.168.1.1
Use Decoy IPs to Confuse Firewalls
nmap -D RND:10 192.168.1.1

7. Output Options

Save Results in Normal Format
nmap -oN scan.txt 192.168.1.1
Save Results in XML Format
nmap -oX scan.xml 192.168.1.1
Save Results in Grepable Format
nmap -oG scan.gnmap 192.168.1.1
Save in All Formats
nmap -oA scan 192.168.1.1

8. Timing and Performance

Paranoid (Very Slow, IDS Evasion)
nmap -T0 192.168.1.1
Sneaky (Slow, IDS Evasion)
nmap -T1 192.168.1.1
Normal (Default)
nmap -T3 192.168.1.1
Aggressive (Faster)
nmap -T4 192.168.1.1
Insane (Very Fast, May Sacrifice Accuracy)
nmap -T5 192.168.1.1

9. Host Discovery Options

Ping Scan (No Port Scan)
nmap -sn 192.168.1.0/24
Skip Ping (Treat All Hosts as Online)
nmap -Pn 192.168.1.1
TCP SYN Ping on Ports 22 and 80
nmap -PS22,80 192.168.1.1
TCP ACK Ping on Ports 22 and 80
nmap -PA22,80 192.168.1.1
UDP Ping on Port 53
nmap -PU53 192.168.1.1

10. Common Command Combinations

Complete Scan for Security Assessment
nmap -sS -sV -sC -A -O -p- 192.168.1.1
Quick Vulnerability Scan
nmap -sV --script vuln 192.168.1.1
Low Profile Network Enumeration
nmap -sS -T2 -n 192.168.1.0/24

11. Best Practices

Important Guidelines
✅ Always scan legally with permission
✅ Use stealth options to avoid detection
✅ Analyze results carefully to find weak points
✅ Keep learning and experiment in a safe lab
✅ Start with basic scans, then advance
Share
Home Page
About Us
Blog
Library
Our Courses
Back