Popular Posts

Apr 2, 2024

nmap one liners and tricks

  nmap one liners and tricks


port scan against a target to discover open ports

      nmap 192.168.1.1 


scan multiple target hosts

      nmap 192.168.1.1 192.168.1.2


scan a range of IP addresses (1 to .10)

      nmap 192.168.1.1-10 


scan an entire subnet

      nmap 192.168.1.0/24


scan specific ports

      nmap -p 22,80,443 192.168.1.1 


detect operating system and version

      nmap -0 192.168.1.1 


detect service type/version for each open port

      nmap -sV 192.168.1.1 


aggressive scan (incl OS and service detection)

      nmap -A 192.168.11


check if the target is online without port scan

      nmap -sn 192.168.1.1 


scan without ping (useful if ICMP is blocked)

      nmap -Pn 192.168.1.1 


scan with UDP probes

      nmap -sU -p 53 192.168.1.1


increase debug level (-dd for greater effect)

      nmap -d 192.168.1.1


output to a file in XML format

      nmap -oX output.xml 192.168.1.1


run specific NSE scripts

      nmap --script=<nse-script> 192.168.1.1


find a list of NSE scripts to use with nmap

      ls /usr/share/nmap/scripts


scan with spoofed source IP address

      nmap -D <decoy-IP> 192.168.1.1 


scan with fragmented packets to evade IDS/IPS

      nmap -f 192.168.1.1 


exclude specific targets

      nmap 192.168.1.0/24 --exclude 192.168.1.10 


scan using a specific network interface

      nmap -e etho 192.168.1.1 


show all packets sent/received

      nmap -p 80-d -packet-trace 192.168.1.1


set timing for scanning (0 slowest; 5 fastest)

      nmap 192.168.1.1-T<0-5> 


scan using a list of hosts/networks found in a file

      nmap -iL targets.txt 


enable IPv6 scanning

      nmap -6 2605:0d0:1005:51:4 

Popular Posts