Nmap cheat sheet

$ nmap <scan types> <options> <target>

-snDisables port scanning.

-oA tnetStores the results in all formats starting with the name ’tnet'.

-iLPerforms defined scans against targets in provided ‘hosts.lst’ list.

-PEPerforms the ping scan by using ‘ICMP Echo requests’ against the target.
–packet-traceShows all packets sent and received

--reasonDisplays the reason for specific result. --top-ports=10Scans the specified top ports that have been defined as most frequent.

-p 21Scans only the specified port.
–packet-traceShows all packets sent and received.
-nDisables DNS resolution.
–disable-arp-pingDisables ARP ping.

-PnDisables ICMP Echo requests.

-FScans top 100 ports.
-sUPerforms a UDP scan.

-sVPerforms a service scan.

xsltproc target.xml -o target.html

-p-Scans all ports.

--stats-every=5sShows the progress of the scan every 5 seconds.

--script banner,smtp-commandsUses specified NSE scripts.

-APerforms service detection, OS detection, traceroute and uses defaults scripts to scan the target.

-sVPerforms service version detection on specified ports.
–script vulnUses all related scripts from specified category.

-sS SYN scan

-sSPerforms SYN scan on specified ports.
-PnDisables ICMP Echo requests.
-nDisables DNS resolution.
–disable-arp-pingDisables ARP ping.
–packet-traceShows all packets sent and received.
-D RND:5Generates five random IP addresses that indicates the source IP the connection comes from.
-OPerforms operation system detection scan.
-SScans the target by using different source IP address. the source IP address.
-e tun0Sends all requests through the specified interface.