Master Cheatsheet
nmap quick commands
shell
# simple full TCP port scan with version detection
nmap -sSV -p- -oA <output_file> <target>
# nmap with scripts, version detection and all ports saved to file
nmap -sC -sV -p- -oA <output_file> <target>
# aggressive scan that performs service detection, OS detection, traceroute
# and default scripts. better to use against specific ports
nmap -A -p<port> <target>
# nmap scan IP range and print just online IPs (ICMP / ARP scan)
sudo nmap 10.129.2.0/24 -sn -oA tnet | grep for | cut -d" " -f5
# ICMP echo only, with packet trace (TTL can assist in identifying OS)
nmap 10.129.2.18 -sn -oA host -PE --packet-trace --disable-arp-ping
# TCP, UDP, with version detection (CAN BE VERY SLOW, NARROWING DOWN PORTS PREFERRED)
nmap -sSUV -p<ports> <target>
# search for specific scripts
nmap --script-help <keyword|category>
# alternate method of searching for scripts
find / -type f -name ftp* 2>/dev/null | grep scripts
# run a certain category of scripts, like vuln
nmap <target> --script vuln
# run multiple specific scripts
nmap <target> --script banner,smtp-commands
# run specific scripts in a category
nmap <target> --script "discovery and http-*"
No snippets match your search.