Nmap Cheat Sheet

Nmap Cheat Sheet ramhee

Master Nmap, the network mapper tool, with this comprehensive Nmap Cheat Sheet. From basic commands for beginners to advanced techniques for experts, this guide covers target specification, host discovery, scan techniques, and more to help you secure and analyze your network efficiently. Perfect for cybersecurity professionals, network administrators, and ethical hackers.

Begin your journey with the foundational building blocks of Nmap, exploring basic commands that lay the groundwork for more complex network analysis. This Nmap Cheat Sheet is crafted to ease beginners into the process of network mapping, ensuring a solid grasp of fundamental concepts and techniques.

Target Specification

Scan a single hostnmap [host]nmap scanme.nmap.org
Scan multiple IPs or subnetsnmap [targets]nmap
Input from list of hosts/networks-iL [inputfilename]nmap -iL targets.txt
Choose random targets-iR [num hosts]nmap -iR 100
Exclude specific hosts/networks–exclude [targets]nmap –exclude
Exclude hosts from a file–excludefile [file]nmap –excludefile exclude.txt

Host Discovery

List Scan – simply list targets to scan-sLnmap -sL
Ping Scan – disable port scan-snnmap -sn
Treat all hosts as online – skip discovery-Pnnmap -Pn
TCP SYN/ACK, UDP or SCTP discovery-PS/PA/PU/PY[portlist]nmap -PS22,80,443
ICMP echo, timestamp, and netmask request-PE/PP/PMnmap -PE
IP Protocol Ping-PO[protocol list]nmap -PO1

Scan Techniques

TCP SYN scan-sSnmap -sS
UDP Scan-sUnmap -sU
TCP Null, FIN, and Xmas scans-sN/sF/sXnmap -sN
Customize TCP scan flags–scanflags [flags]nmap –scanflags URGACKPSHRSTSYN
Idle scan-sI [zombie host[:probeport]]nmap -sI zombie.example.com
IP protocol scan-sOnmap -sO
FTP bounce scan-b [FTP relay host]nmap -b FTP.proxy.example.com

Port Specification and Scan Order

Only scan specified ports-p [port ranges]nmap -p 22,80,443
Fast mode – Scan fewer ports-Fnmap -F
Scan ports consecutively-rnmap -r
Scan <number> most common ports–top-ports [number]nmap –top-ports 10
Scan ports more common than <ratio>–port-ratio [ratio]nmap –port-ratio 0.1

Service/Version Detection

Probe open ports to determine service/info-sVnmap -sV
Set version detection intensity–version-intensity [level]nmap –version-intensity 9
Limit to most likely probes (intensity 2)–version-lightnmap –version-light
Try every single probe (intensity 9)–version-allnmap –version-all
Show detailed version scan activity–version-tracenmap –version-trace

Script Scan

Perform script scan (default scripts)-sCnmap -sC
Perform script scan (specific scripts)–script=[Lua scripts]nmap –script=http-enum
Provide arguments to scripts–script-args=[n1=v1,[n2=v2,…]]nmap –script-args user=guest,pass=guest
Show help about scripts–script-help=[Lua scripts]nmap –script-help smb*

OS Detection

Enable OS detection-Onmap -O
Limit OS detection to promising targets–osscan-limitnmap –osscan-limit
Guess OS more aggressively–osscan-guessnmap –osscan-guess

Timing and Performance

Set timing template (higher is faster)-T[0-5]nmap -T4
Adjust delay between probes–scan-delay/–max-scan-delay [time]nmap –scan-delay 0.1s
Send packets no slower than [number] per second–min-rate [number]nmap –min-rate 100
Send packets no faster than [number] per second–max-rate [number]nmap –max-rate 50

Firewall/IDS Evasion and Spoofing

Fragment packets-fnmap -f
Cloak a scan with decoys-D [decoy1,decoy2[,ME],…]nmap -D RND:10
Spoof source address-S [IP_Address]nmap -S
Use a specific interface-e [iface]nmap -e eth0
Spoof MAC address–spoof-mac [mac address]nmap –spoof-mac 00:11:22:33:44:55


Save output in normal format-oN [file]nmap -oN output.txt
Save output in XML format-oX [file]nmap -oX output.xml
Save output in s<rIpt kIddi3 format-oS [file]
Save output in grepable format-oG [file]nmap -oG output.txt
Save output in all formats at once-oA [basename]nmap -oA scan_output


Enable IPv6 scanning-6nmap -6 ipv6host.example.com
Enable aggressive scan options-Anmap -A
Print version number-Vnmap -V
Print help summary page-hnmap -h

Install Nmap to use the Nmap Cheat Sheet

If you want to install Nmap on Ubuntu Linux you can use the following command.

apt install nmap -y


Leave a Reply

Your email address will not be published. Required fields are marked *