{"id":13478,"date":"2022-01-12T22:47:50","date_gmt":"2022-01-12T22:47:50","guid":{"rendered":"https:\/\/www.securedyou.com\/?p=13478"},"modified":"2022-01-12T22:47:50","modified_gmt":"2022-01-12T22:47:50","slug":"nmap-commands-list-cheat-sheet","status":"publish","type":"post","link":"https:\/\/www.securedyou.com\/nmap-commands-list-cheat-sheet\/","title":{"rendered":"Nmap Cheat Sheet 2022 (PDF) – 100+ Nmap Commands List"},"content":{"rendered":"
<\/p>\n
Nmap stands for Network Mapper. It comes in free and is an open-source tool that is used for vulnerability scanning and network discovery. It is used by all the network administrators to identify which devices are running on the system, discover available hosts and services provided by them, find open ports as well as to detect security risks.<\/p>\n
It can also be used to monitor single hosts and vast networks which encompass many devices and multitudes of subsets.<\/p>\n
Over time it has evolved and is flexible but is a port-scan tool that is used to gather information by sending raw packets towards the system ports. It listens to all the responses sees whether the ports are open, closed, or filtered like a firewall. Port discovery or enumerations are other words that are used for port scanning.<\/p>\n
Recommended:<\/strong> Download Nmap for Windows 10 & 11.<\/a><\/p>\n <\/p>\n Packets that are sent out by Nmap return with IP addresses and other data thus allowing the user to identify different attributes of the network giving the user a profile or network map and allowing the creation of an inventory of the software and hardware.<\/p>\n Now, different protocols use different kinds of packet structures. It is used to employ transport layer protocols including TCP (Transmission Control Protocol), UDP (User Datagram Protocol), SCTP (Stream Control Transmission Protocol) and other supporting protocols like ICMP (Internet Control Message Transmission Protocol) which is used to send error messages.<\/p>\n Different protocols are used for various purposes and system ports like low resource overhead of UDP is good if you want real-time-streaming video but in this, some packets are lost in return for speed whereas non-real time streaming videos in Youtube is buffered and used much slower, albeit and reliable TCP.<\/p>\n Its fundamental port scanning and packet capture capabilities are being enhanced constantly.<\/p>\n <\/p>\n This one is quite famous as it is used to perform Nmap ping sweeps. Moreover, this is one of the easiest ways to detect hosts on any network.<\/p>\n Its only drawback is that at times it blocks IP-based ping packets so if you are not able to get solid results we suggest that you switch to ARP-based requests for the scan.<\/p>\n You need to simply replace IP for the host if you wish to scan hostname:<\/p>\n These kinds of scans are set perfect when you begin with Nmap.<\/p>\n It can be used to scan complete CIDR IP ranges such as:<\/p>\n This is used to scan consecutive 14 IP ranges starting from 8.8.8.1 to 8.8.8.14.<\/p>\n As an alternate the following kind of range can be used:<\/p>\n Wildcards can also be used to scan complete C class IP range like:<\/p>\n This shall scan 256 IP addresses ranging from 1.1.1.1 to 1.1.1.256<\/p>\n If you wish to exclude specific IPs from the IP range scan then use the \u201c-exclude\u201d option:<\/p>\n <\/p>\n By using \u201c-top-ports\u201d parameter with specified number one can scan top X most common ports for that particular host like:<\/p>\n Nmap \u2013top-ports 20 172.168.762<\/p>\n Now, we can replace \u201c20\u201d with the desired number, output example is shown below:<\/p>\n If you wish to speed up your scan then you can select disable reverse DNS resolution for all the scans, for this all you need to do is add \u201c-n\u201d parameter. This can also be achieved with Wireshark<\/a>.<\/p>\n For this you need to use \u2013sV parameters:<\/p>\n It is as followed:<\/p>\n In this we scanned all 65535 ports for the localhost system, this is able to scan all the possible ports but we can also able to scan particular ports which are reported to give out faster results such as:<\/p>\n For this the following syntax needs to be used:<\/p>\n Moreover, consecutive IP addresses can also be scanned:<\/p>\n This shall scan 1.1.1.1 , 1.1.1.2 , 1.1.1.3 and 1.1.1.4<\/p>\n ALSO CHECK:<\/strong> Download Nmap APK for Android 10, 11 and 12.<\/a><\/p>\n The best thing about this one is that it works both with TCP and UDP protocols. While many services run on TCP users can get a lot of benefits by scanning services based on UDP. Following are some examples:<\/p>\n Standard TCP scanning output:<\/p>\n UDP scanning results by using the \u201c-sU\u201d parameter<\/p>\n Below are the above commands and instructions saved in PDF file format.<\/p>\nHow Nmap Commands Work<\/strong><\/h2>\n
100+ Nmap Commands Cheat Sheet – Massive List<\/strong><\/h2>\n
Nmap Ping Scan<\/strong><\/h3>\n
Nmap \u2013sp \r\n<\/code><\/pre>\n
Basic Nmap Scan against IP or Host<\/strong><\/h3>\n
Nmap 8.8.8.8\r\n<\/code><\/pre>\n
Nmap securedyou.com\r\n<\/code><\/pre>\n
\n
Nmap 192.168.5.4\/24\r\n<\/code><\/pre>\n
Nmap 1.1.1.2-12\r\n<\/code><\/pre>\n
Nmap 1.1.1*\r\n<\/code><\/pre>\n
Nmap \u2013p 1.1.1.* --exclude 1.1.1.2\r\n<\/code><\/pre>\n
Scanning Most Popular Ports<\/strong><\/h3>\n
\r\nNmap \u2013top-ports 20 172.176.22.1\r\n\r\n[root@securedyoushaheer:~]nmap --top-ports 20 localhost\r\n\r\n21\/tcp - For ftp\r\n\r\n22\/tcp - For ssh\r\n\r\n23\/tcp - For telnet\r\n\r\n25\/tcp - For smtp\r\n\r\n53\/tcp - For domain\r\n\r\n80\/tcp - For http\r\n\r\n110\/tcp - For pop3\r\n\r\n111\/tcp - For rpcbind\r\n\r\n135\/tcp - For msrpc\r\n\r\n139\/tcp - For netbios-ssn\r\n\r\n143\/tcp - For imap\r\n\r\n443\/tcp - For https\r\n\r\n445\/tcp - For microsoft-ds\r\n\r\n993\/tcp - For imaps\r\n\r\n995\/tcp - For pop3s\r\n\r\n1723\/tcp - For pptp\r\n\r\n3306\/tcp - For mysql\r\n\r\n3389\/tcp - For ms-wbt-server\r\n\r\n5900\/tcp - For vnc\r\n\r\n8080\/tcp - For http-proxy\r\n<\/code><\/pre>\n
Disabling DNS Name Resolution<\/strong><\/h3>\n
[root@securedyoushaheer:~]nmap -p 80 -n 1.1.1.1\r\nNormal vs port based DNS scan, the difference is clear:\r\n[root@securitytrails:~]nmap -p 80 1.1.1.1\r\n<\/code><\/pre>\n
Detect Service\/Daemon Versions<\/strong><\/h3>\n
[root@securedyoushaheer:~]nmap \u2013sV localhost\r\n<\/code><\/pre>\n
Scan Specific Ports or Scan Entire port ranges on Local or Remote server<\/strong><\/h3>\n
Nmap \u2013p 1-5000 localhost\r\n<\/code><\/pre>\n
Nmap \u2013p 80,443 1.1.1.1\r\n<\/code><\/pre>\n
\n
Nmap 1.1.1.1 8.8.4.4\r\n<\/code><\/pre>\n
Nmap 8.8.8.8,2,4,7\r\n<\/code><\/pre>\n
Scan Using TCP or UDP Protocols<\/strong><\/h3>\n
[root@securedyoushaheer:~]nmap -sT 192.168.7.11\r\n<\/code><\/pre>\n
[root@securedyoushaheer:~]nmap -sU localhost\r\n<\/code><\/pre>\n
Nmap Cheat Sheet PDF Download<\/strong><\/h2>\n