cheat/cheatsheets/nmap

# Single target scan:
nmap [target]

# Scan from a list of targets:
nmap -iL [list.txt]

# iPv6:
nmap -6 [target]

# OS detection:
nmap -O [target]

# Save output to text file:
nmap -oN [output.txt] [target]

# Save output to xml file:
nmap -oX [output.xml] [target]

# Scan a specific port:
nmap -source-port [port] [target]

# Do an aggressive scan:
nmap -A [target]

# Traceroute:
nmap -traceroute [target]

# Ping scan only: -sP
# Don't ping:     -PN
# TCP SYN ping:   -PS
# TCP ACK ping:   -PA
# UDP ping:       -PU
# ARP ping:       -PR

# Example: Ping scan all machines on a class C network
nmap -sP 192.168.0.0/24*

# Use some script:
nmap --script default,safe

# Loads the script in the default category, the banner script, and all .nse files in the directory /home/user/customscripts.
nmap --script default,banner,/home/user/customscripts

# Loads all scripts whose name starts with http-, such as http-auth and http-open-proxy.
nmap --script 'http-*'

# Loads every script except for those in the intrusive category.
nmap --script "not intrusive"

# Loads those scripts that are in both the default and safe categories.
nmap --script "default and safe"

# Loads scripts in the default, safe, or intrusive categories, except for those whose names start with http-.
nmap --script "(default or safe or intrusive) and not http-*"
Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# Single target scan:`
Added nmap support 2013-08-14 07:41:17 +02:00			`nmap [target]`

Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# Scan from a list of targets:`
Added nmap support 2013-08-14 07:41:17 +02:00			`nmap -iL [list.txt]`

Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# iPv6:`
Added nmap support 2013-08-14 07:41:17 +02:00			`nmap -6 [target]`

Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# OS detection:`
Added nmap support 2013-08-14 07:41:17 +02:00			`nmap -O [target]`

Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# Save output to text file:`
Added nmap support 2013-08-14 07:41:17 +02:00			`nmap -oN [output.txt] [target]`

Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# Save output to xml file:`
Added nmap support 2013-08-14 07:41:17 +02:00			`nmap -oX [output.xml] [target]`

Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# Scan a specific port:`
Added nmap support 2013-08-14 07:41:17 +02:00			`nmap -source-port [port] [target]`

Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# Do an aggressive scan:`
Added nmap support 2013-08-14 07:41:17 +02:00			`nmap -A [target]`

Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# Traceroute:`
Added nmap support 2013-08-14 07:41:17 +02:00			`nmap -traceroute [target]`

Explicitly mark comment lines in builtin sheets. 2013-08-22 03:34:11 +02:00			`# Ping scan only: -sP`
			`# Don't ping: -PN`
			`# TCP SYN ping: -PS`
			`# TCP ACK ping: -PA`
			`# UDP ping: -PU`
			`# ARP ping: -PR`
Add cheatsheets 2013-10-09 00:16:31 +02:00
			`# Example: Ping scan all machines on a class C network`
[NMAP] Update nmap 2014-04-01 19:18:19 +02:00			`nmap -sP 192.168.0.0/24*`

			`# Use some script:`
			`nmap --script default,safe`

			`# Loads the script in the default category, the banner script, and all .nse files in the directory /home/user/customscripts.`
			`nmap --script default,banner,/home/user/customscripts`

			`# Loads all scripts whose name starts with http-, such as http-auth and http-open-proxy.`
			`nmap --script 'http-*'`

			`# Loads every script except for those in the intrusive category.`
			`nmap --script "not intrusive"`

			`# Loads those scripts that are in both the default and safe categories.`
			`nmap --script "default and safe"`

			`# Loads scripts in the default, safe, or intrusive categories, except for those whose names start with http-.`
			`nmap --script "(default or safe or intrusive) and not http-*"`