Paceusa

Nmap Tool All Commands

Jan 25th, 2022 (edited)
872
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Nmap Tool All Commands Collection
  2. Basic Scanning Techniques
  3.  
  4. Scan a single target —> nmap [target]
  5.  
  6. Scan multiple targets —> nmap [target1,target2,etc]
  7.  
  8. Scan a list of targets —-> nmap -iL [list.txt]
  9.  
  10. Scan a range of hosts —-> nmap [range of IP addresses]
  11.  
  12. Scan an entire subnet —-> nmap [IP address/cdir]
  13.  
  14. Scan random hosts —-> nmap -iR [number]
  15.  
  16. Excluding targets from a scan —> nmap [targets] –exclude [targets]
  17.  
  18. Excluding targets using a list —> nmap [targets] –excludefile [list.txt]
  19.  
  20. Perform an aggressive scan —> nmap -A [target]
  21.  
  22. Scan an IPv6 target —> nmap -6 [target]
  23.  
  24. Discovery Options
  25.  
  26. Perform a ping scan only —> nmap -sP [target]
  27.  
  28. Don’t ping —> nmap -PN [target]
  29.  
  30. TCP SYN Ping —> nmap -PS [target]
  31.  
  32. TCP ACK ping —-> nmap -PA [target]
  33.  
  34. UDP ping —-> nmap -PU [target]
  35.  
  36. SCTP Init Ping —> nmap -PY [target]
  37.  
  38. ICMP echo ping —-> nmap -PE [target]
  39.  
  40. ICMP Timestamp ping —> nmap -PP [target]
  41.  
  42. ICMP address mask ping —> nmap -PM [target]
  43.  
  44. IP protocol ping —-> nmap -PO [target]
  45.  
  46. ARP ping —> nmap -PR [target]
  47.  
  48. Traceroute —> nmap –traceroute [target]
  49.  
  50. Force reverse DNS resolution —> nmap -R [target]
  51.  
  52. Disable reverse DNS resolution —> nmap -n [target]
  53.  
  54. Alternative DNS lookup —> nmap –system-dns [target]
  55.  
  56. Manually specify DNS servers —> nmap –dns-servers [servers] [target]
  57.  
  58. Create a host list —-> nmap -sL [targets]
  59.  
  60. Advanced Scanning Options
  61.  
  62. TCP SYN Scan —> nmap -sS [target]
  63.  
  64. TCP connect scan —-> nmap -sT [target]
  65.  
  66. UDP scan —-> nmap -sU [target]
  67.  
  68. TCP Null scan —-> nmap -sN [target]
  69.  
  70. TCP Fin scan —> nmap -sF [target]
  71.  
  72. Xmas scan —-> nmap -sX [target]
  73.  
  74. TCP ACK scan —> nmap -sA [target]
  75.  
  76. Custom TCP scan —-> nmap –scanflags [flags] [target]
  77.  
  78. IP protocol scan —-> nmap -sO [target]
  79.  
  80. Send Raw Ethernet packets —-> nmap –send-eth [target]
  81.  
  82. Send IP packets —-> nmap –send-ip [target]
  83.  
  84. Port Scanning Options
  85.  
  86. Perform a fast scan —> nmap -F [target]
  87.  
  88. Scan specific ports —-> nmap -p [ports] [target]
  89.  
  90. Scan ports by name —-> nmap -p [port name] [target]
  91.  
  92. Scan ports by protocol —-> nmap -sU -sT -p U:[ports],T:[ports] [target]
  93.  
  94. Scan all ports —-> nmap -p “*[target]
  95.  
  96. Scan top ports —–> nmap –top-ports [number] [target]
  97.  
  98. Perform a sequential port scan —-> nmap -r [target]
  99.  
  100. Version Detection
  101.  
  102. Operating system detection —-> nmap -O [target]
  103.  
  104. Submit TCP/IP Fingerprints —-> http://www.nmap.org/submit/
  105.  
  106. Attempt to guess an unknown —-> nmap -O –osscan-guess [target]
  107.  
  108. Service version detection —-> nmap -sV [target]
  109.  
  110. Troubleshooting version scans —-> nmap -sV –version-trace [target]
  111.  
  112. Perform a RPC scan —-> nmap -sR [target]
  113.  
  114. Timing Options
  115.  
  116. Timing Templates —-> nmap -T [0-5] [target]
  117.  
  118. Set the packet TTL —-> nmap –ttl Thursday, October 08, 2015 16:14 UTC+9 [target]
  119.  
  120. Minimum of parallel connections —-> nmap –min-parallelism [number] [target]
  121.  
  122. Maximum of parallel connection —-> nmap –max-parallelism [number] [target]
  123.  
  124. Minimum host group size —–> nmap –min-hostgroup [number] [targets]
  125.  
  126. Maximum host group size —-> nmap –max-hostgroup [number] [targets]
  127.  
  128. Maximum RTT timeout —–> nmap –initial-rtt-timeout Thursday, October 08, 2015 16:14 UTC+9 [target]
  129.  
  130. Initial RTT timeout —-> nmap –max-rtt-timeout [TTL] [target]
  131.  
  132. Maximum retries —-> nmap –max-retries [number] [target]
  133.  
  134. Host timeout —-> nmap –host-timeout Thursday, October 08, 2015 16:14 UTC+9 [target]
  135.  
  136. Minimum Scan delay —-> nmap –scan-delay Thursday, October 08, 2015 16:14 UTC+9 [target]
  137.  
  138. Maximum scan delay —-> nmap –max-scan-delay Thursday, October 08, 2015 16:14 UTC+9 [target]
  139.  
  140. Minimum packet rate —-> nmap –min-rate [number] [target]
  141.  
  142. Maximum packet rate —-> nmap –max-rate [number] [target]
  143.  
  144. Defeat reset rate limits —-> nmap –defeat-rst-ratelimit [target]
  145.  
  146. Firewall Evasion Techniques
  147.  
  148. Fragment packets —-> nmap -f [target]
  149.  
  150. Specify a specific MTU —-> nmap –mtu [MTU] [target]
  151.  
  152. Use a decoy —-> nmap -D RND: [number] [target]
  153.  
  154. Idle zombie scan —> nmap -sI [zombie] [target]
  155.  
  156. Manually specify a source port —-> nmap –source-port [port] [target]
  157.  
  158. Append random data —-> nmap –data-length [size] [target]
  159.  
  160. Randomize target scan order —-> nmap –randomize-hosts [target]
  161.  
  162. Spoof MAC Address —-> nmap –spoof-mac [MAC|0|vendor] [target]
  163.  
  164. Send bad checksums —-> nmap –badsum [target]
  165.  
  166. Output Options
  167.  
  168. Save output to a text file —-> nmap -oN [scan.txt] [target]
  169.  
  170. Save output to a xml file —> nmap -oX [scan.xml] [target]
  171.  
  172. Grepable output —-> nmap -oG [scan.txt] [target]
  173.  
  174. Output all supported file types —-> nmap -oA [path/filename] [target]
  175.  
  176. Periodically display statistics —-> nmap –stats-every Thursday, October 08, 2015 16:14 UTC+9 [target]
  177.  
  178. 133t output —-> nmap -oS [scan.txt] [target]
  179.  
  180. Troubleshooting and debugging
  181.  
  182. Help —> nmap -h
  183.  
  184. Display Nmap version —-> nmap -V
  185.  
  186. Verbose output —-> nmap -v [target]
  187.  
  188. Debugging —-> nmap -d [target]
  189.  
  190. Display port state reason —-> nmap –reason [target]
  191.  
  192. Only display open ports —-> nmap –open [target]
  193.  
  194. Trace packets —> nmap –packet-trace [target]
  195.  
  196. Display host networking —> nmap –iflist
  197.  
  198. Specify a network interface> nmap -e [interface] [target]
  199.  
  200. Nmap Scripting Engine
  201.  
  202. Execute individual scripts —> nmap –script [script.nse] [target]
  203.  
  204. Execute multiple scripts —-> nmap –script [expression] [target]
  205.  
  206. Script categories —-> all, auth, default, discovery, external, intrusive, malware, safe, vuln
  207.  
  208. Execute scripts by category —-> nmap –script [category] [target]
  209.  
  210. Execute multiple scripts categories —-> nmap –script [category1,category2, etc]
  211.  
  212. Troubleshoot scripts —-> nmap –script [script] –script-trace [target]
  213.  
  214. Update the script database —-> nmap –script-updatedb
  215.  
  216. Ndiff
  217.  
  218. Comparison using Ndiff —-> ndiff [scan1.xml] [scan2.xml]
  219.  
  220. Ndiff verbose mode —-> ndiff -v [scan1.xml] [scan2.xml]
  221.  
  222. XML output mode —-> ndiff –xml [scan1.xm] [scan2.xml]
RAW Paste Data Copied