API tools faq
paste
Paceusa

Nmap Tool All Commands

Paceusa
Jan 25th, 2022 (edited)
1,567
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 6.03 KB | None | 0 0
raw download clone embed print report
  1. Nmap Tool All Commands Collection
  2. Basic Scanning Techniques
  3.  
  4. Scan a single target —> nmap [target]
  5.  
  6. Scan multiple targets —> nmap [target1,target2,etc]
  7.  
  8. Scan a list of targets —-> nmap -iL [list.txt]
  9.  
  10. Scan a range of hosts —-> nmap [range of IP addresses]
  11.  
  12. Scan an entire subnet —-> nmap [IP address/cdir]
  13.  
  14. Scan random hosts —-> nmap -iR [number]
  15.  
  16. Excluding targets from a scan —> nmap [targets] –exclude [targets]
  17.  
  18. Excluding targets using a list —> nmap [targets] –excludefile [list.txt]
  19.  
  20. Perform an aggressive scan —> nmap -A [target]
  21.  
  22. Scan an IPv6 target —> nmap -6 [target]
  23.  
  24. Discovery Options
  25.  
  26. Perform a ping scan only —> nmap -sP [target]
  27.  
  28. Don’t ping —> nmap -PN [target]
  29.  
  30. TCP SYN Ping —> nmap -PS [target]
  31.  
  32. TCP ACK ping —-> nmap -PA [target]
  33.  
  34. UDP ping —-> nmap -PU [target]
  35.  
  36. SCTP Init Ping —> nmap -PY [target]
  37.  
  38. ICMP echo ping —-> nmap -PE [target]
  39.  
  40. ICMP Timestamp ping —> nmap -PP [target]
  41.  
  42. ICMP address mask ping —> nmap -PM [target]
  43.  
  44. IP protocol ping —-> nmap -PO [target]
  45.  
  46. ARP ping —> nmap -PR [target]
  47.  
  48. Traceroute —> nmap –traceroute [target]
  49.  
  50. Force reverse DNS resolution —> nmap -R [target]
  51.  
  52. Disable reverse DNS resolution —> nmap -n [target]
  53.  
  54. Alternative DNS lookup —> nmap –system-dns [target]
  55.  
  56. Manually specify DNS servers —> nmap –dns-servers [servers] [target]
  57.  
  58. Create a host list —-> nmap -sL [targets]
  59.  
  60. Advanced Scanning Options
  61.  
  62. TCP SYN Scan —> nmap -sS [target]
  63.  
  64. TCP connect scan —-> nmap -sT [target]
  65.  
  66. UDP scan —-> nmap -sU [target]
  67.  
  68. TCP Null scan —-> nmap -sN [target]
  69.  
  70. TCP Fin scan —> nmap -sF [target]
  71.  
  72. Xmas scan —-> nmap -sX [target]
  73.  
  74. TCP ACK scan —> nmap -sA [target]
  75.  
  76. Custom TCP scan —-> nmap –scanflags [flags] [target]
  77.  
  78. IP protocol scan —-> nmap -sO [target]
  79.  
  80. Send Raw Ethernet packets —-> nmap –send-eth [target]
  81.  
  82. Send IP packets —-> nmap –send-ip [target]
  83.  
  84. Port Scanning Options
  85.  
  86. Perform a fast scan —> nmap -F [target]
  87.  
  88. Scan specific ports —-> nmap -p [ports] [target]
  89.  
  90. Scan ports by name —-> nmap -p [port name] [target]
  91.  
  92. Scan ports by protocol —-> nmap -sU -sT -p U:[ports],T:[ports] [target]
  93.  
  94. Scan all ports —-> nmap -p “*[target]
  95.  
  96. Scan top ports —–> nmap –top-ports [number] [target]
  97.  
  98. Perform a sequential port scan —-> nmap -r [target]
  99.  
  100. Version Detection
  101.  
  102. Operating system detection —-> nmap -O [target]
  103.  
  104. Submit TCP/IP Fingerprints —-> http://www.nmap.org/submit/
  105.  
  106. Attempt to guess an unknown —-> nmap -O –osscan-guess [target]
  107.  
  108. Service version detection —-> nmap -sV [target]
  109.  
  110. Troubleshooting version scans —-> nmap -sV –version-trace [target]
  111.  
  112. Perform a RPC scan —-> nmap -sR [target]
  113.  
  114. Timing Options
  115.  
  116. Timing Templates —-> nmap -T [0-5] [target]
  117.  
  118. Set the packet TTL —-> nmap –ttl Thursday, October 08, 2015 16:14 UTC+9 [target]
  119.  
  120. Minimum of parallel connections —-> nmap –min-parallelism [number] [target]
  121.  
  122. Maximum of parallel connection —-> nmap –max-parallelism [number] [target]
  123.  
  124. Minimum host group size —–> nmap –min-hostgroup [number] [targets]
  125.  
  126. Maximum host group size —-> nmap –max-hostgroup [number] [targets]
  127.  
  128. Maximum RTT timeout —–> nmap –initial-rtt-timeout Thursday, October 08, 2015 16:14 UTC+9 [target]
  129.  
  130. Initial RTT timeout —-> nmap –max-rtt-timeout [TTL] [target]
  131.  
  132. Maximum retries —-> nmap –max-retries [number] [target]
  133.  
  134. Host timeout —-> nmap –host-timeout Thursday, October 08, 2015 16:14 UTC+9 [target]
  135.  
  136. Minimum Scan delay —-> nmap –scan-delay Thursday, October 08, 2015 16:14 UTC+9 [target]
  137.  
  138. Maximum scan delay —-> nmap –max-scan-delay Thursday, October 08, 2015 16:14 UTC+9 [target]
  139.  
  140. Minimum packet rate —-> nmap –min-rate [number] [target]
  141.  
  142. Maximum packet rate —-> nmap –max-rate [number] [target]
  143.  
  144. Defeat reset rate limits —-> nmap –defeat-rst-ratelimit [target]
  145.  
  146. Firewall Evasion Techniques
  147.  
  148. Fragment packets —-> nmap -f [target]
  149.  
  150. Specify a specific MTU —-> nmap –mtu [MTU] [target]
  151.  
  152. Use a decoy —-> nmap -D RND: [number] [target]
  153.  
  154. Idle zombie scan —> nmap -sI [zombie] [target]
  155.  
  156. Manually specify a source port —-> nmap –source-port [port] [target]
  157.  
  158. Append random data —-> nmap –data-length [size] [target]
  159.  
  160. Randomize target scan order —-> nmap –randomize-hosts [target]
  161.  
  162. Spoof MAC Address —-> nmap –spoof-mac [MAC|0|vendor] [target]
  163.  
  164. Send bad checksums —-> nmap –badsum [target]
  165.  
  166. Output Options
  167.  
  168. Save output to a text file —-> nmap -oN [scan.txt] [target]
  169.  
  170. Save output to a xml file —> nmap -oX [scan.xml] [target]
  171.  
  172. Grepable output —-> nmap -oG [scan.txt] [target]
  173.  
  174. Output all supported file types —-> nmap -oA [path/filename] [target]
  175.  
  176. Periodically display statistics —-> nmap –stats-every Thursday, October 08, 2015 16:14 UTC+9 [target]
  177.  
  178. 133t output —-> nmap -oS [scan.txt] [target]
  179.  
  180. Troubleshooting and debugging
  181.  
  182. Help —> nmap -h
  183.  
  184. Display Nmap version —-> nmap -V
  185.  
  186. Verbose output —-> nmap -v [target]
  187.  
  188. Debugging —-> nmap -d [target]
  189.  
  190. Display port state reason —-> nmap –reason [target]
  191.  
  192. Only display open ports —-> nmap –open [target]
  193.  
  194. Trace packets —> nmap –packet-trace [target]
  195.  
  196. Display host networking —> nmap –iflist
  197.  
  198. Specify a network interface> nmap -e [interface] [target]
  199.  
  200. Nmap Scripting Engine
  201.  
  202. Execute individual scripts —> nmap –script [script.nse] [target]
  203.  
  204. Execute multiple scripts —-> nmap –script [expression] [target]
  205.  
  206. Script categories —-> all, auth, default, discovery, external, intrusive, malware, safe, vuln
  207.  
  208. Execute scripts by category —-> nmap –script [category] [target]
  209.  
  210. Execute multiple scripts categories —-> nmap –script [category1,category2, etc]
  211.  
  212. Troubleshoot scripts —-> nmap –script [script] –script-trace [target]
  213.  
  214. Update the script database —-> nmap –script-updatedb
  215.  
  216. Ndiff
  217.  
  218. Comparison using Ndiff —-> ndiff [scan1.xml] [scan2.xml]
  219.  
  220. Ndiff verbose mode —-> ndiff -v [scan1.xml] [scan2.xml]
  221.  
  222. XML output mode —-> ndiff –xml [scan1.xm] [scan2.xml]
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!