Nmap Cheat Sheet

Essential network scanning techniques and commands

Target Specification

  • nmap 192.168.1.1

    Scan a single IP

  • nmap 192.168.1.1 192.168.2.1

    Scan specific IPs

  • nmap 192.168.1.1-254

    Scan an IP range

  • nmap 192.168.1.0/24

    Scan using CIDR notation

  • nmap -iL targets.txt

    Scan targets from a file

Scan Techniques

  • nmap -sS 192.168.1.1

    TCP SYN port scan (Default)

  • nmap -sT 192.168.1.1

    TCP connect port scan

  • nmap -sU 192.168.1.1

    UDP port scan

  • nmap -sA 192.168.1.1

    TCP ACK port scan

Host Discovery

  • nmap -sn 192.168.1.1/24

    Disable port scanning. Host discovery only

  • nmap -Pn 192.168.1.1-5

    Disable host discovery. Port scan only

  • nmap -PS22-25,80 192.168.1.1-5

    TCP SYN discovery on specific ports

  • nmap -PR 192.168.1.1/24

    ARP discovery on local network

Port Specification

  • nmap -p 21 192.168.1.1

    Scan specific port

  • nmap -p 21-100 192.168.1.1

    Scan port range

  • nmap -p- 192.168.1.1

    Scan all ports

  • nmap -p http,https 192.168.1.1

    Scan by service name

  • nmap --top-ports 2000 192.168.1.1

    Scan top 2000 ports

Service & Version Detection

  • nmap -sV 192.168.1.1

    Detect service versions

  • nmap -sV --version-intensity 8 192.168.1.1

    Detailed version detection

  • nmap -A 192.168.1.1

    Aggressive detection (OS, version, scripts)