This translation is older than the original page and might be outdated. See what has changed.

Helpful NMAP scanner commands

Approved 2024/02/05 08:35 by psycore (version: 2) | Approver: psycore

Helpful NMAP scanner commands

Here are some very useful commands for NMAP.

Command Set

Discover Hosts

export IPRANGE='172.16.0.0/16'
nmap -e tun0 -sn -v -oA pingscan $IPRANGE

Parse Results

grep Up pingscan.gnmap | awk '{print$2}' > 172_16_ping_ips.txt

Discover Services

nmap -v -sSV -A -O -iL 172_16_ping_ips.txt

Discover more Hosts

nmap -PE -PS80,443,3389 -PP -PU40125,161 -PA21 --source-port 53 $IPRANGE

Other commands

Ping Scan

nmap -sP 172.16.0.0/16

quick scan

nmap-sn 192.168.0.1/24

Systematic scan

nmap -e tun0 -PE -sn -n -oA pingscan 172.16.0.0/16
grep Up pingscan.gnmap | awk '{print$2}' > 172_16_ping_ips.txt
nmap -e tun0 -sSV -O --top-ports 3800 -oA portscan172_ping_ips -iL 172_16_ping_ips.txt

Targeted scanning

nmap -v -A -O -oX /root/op.xml -iL /home/kali/Desktop/hosts.txt
-A: Enable OS detection, version detection, script scanning, and traceroute
-O: Enable OS detection
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
     and Grepable format, respectively, to the given filename.
-iL <inputfilename>: Input from list of hosts/networks

Scan host services

nmap -sSV $IP

Scan vulnerabilities

nmap -v --script vuln $IP

Disguise NMAP scans

--scan-delay/--max-scan-delay <time>: Adjust delay between probes
nmap -sV --script=banner <target>
en/it-security/nmap.txt ยท Last modified: 2024/02/05 08:35
CC Attribution-Noncommercial-Share Alike 4.0 International