June 22, 2024

Scan all ports on target host

sudo nmap -p- -T4 [target]

Scan specific ports on target

sudo nmap -p80,443,21-23 -sV -T4 [target]

Scan for OS detection

sudo nmap -O -T4 [target]

Here are some additional Nmap commands:

For stealth scan (SYN scan):

sudo nmap -sS [target]

For UDP scan:

sudo nmap -sU [target]

For TCP connect scan:

sudo nmap -sT [target]

For TCP NULL, FIN, and Xmas scans:

sudo nmap -sN -sF -sX [target]

For IP protocol scan:

sudo nmap -sO [target]

For version detection:

sudo nmap -sV [target]

For traceroute:

sudo nmap –traceroute [target]

For OS detection:

sudo nmap -O [target]

For scripts scan:

sudo nmap –script [target]

sudo nmap -sS -sU -T4 [target]

Scan top 1000 ports on target host/network

sudo nmap -sS -sU -p 1-1000 -T4 [target]

Scan all ports on target host

sudo nmap -p- -T4 [target]

Scan specific ports on target

sudo nmap -p80,443,21-23 -sV -T4 [target]

Scan for OS detection

sudo nmap -O -T4 [target]

Here are some additional Nmap commands:

For stealth scan (SYN scan):

sudo nmap -sS [target]

For UDP scan:

sudo nmap -sU [target]

For TCP connect scan:

sudo nmap -sT [target]

For TCP NULL, FIN, and Xmas scans:

sudo nmap -sN -sF -sX [target]

For IP protocol scan:

sudo nmap -sO [target]

For version detection:

sudo nmap -sV [target]

For traceroute:

sudo nmap –traceroute [target]

For OS detection:

sudo nmap -O [target]

For scripts scan:

sudo nmap –script [target]

Here are some additional tips for Nmap scanning:

Use -Pn to skip ping scan and not determine if hosts are up. This is good for stealth scanning.

Use –randomize-hosts to randomize the scanning order of hosts. This can prevent some IDS from detecting the scan.

Use -D RND:10.1.1.1-10.1.1.254 to perform decoy scanning. This can confuse the target about your real IP address.

Use -f to fragment the packets (often avoided by firewalls).

Use –data-length x where x is the number of random data bytes to put in each packet. This can bypass some firewalls.

Use –scan-delay msec and –max-retries n to adjust timing options for stealthier scanning.

Use –badsum to perform checksum invalid UDP scanning to confuse target.

Use -n to avoid DNS resolution to prevent DNS leaks.

Use -v for verbose mode, -d for debug mode.

Use –release-memory to free up memory on Nmap after scan completes.

Use man nmap for help and full list of options.

sudo nmap -sS -sU -T4 [target]

Scan top 1000 ports on target host/network

sudo nmap -sS -sU -p 1-1000 -T4 [target]

Scan all ports on target host

sudo nmap -p- -T4 [target]

Scan specific ports on target

sudo nmap -p80,443,21-23 -sV -T4 [target]

Scan for OS detection

sudo nmap -O -T4 [target]

Here are some additional Nmap commands:

For stealth scan (SYN scan):

sudo nmap -sS [target]

For UDP scan:

sudo nmap -sU [target]

For TCP connect scan:

sudo nmap -sT [target]

For TCP NULL, FIN, and Xmas scans:

sudo nmap -sN -sF -sX [target]

For IP protocol scan:

sudo nmap -sO [target]

For version detection:

sudo nmap -sV [target]

For traceroute:

sudo nmap –traceroute [target]

For OS detection:

sudo nmap -O [target]

For scripts scan:

sudo nmap –script [target]

Here are some additional Nmap commands:

For stealth scan (SYN scan):

sudo nmap -sS [target]

For UDP scan:

sudo nmap -sU [target]

For TCP connect scan:

sudo nmap -sT [target]

For TCP NULL, FIN, and Xmas scans:

sudo nmap -sN -sF -sX [target]

For IP protocol scan:

sudo nmap -sO [target]

For version detection:

sudo nmap -sV [target]

For traceroute:

sudo nmap –traceroute [target]

For OS detection:

sudo nmap -O [target]

For scripts scan:

sudo nmap –script [target]

Here are some additional tips for Nmap scanning:

Use -Pn to skip ping scan and not determine if hosts are up. This is good for stealth scanning.

Use –randomize-hosts to randomize the scanning order of hosts. This can prevent some IDS from detecting the scan.

Use -D RND:10.1.1.1-10.1.1.254 to perform decoy scanning. This can confuse the target about your real IP address.

Use -f to fragment the packets (often avoided by firewalls).

Use –data-length x where x is the number of random data bytes to put in each packet. This can bypass some firewalls.

Use –scan-delay msec and –max-retries n to adjust timing options for stealthier scanning.

Use –badsum to perform checksum invalid UDP scanning to confuse target.

Use -n to avoid DNS resolution to prevent DNS leaks.

Use -v for verbose mode, -d for debug mode.

Use –release-memory to free up memory on Nmap after scan completes.

Use man nmap for help and full list of options.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

Here are some additional tips for stealthier Nmap scanning:

Use a combination of TCP SYN scan (-sS) and UDP scan (-sU) for mixed scan.

Use -T Polite (or Sneaky) timing template for slower scans.

Use –send-ip to use different IP address than your source.

Use decoy scan (-D) to mask your real IP address.

Use –source-port to use random high number source ports.

Use –data-length to add random payload to scan packets.

Use –ttl to change default TTL value.

Use –scan-delay and –max-retries to adjust timing.

Use –spoof-mac and –badsum for added stealth.

Use –proxy-chain file to scan through proxies.

Use –append-output to continually append to output file instead of overwriting.

Use > file to output to file and screen, >> file to append to file.

Use 2> file to output stderr to file.

Use | other-command to pipe Nmap output to another command.

Use ; other-command to run another command after Nmap completes.

Use man nmap-services to view list of port numbers and names.

Use man nmap-protocols to view protocol numbers and names.

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *