Nmap Syntax
Nmap Syntax
1.Scanning an IP
Syntax: nmap
2.Scanning a HOST
Syntax: nmap [www.example.com](http://www.example.com)\
3.Scanning a range of IPs Syntax: nmap
4.Scanning a Subnet
Syntax: nmap
5.Scanning a Targets from a Text File Syntax: nmap -iL
6.Scanning target & Ignore Discovery Syntax: nmap -target-ip <-Pn>
7.Scanning target & Host Discovery Syntax: nmap -target-ip <-sP>
8.Scan a Single Port
Syntax: nmap <-p port numbers>
9.Scan a range of ports
Syntax: nmap <-p firstport-lastport>
10.Scan all ports (65535) Syntax: nmap <-p->
11.Scan TCP or UDP Ports
Syntax: nmap <-p U:port, T:port>
12.Fast Port Scan
Syntax: nmap <-F> -v
13.No Randomise Port Scan Syntax: nmap <-r> -v
14.Nmap Top Ports Scan
Syntax: nmap < — top-ports N> -v
15.Nmap Port Ratio Scan
Syntax: nmap < — ports-ratio > -v
16.Port-knocking an obfuscation-as-security technique.
Syntax: for x in 1–10000; do nmap -Pn -p $x server_ip_address; done
17.Standard Service Detection Syntax: nmap <-sV>
18.Light Service Detection
Syntax: nmap <-sV — version-intensity 0>
19.Aggressive Service Detection
Syntax: nmap <-sV — version-intensity 5>
20.OS Detection
Syntax: nmap <-O >
21.OS Detection
Syntax: nmap < — max-os-tries>
22.OS Detection
Syntax: nmap < — osscan-limit >
23.OS Detection
Syntax: nmap < — osscan-guess; — fuzzy >
24.OS Detection
Syntax: nmap < — script — smb-os-discovery >
25.Save Normal Output to File
Syntax: nmap <-oN file.txt>
26.Save XML Output to File
Syntax: nmap <-oX file.txt>
27.Save XML to CSV for Recon
Syntax: nmap <-oX file.txt>
•Python parsey.py op.xml op.csv
28.Save “Grep”able Output to File Syntax: nmap <-oG file.txt>
29.ScRipT K1dd3 Output to File
Syntax: nmap <-oS file.txt>
30.Save All Types Output to File Syntax: nmap <-oA file.txt>
31.Scan using Default Safe Scripts Syntax: nmap <-sC>
32.Getting Help for any Scripts
Syntax: nmap < — script-help=scriptname>
33.Nmap Script Args
Syntax: nmap < — script=scriptname — scriptargs>
34.Scan using specific Scripts
Syntax: nmap < — script=script name.nse>
35.Scan using set of Scripts
Syntax: nmap < — script=“http-*”>
36.Update Script Database
Syntax: nmap < — script=updatedb>
37.Safe Scripts
Syntax: nmap < — script=safe,default> 38.Vulnerability Scripts
Syntax: nmap < — script=vuln> 39.DOS Scripts
Syntax: nmap < — script=dos>
40.Exploit Scripts
Syntax: nmap < — script=exploit>
41.Malware Scripts
Syntax: nmap < — script=http-malware-host>
42.Intrusive Scripts
Syntax: nmap < — script=intrusive>
43.NOT including Scripts
Syntax: nmap < — script=not script type>
44.Boolean Expression Scan
Syntax: nmap < — script=and or not script type>
45.Traceroute Scan
Syntax: nmap < — traceroute>
46.Trace Traffic & Geo Resolution Scan
Syntax: nmap < — script=traceroutegeolocation>
47.DNS BruteForce Scan
Syntax: nmap < — script=dns-brute.nse>
48.Find Hosts on IP Scan
Syntax: nmap < — script=hostmap-bfk.nse>
49.Whois Scan
Syntax: nmap < — script=whois-ip, whoisdomain>
50.Robots Scan
Syntax: nmap < — script=http-robots.txt>
51.WAF Detect Scan
Syntax: nmap < — script=http-waf-detect>
52.WAF Fingerprint Scan
Syntax: nmap < — script=http-waf-fingerprint>
53.Wafw00f vs Nmap Scan Syntax: wafw00f
Syntax: nmap < — script=http-waf-fingerprint>
54.Firewalk Scan
Syntax: nmap < — script=firewalk — traceroute>
55.Shodan Scan
Syntax: nmap < — script=shodan-api>
56.Email Enumeration
Syntax: nmap < — script=http-grep>
57.Nmap Crawlers Scan
Syntax: nmap < — script=http-useragent-tester>
58.Nmap Discovering Directories Scan Syntax: nmap < — script=http-enum>
59.Nmap Open Relay Scan
Syntax: nmap < — script=smtp-open-relay>
60.Nmap SMTP User Enum Scan
Syntax: nmap < — script=smtp-enum-users>
61.Nmap SMTP Password Attack Scan
Syntax: nmap < — script=smtp-brute>
62.Nmap SMTP Backdoor Detect Scan
Syntax: nmap < — script=smtp-strangeport>
63.Nmap POP3 Capabilities Scan
Syntax: nmap < — script=pop3-capabilities> 64.Nmap IMAP Capabilities Scan
Syntax: nmap < — script=imap-capabilities> 65.Nmap Cloak Scan with Decoy
Syntax: nmap <-D>
66.Nmap Spoof Mac Address
Syntax: nmap < — spoof-mac>
67.Nmap Select Interface
Syntax: nmap <-e ethO>
68.Nmap Source Port Modify
Syntax: nmap < — source-port 7890>
69.Nmap Fake TTL
Syntax: nmap < — ttl 128>
70.Nmap Relay Proxies
Syntax: nmap < — proxies proxy:port>
71.Nmap Bogus TCP/UDP Checksum Syntax: nmap < — badsum>
72.Nmap Bogus Fragment Scan Syntax: nmap <-f>
73.Nmap MTU Scan
Syntax: nmap <-mtu 8>