Forrest logo
back to context overview

nmap

List of commands for nmap:

  • nmap:ai:4c360 nmap scan address range
    $ nmap -sn 192.168.0.1-10 -oX output.json
    try on your machine
    explain this command
  • nmap:ai:a15d6 Scan the network range 192.168.1.0/24 using the Ping Scan (-sP) option of nmap
    $ nmap -sP 192.168.1.0/24
    try on your machine
    explain this command
  • nmap:ai:d1fd2 netbios-ssn
    $ nmap -p 139 --script smb-vuln-netbios-finger.nse ${target_ip}
    try on your machine
    explain this command
  • nmap:ai:e056a Scan subnet 192.168.1.0/24 for hosts and output the result as a JSON string.
    $ nmap -sn 192.168.1.0/24 -oX -
    try on your machine
    explain this command
  • nmap:ai:e7d9f nmap check ip
    $ nmap -sn ${IP_ADDRESS}
    try on your machine
    explain this command
  • nmap:tldr:0cec2 nmap: Perform service and version detection of the top 1000 ports using default NSE scripts; writing results ('-oN') to output file.
    $ nmap -sC -sV -oN ${top-1000-ports-txt} ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:1d639 nmap: Scan target(s) carefully using 'default and safe' NSE scripts.
    $ nmap --script "default and safe" ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:411bd nmap: Scan a specific list of ports (use '-p-' for all ports from 1 to 65535).
    $ nmap -p ${port1,port2,---,portN} ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:4ca2b nmap: Also enable scripts, service detection, OS fingerprinting and traceroute.
    $ nmap -A ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:4e4cf nmap: Scan web server running on standard ports 80 and 443 using all available 'http-*' NSE scripts.
    $ nmap --script "http-*" ${address_or_addresses} -p 80,443
    try on your machine
    explain this command
  • nmap:tldr:a3434 nmap: Perform a stealthy very slow scan ('-T0') trying to avoid detection by IDS/IPS and use decoy ('-D') source IP addresses.
    $ nmap -T0 -D ${decoy1_ipaddress,decoy2_ipaddress,---,decoyN_ipaddress} ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:acc38 nmap: Try to determine whether the specified hosts are up (ping scan) and what their names are.
    $ nmap -sn ${ip_or_hostname} ${optional_another_address}
    try on your machine
    explain this command
  • nmap:tldr:c3600 nmap: Check if an IP address is up, and guess the remote host's operating system.
    $ nmap -O ${ip_or_hostname}
    try on your machine
    explain this command
back to context overview