Forrest logo
tool overview
On this page you find all important commands for the CLI tool nmap. If the command you are looking for is missing please ask our AI.

nmap

Nmap is a popular command line tool used for network exploration and security auditing. It stands for "Network Mapper" and is designed to scan networks for open ports, discover hosts, and gather information about the network devices.

  1. Nmap utilizes ICMP, TCP, UDP, and ARP protocols to scan and probe network hosts.
  2. It is capable of performing multiple types of scans, including ping sweep, SYN scan, connect scan, OS detection, and version detection.
  3. With Nmap, you can specify custom target IP ranges, specific ports, or even use target lists from a text file.
  4. It can provide detailed information about each scanned host, including the operating system, MAC address, device type, and open ports.
  5. Nmap has built-in scripts that allow for advanced scanning techniques, such as brute force password cracking, service detection, and vulnerability scanning.
  6. It provides flexible output options, allowing users to save scan results in various formats like XML, plain text, or even interactive output.
  7. Nmap has the capability to scan large networks quickly due to its parallel scanning feature, which helps save time during network reconnaissance.
  8. It is a cross-platform tool and is available for Windows, macOS, and various Linux distributions.
  9. Nmap is highly customizable, with options to adjust scan timing, packet fragmentation, rate, and even firewall evasion techniques.
  10. It is widely used by system administrators, security professionals, and penetration testers for network discovery, vulnerability assessment, and network hardening purposes.

List of commands for nmap:

  • nmap:tldr:0cec2 nmap: Perform service and version detection of the top 1000 ports using default NSE scripts; writing results ('-oN') to output file.
    $ nmap -sC -sV -oN ${top-1000-ports-txt} ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:1d639 nmap: Scan target(s) carefully using 'default and safe' NSE scripts.
    $ nmap --script "default and safe" ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:411bd nmap: Scan a specific list of ports (use '-p-' for all ports from 1 to 65535).
    $ nmap -p ${port1,port2,---,portN} ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:4ca2b nmap: Also enable scripts, service detection, OS fingerprinting and traceroute.
    $ nmap -A ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:4e4cf nmap: Scan web server running on standard ports 80 and 443 using all available 'http-*' NSE scripts.
    $ nmap --script "http-*" ${address_or_addresses} -p 80,443
    try on your machine
    explain this command
  • nmap:tldr:a3434 nmap: Perform a stealthy very slow scan ('-T0') trying to avoid detection by IDS/IPS and use decoy ('-D') source IP addresses.
    $ nmap -T0 -D ${decoy1_ipaddress,decoy2_ipaddress,---,decoyN_ipaddress} ${address_or_addresses}
    try on your machine
    explain this command
  • nmap:tldr:acc38 nmap: Try to determine whether the specified hosts are up (ping scan) and what their names are.
    $ nmap -sn ${ip_or_hostname} ${optional_another_address}
    try on your machine
    explain this command
  • nmap:tldr:c3600 nmap: Check if an IP address is up, and guess the remote host's operating system.
    $ nmap -O ${ip_or_hostname}
    try on your machine
    explain this command
tool overview