50 useful Nmap commands

Here are 50 useful Nmap commands that can help you in various network scanning and security assessment tasks:


1. Basic TCP scan: `nmap <target>`

2. Basic UDP scan: `nmap -sU <target>`

3. TCP SYN scan: `nmap -sS <target>`

4. TCP Connect scan: `nmap -sT <target>`

5. Stealth scan (SYN/ACK): `nmap -sA <target>`

6. TCP Null scan: `nmap -sN <target>`

7. TCP FIN scan: `nmap -sF <target>`

8. TCP XMAS scan: `nmap -sX <target>`

9. TCP ACK scan: `nmap -sA <target>`

10. ICMP Echo scan: `nmap -PE <target>`

11. ICMP Timestamp scan: `nmap -PP <target>`

12. ICMP Netmask scan: `nmap -PM <target>`

13. OS detection: `nmap -O <target>`

14. Version detection: `nmap -sV <target>`

15. Service detection: `nmap -sV --version-intensity 9 <target>`

16. Aggressive scan: `nmap -A <target>`

17. Script scan: `nmap -sC <target>`

18. Full port range scan: `nmap -p- <target>`

19. Top ports scan: `nmap --top-ports <number> <target>`

20. Scan multiple targets: `nmap <target1> <target2> <target3>`

21. Scan targets from a file: `nmap -iL <file>`

22. Scan multiple targets in parallel: `nmap -Pn -iL <file> --min-hostgroup <number>`

23. Scan IPv6 targets: `nmap -6 <target>`

24. Scan target with a specific source IP: `nmap -S <source-ip> <target>`

25. Scan target using a specific network interface: `nmap -e <interface> <target>`

26. Scan target with a specific source port: `nmap --source-port <port> <target>`

27. Disable DNS resolution: `nmap -n <target>`

28. Save scan results to a file: `nmap -oN <filename> <target>`

29. Save scan results in XML format: `nmap -oX <filename> <target>`

30. Save scan results in grepable format: `nmap -oG <filename> <target>`

31. Display only open ports: `nmap --open <target>`

32. Display only filtered ports: `nmap --open --packet-trace <target>`

33. Show all scanned ports: `nmap --open --packet-trace --reason <target>`

34. Verbose output: `nmap -v <target>`

35. Very verbose output: `nmap -vv <target>`

36. Timing template (0-5): `nmap -T<0-5> <target>`

37. Scan using a specific script: `nmap --script <script> <target>`

38. Scan using a script category: `nmap --script <category> <target>`

39. Update Nmap script database: `nmap --script-updatedb`

40. Disable host discovery: `nmap -Pn <target>`

41. Skip host discovery and port scan: `nmap -sn <target>`

42. Skip default port scan: `nmap -sn --host-timeout 0 <target>`

43. Scan using a specific timing template: `nmap -T<0-5


> <target>`

44. Scan for SSL/TLS vulnerabilities: `nmap --script ssl-enum-ciphers <target>`

45. Scan for SMB vulnerabilities: `nmap --script smb-vuln* <target>`

46. Scan for HTTP vulnerabilities: `nmap --script http-vuln* <target>`

47. Scan for DNS vulnerabilities: `nmap --script dns-* <target>`

48. Scan for FTP vulnerabilities: `nmap --script ftp-* <target>`

49. Scan for SSH vulnerabilities: `nmap --script ssh-* <target>`

50. Scan for SNMP vulnerabilities: `nmap --script snmp-* <target>`


Please note that some advanced options and scripts may require additional dependencies or privileges. Make sure to use these commands responsibly and in compliance with the laws and regulations of your jurisdiction.