Nmap Basic

How to list all the local network IP ?

nmap -sP 192.168.29.0/24

nmap -sP 192.10.10.0/24

nmap -sn 192.168.29.0/24

Multiple networks can be scanned at once ?

nmap 192.168.0.0/24 10.80.0.0/24

nmap -A -T4 14.98.29.241

Print All the Local Network IP To a File

nmap -sn 192.10.10.0/24 | awk '/Nmap scan/{gsub(/[()]/,"",$NF); print $NF > "Nmap-IP-List"}'

nmap -sn 192.168.29.0/24 | awk '/Nmap scan/{gsub(/[()]/,"",$NF); print $NF > "Nmap-IP-List"}'

nmap -sn 192.168.29.0/24 -oG nmap_output

Scanning specific ports

nmap -sV -p 22,443 192.168.29.0/24

The above flags have the following meanings:

• -vv (Increase verbosity)

• -n (No DNS resolution. This speeds up our scan!)

• -sn (No port scan)

• -PE (Use ICMP echo request queries. This is what is displayed in the output above)

• -T4 (prohibits the dynamic scan delay from exceeding 10 ms for TCP ports. See man nmap).

• --packet-trace (Trace sent and received packets)

If you want to extract only the IP addresses from the Nmap scan results and save them to a text file, you can use the grep command in conjunction with awk to extract the IP addresses and redirect the output to a file.

nmap -sn 192.168.1.0/24 | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' > ip_list.txt