Common and Useful nmap Commands

πŸ” Basic Scanning

  1. Ping Scan (host discovery only, no port scan)

    nmap -sn 192.168.1.0/24
  2. Basic Port Scannmap 192.168.1.10
    • What it does: Scans the 1,000 most common ports on a target host.
    • Use case: First step to see what’s open.

⚑ Specific Port & Range Scans

  1. Scan a Single Port

    nmap -p 22 192.168.1.10
    • What it does: Checks only port 22 (SSH in this example).
    • Use case: Verify if a specific service is accessible.
  2. Scan a Range of Ports

    nmap -p 20-100 192.168.1.10
    • What it does: Scans ports 20 through 100.
    • Use case: More granular checks if you suspect services in a range.
  3. Scan All Ports (1–65535)

    nmap -p- 192.168.1.10
    • What it does: Checks every port on the target.
    • Use case: Full enumeration of open services.

🎭 Stealth & Aggressive Scans

  1. TCP SYN Scan (stealth mode, default for root)

    nmap -sS 192.168.1.10
    • What it does: Sends SYN packets and waits for SYN/ACK, without completing the handshake.
    • Use case: Faster and stealthier scan for open ports.
  2. Aggressive Scan

    nmap -A 192.168.1.10
    • What it does: Performs OS detection, version detection, script scanning, and traceroute.
    • Use case: Collects maximum info in one go.

🧠 Service & OS Detection

  1. Service Version Detection

    nmap -sV 192.168.1.10
    • What it does: Attempts to identify the version of running services.
    • Use case: Useful for vulnerability analysis.
  2. OS Detection

    nmap -O 192.168.1.10
    • What it does: Tries to determine the target’s operating system.
    • Use case: Profiling and tailoring exploits/testing.

πŸ“œ Output Options

  1. Save Results to a File
nmap -oN results.txt 192.168.1.10
  • What it does: Saves results in normal text format.
  • Variants: -oX for XML, -oG for grepable.
  • Use case: Keep logs or parse output later.

βš™οΈ Useful Extras

  1. Fast Scan (only top 100 ports)
nmap -F 192.168.1.10
  • What it does: Scans fewer ports for quicker results.
  • Use case: Time-sensitive sweeps.
  1. Script Scan (Nmap Scripting Engine, NSE)
nmap --script=vuln 192.168.1.10
  • What it does: Runs vulnerability-related NSE scripts.
  • Use case: Automated checks for common CVEs.
  1. Traceroute with Nmap
nmap --traceroute 192.168.1.10
  • What it does: Shows the path packets take to the target.
  • Use case: Network topology and routing analysis.

βœ… Pro Tip: You can chain options together. Example:

nmap -sS -sV -O -p- -A 192.168.1.10

β†’ Stealth scan, service detection, OS detection, all ports, and aggressive scan in one command (noisy but thorough).