NMAP Cheat Sheet

Question 1

TCP SYN port scan (Default)

Answer 1

-sS

Example:
nmap 192.168.1.1 -sS

Question 2

TCP connect port scan

Default without root privilege

Answer 2

-sT

Example:
nmap 192.168.1.1 -sT

Question 3

UDP port scan

Answer 3

-sU

Example:
nmap 192.168.1.1 -sU

Question 4

TCP ACK port scan

Answer 4

-sA

Example:
nmap 192.168.1.1 -sA

Question 5

TCP Window port scan

Answer 5

-sW

Example:
nmap 192.168.1.1 -sW

Question 6

TCP Maimon port scan

Answer 6

-sM

Example:
nmap 192.168.1.1 -sM

Question 7

No Scan. List targets only

Answer 7

-sL

Example:
nmap 192.168.1.1-3 -sL

Question 8

• Disable port scanning. Host discovery only.

- Good for seeing which hosts on a network are up

Answer 8

-sn

Example:
nmap 192.168.1.1/24 -sn

Question 9

• Disable host discovery. Port scan only.

- Good for more intrusive scans and saves time

Answer 9

-Pn

Example:
nmap 192.168.1.1-5 -Pn

Question 10

Port range

Answer 10

-p

Example:
nmap 192.168.1.1 -p 21-100

Question 11

Port scan multiple TCP and UDP ports

Answer 11

-p

Example:
nmap 192.168.1.1 -p U:53,T:21-25,80

Question 12

Port scan all ports

Answer 12

-p-

Example:
nmap 192.168.1.1 -p-

Question 13

Fast port scan (100 ports)

Answer 13

-F

Example:
nmap 192.168.1.1 -F

Question 14

Attempts to determine the version of the service running on port

Answer 14

-sV

Example:
nmap 192.168.1.1 -sV

Question 15

Enables OS detection, version detection, script scanning, and traceroute

Answer 15

-A

Example:
nmap 192.168.1.1 -A

Question 16

Remote OS detection using TCP/IP stack fingerprinting

Answer 16

-O

Example:
nmap 192.168.1.1 -O

Question 17

• Scan speed setting

- Paranoid Intrusion Detection System evasion

Answer 17

-T0

Example:
nmap 192.168.1.1 -T0

Question 18

• Scan speed setting

- Sneaky Intrusion Detection System evasion

Answer 18

-T1

Example:
nmap 192.168.1.1 -T1

Question 19

• Scan speed setting

- Polite slows down the scan to use less bandwidth and use less target machine resources

Answer 19

-T2

Example:
nmap 192.168.1.1 -T2

Question 20

• Scan speed setting

- Normal which is default speed

Answer 20

-T3

Example:
nmap 192.168.1.1 -T3

Question 21

• Scan speed setting

- Aggressive speeds scans; assumes you are on a reasonably fast and reliable network

Answer 21

-T4

Example:
nmap 192.168.1.1 -T4

Question 22

• Scan speed setting

- Insane speeds scan; assumes you are on an extraordinarily fast network

Answer 22

-T5

Example:
nmap 192.168.1.1 -T5

Question 23

Requested scan (including ping scans) use tiny fragmented IP packets. Harder for packet filters

Answer 23

-f

Example:
nmap 192.168.1.1 -f

Question 24

Send scans from spoofed IPs

Answer 24

-D

Example:
nmap -D 192.168.1.101,192.168.1.102,192.168.1.103,192.168.1.23 192.168.1.1

Question 25

Use given source port number

Answer 25

-g

Example:
nmap -g 53 192.168.1.1

Question 26

Normal output to the file normal.file

Answer 26

-oN

Example:
nmap 192.168.1.1 -oN normal.file

Question 27

XML output to the file xml.file

Answer 27

-oX

Example:
nmap 192.168.1.1 -oX xml.file

Question 28

Grepable output to the file grep.file

Answer 28

-oG

Example:
nmap 192.168.1.1 -oG grep.file

Question 29

Output in the three major formats at once

Answer 29

-oA

Example:
nmap 192.168.1.1 -oA results

Question 30

Increase the amount of info (use twice or more for greater effect)

Answer 30

-v

Example:
nmap 192.168.1.1 -v

Question 31

Scan targets from a file

Answer 31

-iL

Example:
nmap -iL targets.txt

Question 32

Scan 100 random hosts

Answer 32

-iR

Example:
nmap -iR 100