๐ฐ Basic Nmap Scans
nmap target.com
๐ Default scan (top 1000 TCP ports)
nmap 192.168.1.1
๐ Scan an IP address
nmap 192.168.1.1-50
๐ Scan IP range
nmap 192.168.1.0/24
๐ Scan entire subnet
๐ Fast & Stealthy Scans
nmap -T4 target.com
๐ Faster scan (good balance)
nmap -T5 target.com
๐ Very fast (noisy, can be detected)
nmap -sS target.com
๐ SYN scan (stealth scan โ requires root)
sudo nmap -sS target.com
๐ Port-Specific Scans
nmap -p 80 target.com
๐ Scan specific port
nmap -p 1-65535 target.com
๐ Scan all ports
nmap -p 21,22,80,443 target.com
๐ Multiple specific ports
๐ง Service & Version Detection
nmap -sV target.com
๐ Detect service versions
nmap -sV -p 80,443 target.com
๐ Version detection on specific ports
๐ฅ๏ธ OS Detection
sudo nmap -O target.com
๐ Detect operating system
sudo nmap -A target.com
๐ Aggressive scan (OS + services + scripts + traceroute)
๐ NSE Script Scans (Very Important ๐ฅ)
nmap --script default target.com
nmap --script vuln target.com
๐ Check for known vulnerabilities
nmap --script http-enum target.com
๐ Enumerate web directories
nmap --script ssh-auth-methods target.com
๐ SSH auth methods
nmap --script smb-enum-shares target.com
๐ SMB share enumeration
๐ต๏ธ Firewall / IDS Evasion
nmap -f target.com
๐ Fragment packets
nmap --data-length 50 target.com
๐ Add random data
nmap -D RND:10 target.com
๐ Decoy scan (hide your IP)
๐ค Output Saving (For Reports)
nmap -oN output.txt target.com
nmap -oX output.xml target.com
nmap -oA scan_result target.com
๐ Saves in all formats
๐งช UDP Scan (Slow but useful)
sudo nmap -sU target.com
sudo nmap -sU -p 53,67,123 target.com