Scan IP
nmap 192.168.1.1
Scan network
nmap 192.168.1.0/24
Fast scan
nmap -F 192.168.1.1
Scan machines up
nmap -sP 192.168.1.0/24
Read hosts for a file (one IP or name per line)
nmap -iL /tmp/test.txt
detect remote services (server / daemon) version numbers
nmap -sV 192.168.1.1
Turn on OS and version detection
nmap -v -A 192.168.1.254
nmap -A -iL /tmp/test.txt
Find out if a host/network is protected by a firewall
nmap -sA 192.168.1.254
Scan a host when protected by the firewall
nmap -PN 192.168.1.1
Scan TCP port 80
nmap -p T:80 192.168.1.1
Scan UDP port 53
nmap -p U:53 192.168.1.1
Scan two ports
nmap -p 80,443 192.168.1.1
Scan a host using TCP ACK (PA) and TCP Syn (PS) ping
nmap -PS 192.168.1.1
nmap -PS 21,80,443 192.168.1.1
nmap -PA 192.168.1.1
Scan a host using IP protocol ping
nmap -PO 192.168.1.1
Display the reason a port is in a particular state
nmap --reason 192.168.1.1
Only show open (or possibly open) ports
nmap --open 192.168.1.1
Show all packets sent and received
nmap --packet-trace 192.168.1.1
nmap --packet-trace server1.cyberciti.biz
Scan a host using UDP ping
nmap -PU 192.168.1.1
Stealthy scan
nmap -sS 192.168.1.1
TCP scan
nmap -sT 192.168.1.1
Find out the most commonly used TCP ports using TCP ACK scan
nmap -sA 192.168.1.1
Cloak a scan with decoys
nmap -n -Ddecoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4 remote-host-ip
nmap -n -D192.168.1.5,10.5.1.2,172.1.2.4,3.4.2.1 192.168.1.5
How do I save output to a text file?
nmap 192.168.1.1 > output.txt
nmap -oN /path/to/filename 192.168.1.1
nmap -oN output.txt 192.168.1.1
