Nmap Manual - Comprehensive Guide

user@nmap-manual:~

> nmap_manual/

Nmap ("Network Mapper") is a free and open-source utility for network discovery and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.

Basic Commands

$ nmap -sP 192.168.1.0/24

Ping scan - lists hosts that respond to ping

$ nmap -sS 192.168.1.1

Stealth SYN scan (default scan type)

$ nmap -sV 192.168.1.1

Version detection scan

Advanced Scanning

$ nmap -A -T4 192.168.1.1

Aggressive scan with OS detection, version detection, script scanning, and traceroute

$ nmap -p 1-65535 -sV -sS -T4 192.168.1.1

Full port scan with service detection

$ nmap --script vuln 192.168.1.1

Vulnerability scan using NSE scripts

Firewall Evasion

$ nmap -f 192.168.1.1

Fragment packets (evades some packet filters)

$ nmap --mtu 24 192.168.1.1

Set custom MTU size

$ nmap -D RND:10 192.168.1.1

Use decoy IP addresses

NSE Scripting

$ nmap --script=http-title 192.168.1.1

Get webpage titles from web servers

$ nmap --script=ssl-enum-ciphers 192.168.1.1 -p 443

Enumerate SSL/TLS ciphers

$ nmap --script=smb-os-discovery 192.168.1.1

SMB OS discovery

> nmap_manual/

Basic Commands

Advanced Scanning

Firewall Evasion

NSE Scripting

Resources