Top 8 Nmap Commands you should know in 2024 (2024)

Table of contents

      • Introduction
      • What is Nmap?
      • Why learn about Nmap?
      • Nmap Command Examples in Linux and Unix
      • Features of Nmap
      • Nmap Commands
      • NMAP Commands Cheat Sheet
      • Conclusion
      • Frequently Asked Questions
  • Introduction
  • What is Nmap?
  • Why learn about Nmap?
  • Nmap Command Examples in Linux and Unix
  • Features of Nmap
  • Nmap Commands
  • NMAP Commands Cheat Sheet
  • Frequently Asked Questions


Nmap is a tool used for network mapping and it is one of the most popular ethical hacking tools in the market. Nmap is used to discover free networks around you. Network administrators find Nmap very useful as they always need to map their networks.

Hackers also started using Nmap for auditing networks and other purposes.

In this guide, we are going to look at What Nmap is, Nmap commands, and some more useful information about Nmap.

What is Nmap?

Nmap is a short form of Network Mapper and it’s an open-source tool that is used for mapping networks, auditing and security scanning of the networks. The reason behind its development is to quickly find large networks at a specific location. For the discovery of networks, the raw IP packets are used by Nmap. The most common use of Nmap is for security audits of networks.

As we see the rise in IoT devices and therefore, the networks are getting more complex for the companies using IoT devices. In this situation, Nmap comes into view where it can be used for auditing the network traffic between web servers of the organisation and the IoT devices.

Why learn about Nmap?

There can be various reasons to learn about Nmap. However, some of them include the following:

  • It allows you to quickly find the networks and the devices on a specific network.
  • Nmap is useful to find out which services are running on a system that includes all the web services and DNS servers.
  • You can also find information about the operating system running on devices on a network.
  • The GUI of Nmap is Zenmap which you can use to see the mappings of a network to use it for reporting and to enhance its usage.
  • You can easily find out unauthorized services on your network.
  • Nmap helps you to find the devices with open ports and you can look at them to enhance their security.

Nmap Command Examples in Linux and Unix

The port scanning is restricted and may result in an unethical practice from some jurisdictions’ point of view. Therefore, the Unix Lab setup can be done as follows:

Top 8 Nmap Commands you should know in 2024 (1)

In the above diagram, the Lab is set up in this way where,

  • Server (1) is powered by an Operating system such as Win/macOS or Linux that will work as an unpatched server.
  • Wks01 shows your operating system used for scanning the local networks using Nmap.
  • Server (2) works the same as the server(1) where it is also powered by the operating system but the difference is that it is a fully patched server integrated with a firewall.
  • All three systems such as Server(1), wks01 or the operating system, and server(2) are connected via a network switch.
 Check out this Linux Tutorial

Features of Nmap

There are several features of Nmap that include the following:

  • OS Detection: OS scanning can be done in Nmap that detects the OS, version of the OS, and other details about it.
  • Service Detection: The several service probs found in the Nmap-services-probe-file are used to get the responses from network services and their applications.
  • Host discovery: This method is used by network hosts to gather data about other hosts in the network by the use of TCP and UDP protocols.
  • Target Specification: The target specification feature can be used to specify a Target IP address that you want to scan in Nmap.
  • IPv6 Support: IPv6 means Internet Protocol version 6 and it can be used in Nmap for scanning the network. As IPv6 is capable of scanning larger addresses than IPv4, it makes scanning through CIDR-style scanning ranges that make it idle for scanning larger addresses.
  • NSE Functionality: NSE stands for Nmap Scripting Engine and it comes in Nmap functionality that you can use for host discovery, network scanning, and target specification.
  • TLS/SSL scanning: The TLS deployment problems can be analyzed fastly with the help of Nmap.

Nmap Commands

Here is the list of Nmap Commands

  1. Scan a Range of IP Address
  2. Port Scanning
  3. Ping Scan Using Nmap
  4. Saving the Nmap Scan Output to a File
  5. Most Popular Ports Scanning
  6. Display Open Ports:
  7. Exclude Host/ IP Addresses for the Scan
  8. Service Version Detection

    1. Scan a Range of IP Address: To scan a range of IP addresses, the Nmap command is as follows:

  • 2. Port Scanning: There are multiple commands in Nmap for scanning ports such as:

To scan TCP port 80, the following Nmap command can be used:

nmap -p T:80 scan UDP port 53:nmap -p U:53 scan the range of ports:nmap -p 80-160

We can also combine all these commands to scan multiple ports:

nmap -p U:53, 112, 135, T:80, 8080
  • 3. Ping Scan Using Nmap: It can be used for host discovery and the following command can be used:
nmap -sP
  • 4. Saving the Nmap Scan Output to a File: The syntax for the command to save the Nmap output to a text file is as follows:
nmap > op.txtnmap -oN /temp/files/output/ -oN op.txt
  • 5. Most Popular Ports Scanning: The most popular TCP ports can be scanned using TCP SYN scan and the following command exists for this purpose:
nmap -sS
  • the above command is used for stealthy scan

For OS fingerprinting, the following command can be used:

nmap -sT
  • 6. Display Open Ports: The command for displaying open ports on the network is as follows:
nmap –open –open –open
  • 7. Exclude Host/ IP Addresses for the Scan: In order to exclude the hosts from the Nmap scan, you can use the following Nmap commands:

If you are scanning a number of hosts/networks, then you can exclude hosts/IPs from a scan by using:

nmap –exclude


nmap 192. 168.1.1-24 –exclude,

for excluding more than one host.

  • 8. Service Version Detection: The service version can be detected for IPv4 script with the help of Nmap by using any of the following commands:
nmap -A -v -A -A -iL /user/temp/list.txt

NMAP Commands Cheat Sheet

The following is a Nmap Command CheatSheet that contains some useful Nmap Commands:

Nmap commands for Port Selection:

To scan a single port using Nmap:nmap -p 8
To scan a range of ports using Nmap:nmap -p 1-20
For scanning common ports of the network:nmap -F
If you want to scan all the 65532 ports of the network, then use the corresponding command:nmap -p-

Nmap Commands for Target Selection:

To scan a single IP host:nmap
For scanning the range of IPs:nmap
If you want to scan a single host:nmap www.<hostname>.com
For scanning targets from text file, you should use the corresponding Nmap command:nmap -iL target-ip-lists.txt

These commands are used to perform default scans using Nmap and it scans 1000 TCP ports where host discovery will also take place.

Nmap commands for OS and Version Detection:

For detection of OS and the services:nmap -A
To detect aggressive services:nmap -sV –version-intensity 4
For standard version detection:nmap -sV

The above commands are used to determine the operating system running on a particular port of the network. The command that we discussed for aggressive services detection can be used for the services running on unusual ports of the network.

Nmap commands for different Output Formats:

If you want to save default output to a file:nmap -oN op.txt
To save the output in all formats:nmap -oA op
To save results in XML format:nmap -oX op.xml
To save the Nmap results in format for grep:nmap -oG op.txt

The default output can also be saved by simple redirecting the file with the command: command>file. In the above command, oN is used to save the results and also monitors the terminal for scanning.

Nmap command for IP address info:

To get the information of IP Address:nmap- –script=asn-query, whois, ip-geolocation-stateloc

The command above can be used to get the details related to the IP address and owner of that IP address. This command uses WhoIS, GeoIP location lookups and ASN query.

Nmap commands to gather HTTP service information:

To get the HTTP headers of web services:nmap –script=http-title
Command to find web apps from specific paths:nmap –script=http-enum
To gather the data about page titles from HTTP services:nmap –script=http-title 192.168.10/24

These commands used to get the details about HTTP service are very useful for larger networks as it identifies the HTTP services on the network and reports immediately results.

To get more information about NSE scripts:

To scan some default scripts:nmap -sV -sC
Nmap command for scanning a set of scripts:nmap -sV –script=aqb*
To scan a specific NSE script:nmap -sV -p 443 –script=ssl-gl.nse
To get help for a script:nmap –script-help=ssl-gl

There are several NSE scripts in nmap that can be used for a wide range of security testing in the network. These scripts are also helpful in the discovery of new networks. The -sV parameter used in the commands above is used as a service detection parameter.

Nmap commands for port scan types:

To scan selected portsnmap -Pn -F
Nmap command to scan UDP ports:nmap -sU -p 123, 161, 162,
To scan using TCP SYN scan :nmap -sS
To scan using TCP connect to port:nmap -sT

These commands are very useful to scan port types. The SYN scan requires some privileged access and it uses TCP connect scan for insufficient privileges. The -Pn in the above commands is used for the PING parameter.


Nmap is a powerful tool used for networking and security auditing of networks. Nmap is helpful for quickly finding useful information about the networks, ports, hosts, and operating systems. There are other settings of Nmap too that enhance its productivity. In this article, we discussed the features of Nmap and why it should be learned. Also, we saw its cheatsheet where we included some commonly used commands of Nmap. Here comes the end of this article.

Frequently Asked Questions

Why is the Nmap command used?

The Nmap commands are used for a number of reasons that include security configurations and network auditing. The major reason for using Nmap is that it helps to find out networks very quickly and no complex configurations are needed to do this. Nmap also supports commands and scripting which makes it very useful for network administrators.

How many commands are there in Nmap?

There is a number of commands in Nmap and the number differs from version to version. Also, commands can be joined to make another command which means the total number of commands can also be increased. However, there are 50+ commands available in Nmap.

Do hackers use Nmap?

The answer is Yes because Nmap can be used to gain access to uncontrolled ports on the network that may lead to providing access to the system. The hackers run the commands to get into the targeted system and can exploit the vulnerabilities of that system.

How do I scan an IP with Nmap?

To scan an IP, you must know the subnet you are connected to. The following command can be used to scan an IP with Nmap:

What is the Nmap tool?

Nmap is a very useful network scanning tool. Nmap is used to identify the devices connected to a network with the help of IP packets. It can also be used to get information about the services running on the network and the OS.

How to install Nmap Linux?

The following steps can be followed to install Nmap Linux:
1. First update the list of Ubuntu packages and you also need to make sure before you install the Nmap, that all the packages are up-to-date. The command can be used to update packages on Ubuntu:
sudo apt-get update
2. Now after updating all the packages, you can install Nmap by using the following command:
sudo apt-get install nmap
3. Finally, in order to check if it is successfully installed on your system or not, you may use the following command and it will give you the version details of Nmap if installed successfully.
nmap –version

What does Nmap do for Linux?

Nmap uses IP packets to find the devices connected to a network and it also provides information about the OS and the services running on it.

How do you run Nmap?

To run Nmap, you need to check if it is installed on your system or not by using the following command:
nmap –version
If nmap is not installed, then you need to install it first and then you can run it by using the command below:
nmap [hostname] or nmap [ip-address]
You need to use the hostname or ip-address that you want to run Network Mapping.

Top 8 Nmap Commands you should know in 2024 (2024)


What is the most popular Nmap command? ›

NMAP Commands Cheat Sheet
To scan selected portsnmap -Pn -F
Nmap command to scan UDP ports:nmap -sU -p 123, 161, 162,
To scan using TCP SYN scan :nmap -sS
To scan using TCP connect to port:nmap -sT

What is the Nmap commands? ›

Nmap commandDescription
-sSPerforms SYN scan on specified ports.
-PnDisables ICMP Echo requests.
-nDisables DNS resolution.
--disable-arp-pingDisables ARP ping.
4 more rows
Feb 27, 2024

What are the 3 main functions of Nmap? ›

Nmap is a network scanning tool—an open source Linux command-line tool—used for network exploration, host discovery, and security auditing. Gordon Lyon (pseudonym Fyodor Vaskovich) created it to help map an entire network easily and find its open ports and services.

What is the most common scan in Nmap? ›

Nmap scanning helps network teams with network reconnaissance and vulnerability discovery. Common types of scans include TCP SYN, OS detection, vulnerability and version detection. All network infrastructures are at risk, due to sophisticated hackers and cyber threats.

Is Nmap illegal in USA? ›

Network probing or port scanning tools are only permitted when used in conjunction with a residential home network, or if explicitly authorized by the destination host and/or network. Unauthorized port scanning, for any reason, is strictly prohibited.

What is the quickest Nmap scan? ›

A port scan will be about 10 times as fast if you only scan 100 ports instead of the default 1,000. You can scan just the most popular 100 ports with the -F (fast scan) option, specify an arbitrary number of the most commonly open ports with --top-ports , or provide a custom list of ports to -p .

What is Nmap for beginners? ›

Nmap (“Network Mapper”) is a free and open source utility for network exploration and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

What are Nmap flags? ›

Quite simply, Nmap flags are simply the parameters that Nmap uses to accomplish certain objectives. What isn't so simple is how to use them. There are many variations of Nmap commands, and the parameters or flags will help you to tell Nmap exactly what you are trying to do.

How to run Nmap command? ›

Executing Nmap on Windows
  1. Make sure the user you are logged in as has administrative privileges on the computer (user should be a member of the administrators group).
  2. Open a command/DOS Window. ...
  3. Change to the directory you installed Nmap into. ...
  4. Execute nmap.exe.

Why do hackers use Nmap? ›

However, hackers can also use Nmap to access uncontrolled ports on a system. They can run Nmap on a targeted approach, identify vulnerabilities, and exploit them. But Nmap is not only used by hackers - IT security companies also use it to simulate potential attacks that a system may face.

How to Nmap an IP address? ›

You can append / <numbits> to an IP address or hostname and Nmap will scan every IP address for which the first <numbits> are the same as for the reference IP or hostname given. For example, 192.168. 10.0/24 would scan the 256 hosts between 192.168. 10.0 (binary: 11000000 10101000 00001010 00000000 ) and 192.168.

How to Nmap scan all ports? ›

To instruct Nmap to scan all 65,535 ports on a target, use the (-p-) option in your command. For example, nmap -p- <target> would initiate a scan of all ports on the specified target, providing a comprehensive overview of all potential entry points for services and applications.

What is the best Nmap scan command? ›

Nmap port scanning

Use -p <_port> to scan for one specific port on the target. You can also use -p to scan for a range of ports, -p 1-20 <_target> would scan for the ports 1 to 20 on the target. There is also the possibility to specify multiple specific ports by separating them with a comma.

What is the best output of Nmap? ›

In almost all cases that a non-trivial application interfaces with Nmap, XML is the preferred format. The XML output references an XSL stylesheet which can be used to format the results as HTML. The easiest way to use this is simply to load the XML output in a web browser such as Firefox or IE.

What is xmas scan in Nmap? ›

Xmas scan ( -sX ) Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree. These three scan types are exactly the same in behavior except for the TCP flags set in probe packets.

What is the most reliable Nmap scan? ›

SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. It is also relatively unobtrusive and stealthy since it never completes TCP connections.

Which is the most common networking command? ›

PING. The Ping command is one of the most widely used commands in the prompt tool, as it allows the user to check the connectivity of our system to another host.

What is the most widely used port scanning tool? ›

Port Scanning Techniques. Nmap is one of the most popular open-source port scanning tools available. Nmap provides a number of different port scanning techniques for different scenarios.

Top Articles
How Car Insurance Companies Value Cars
Why does Pantone have a color of the year? It started with ... birds
Barstool Sports Gif
11 beste sites voor Word-labelsjablonen (2024) [GRATIS]
Hometown Pizza Sheridan Menu
No Hard Feelings Showtimes Near Metropolitan Fiesta 5 Theatre
Brendon Tyler Wharton Height
How To Be A Reseller: Heather Hooks Is Hooked On Pickin’ - Seeking Connection: Life Is Like A Crossword Puzzle Login
Capitulo 2B Answers Page 40
10 Best Places to Go and Things to Know for a Trip to the Hickory M...
Fear And Hunger 2 Irrational Obelisk
Www Craigslist Com Phx
Samantha Lyne Wikipedia
Straight Talk Phones With 7 Inch Screen
Water Days For Modesto Ca
Band Of Loyalty 5E
Wausau Marketplace
Urban Dictionary Fov
Page 2383 – Christianity Today
Encore Atlanta Cheer Competition
John Deere 44 Snowblower Parts Manual
N.J. Hogenkamp Sons Funeral Home | Saint Henry, Ohio
Max 80 Orl
Mega Millions Lottery - Winning Numbers & Results
Gerber Federal Credit
Walter King Tut Johnson Sentenced
All Things Algebra Unit 3 Homework 2 Answer Key
Troy Gamefarm Prices
Anya Banerjee Feet
Jason Brewer Leaving Fox 25
Gifford Christmas Craft Show 2022
Anguilla Forum Tripadvisor
Nid Lcms
Cocaine Bear Showtimes Near Cinemark Hollywood Movies 20
Anderson Tribute Center Hood River
Umd Men's Basketball Duluth
Yale College Confidential 2027
Zeeks Pizza Calories
Canada Life Insurance Comparison Ivari Vs Sun Life
St Anthony Hospital Crown Point Visiting Hours
Meee Ruh
All Buttons In Blox Fruits
View From My Seat Madison Square Garden
Marion City Wide Garage Sale 2023
How To Find Reliable Health Information Online
Vt Craiglist
ats: MODIFIED PETERBILT 389 [1.31.X] v update auf 1.48 Trucks Mod für American Truck Simulator
Latest Posts
Article information

Author: Sen. Ignacio Ratke

Last Updated:

Views: 6147

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Sen. Ignacio Ratke

Birthday: 1999-05-27

Address: Apt. 171 8116 Bailey Via, Roberthaven, GA 58289

Phone: +2585395768220

Job: Lead Liaison

Hobby: Lockpicking, LARPing, Lego building, Lapidary, Macrame, Book restoration, Bodybuilding

Introduction: My name is Sen. Ignacio Ratke, I am a adventurous, zealous, outstanding, agreeable, precious, excited, gifted person who loves writing and wants to share my knowledge and understanding with you.