Nmap Cheat Sheet

-sn

Disables port scanning

-Pn

Disables ICMP Echo requests

-n

Disabled DNS resolution

-PE

performs the pings scan by using ICMP echo requests

--packet-trace

shows all packets sent and received

--reason

display the reason for a specific result

--disable-arp-ping

disables ARP Ping request

--top-ports=<int>

scans the specified number of top ports

-p-

scan all ports

-p22-110

scan all ports between 22 and 110

-p22,110

scan only ports 22 and 110

-F

scan top 100 ports

-sS

perform TCP SYN-Scan

-sA

perform TCP ACK-Scan

-sU

perform UDP scan

-sV

scans the discovered services for their versions

-sC

perform a script scan with scripts that are categorized as "default"

--script <script>

performs a script scan by using the specified scripts

-O

perform an OS detection scan

-A

performs OS detection, service detection, and traceroute scans

-D RND:5

sets the number of random decoys that will be used to scan the target

-e

specifies the network interface that is used for the scan

-S 10.10.10.200

specifies the source IP address for the scan

-g

specifies the source port for the scan

--dns-server

DNS resolution is performed by using a specified name server

-oA filename

Stores the results in all available formats starting with the name of "filename"

-oN filename

Stores the results in normal format with the name "filename"

-oG filename

Stores the results in "grepable" format with the name of "filename"

-oX filename

Stores the results in XML format with the name of "filename"

--max-retries <num>

Sets the number of retries for scans of specific ports

--stats-every=5s

Displays scan's status every 5 seconds

-v/-vv

Displays verbose output during the scan

--initial-rtt-timeout 50ms

Sets the specified time value as initial RTT timeout

--max-rtt-timeout 100ms

Sets the specified time value as maximum RTT timeout

--min-rate 300

Sets the number of packets that will be sent simultaneously

-T <0-5>

Specifies the specific timing template