Nmap Network Scanner

Simple host scan

nmap 192.168.1.1

Scan subnet

nmap 192.168.1.0/24

Scan multiple hosts

nmap 192.168.1.1 192.168.1.2 192.168.1.3

Scan range

nmap 192.168.1.1-100

Port scan

nmap -p 80 192.168.1.1

Scan multiple ports

nmap -p 22,80,443 192.168.1.1

Scan port range

nmap -p 1-1000 192.168.1.1

Scan all ports

nmap -p- 192.168.1.1

Fast scan (100 most common ports)

nmap -F 192.168.1.1

TCP SYN scan (stealth)

sudo nmap -sS 192.168.1.1

TCP connect scan

nmap -sT 192.168.1.1

UDP scan

sudo nmap -sU 192.168.1.1

Detect OS

sudo nmap -O 192.168.1.1

Detect service versions

nmap -sV 192.168.1.1

Aggressive scan

sudo nmap -A 192.168.1.1

Ping scan (no port scan)

nmap -sn 192.168.1.0/24

Skip host discovery

nmap -Pn 192.168.1.1

Scan from file

nmap -iL hosts.txt

Save output

nmap -oN output.txt 192.168.1.1

XML output

nmap -oX output.xml 192.168.1.1

All output formats

nmap -oA scan_results 192.168.1.1

Scan timing (0-5, 5 is fastest)

nmap -T4 192.168.1.1

Script scan

nmap --script=default 192.168.1.1

Vulnerability scan

nmap --script=vuln 192.168.1.1

Check SSL/TLS

nmap --script ssl-enum-ciphers -p 443 example.com

DNS brute force

nmap --script dns-brute example.com

HTTP enumeration

nmap --script http-enum 192.168.1.1