Nmap Cheat Sheet Tutorial for Basic to Advance

nmap cheat sheet

Welcome back to you this blog. In this blog, I will cover “Nmap basic commands in Kali Linux”

What is Nmap?

Nmap is free and open-source software. It is a powerful tool used to discover hosts and services on a computer network. Nmap has many capabilities.

  • Ping Sweep
  • Os Discovery
  • Aggressive Scanning
  • Without Host discover Scanning
  • Service Version
  • UDP Scanning
  • Default Nmap scripts
  • Script Banner
  • Save Output
  • Port Scanning

How to use Nmap commands

Ping Scan (-sP)

Ping scanning is unlike the other scan techniques. It is used only to find out whether the host is alive or not. During ping scanning, ICMP packets are sent by Nmap to the target system. It is not used to discover open ports.

nmap -sP 10.105.154

nmap ping

OS Detection (-O)

OS Detection is one of the most useful features of Nmap. It is most helpful during penetration testing. Discover the version of any operating system by Nmap. Then exploit it using the Metasploit.

nmap -O 10.105.154

OS Scanning

Aggressive Scan (-A)

Aggressive scanning is a vital phase for gathering information about the target person. It includes a lot of features, ex:- banner grabbing and service enumeration.

nmap -A 10.105.154

Aggressive Scanning

Host discover disable (-Pn)

Suppose that the target machine has a firewall, IDS, and IPS all enabled. Without pinging at the target person, -Pn command can scan its services.

nmap -Pn 10.105.154

Pn Command

Service version (-sV)

Version detection is used to find out what services are running on the target system. So that it can be easily exploited using Metasploit.

nmap -sV 10.105.154

Service Version

UDP Scan (-sU)

Since UDP is stateless and does not involve a three-way handshake, the mechanism behind UDP port scanning is different. -sU command is used to find out UDP Port is open or not on the target system. It does not require any SYN packet to find out the UDP port.

nmap -sU 10.105.154

udp scanning

Default nmap scripts (-sC)

if any port is vulnerable, you do not use any script, -sC command will automatically perform the default script

nmap -sC 10.105.154

Default Script

Nmap Script (–script)

The Nmap Scripting Engine (NSE) is a recent addition of Nmap, which allows users to write simple scripts. If any services are found to be vulnerable, It can be easily exploited with help of the Nmap script. All NSE scripts can be found in /usr/share/nmap/scripts directory. In this blog, we will use smb-os-discovery nse script and determine its operating system version on the target system.

nmap 10.105.154 –script smb-os-discovery.nse

nmap script

Save Output (-oG)

-oG command is used to write a grepable file. It makes perform fast to find out the IP address from any output file. if you want to grep IP address from the output, then you should use the -oG command in nmap

nmap -A 10.105.154 -oG file.txt

Grepable Output

Port Scan (-p)

-p command is used for port scanning. If you want to scan a specific port on the target system, then you should use the -p command in Nmap. Port scanning is a vital phase for gathering information about the target person.

nmap -p 80 10.105.154

port scan

Nmap Cheat Sheet Tutorial


I have made a video for this. If you don’t understand, First of all, You watch this video. I’ll expect it. You got everything.

Add a Comment

Your email address will not be published. Required fields are marked *