What is Nmap and Why Should You Use It?
Nmap (short for Network Mapper) is a free, open-source tool used for:
- Network discovery
- Port scanning
- Vulnerability detection
- Security auditing
It’s widely trusted by ethical hackers, system administrators, and cybersecurity analysts to map network infrastructure and detect vulnerabilities before attackers do
Nmap: Essential Usage and Options
1. Target Specification
Nmap allows flexible target selection:
| Command Example | Description |
|---|---|
nmap 192.168.1.1 | Scan a single IP |
nmap 192.168.1.1-254 | Scan a range of IPs |
nmap scanme.nmap.org | Scan a domain |
nmap 192.168.1.0/24 | Scan using CIDR notation |
nmap -iL targets.txt | Scan targets from a file |
nmap -exclude 192.168.1.1 | Exclude listed hosts |
2. Scan Techniques
Nmap supports various scan types for different scenarios:
| Switch | Example | Description |
|---|---|---|
| -sS | nmap -sS 192.168.1.1 | TCP SYN (stealth) scan |
| -sT | nmap -sT 192.168.1.1 | TCP connect scan |
| -sU | nmap -sU 192.168.1.1 | UDP scan |
| -sA | nmap -sA 192.168.1.1 | ACK scan |
| -sN | nmap -sN 192.168.1.1 | Null scan |
| -sF | nmap -sF 192.168.1.1 | FIN scan |
| -sX | nmap -sX 192.168.1.1 | Xmas scan |
3. Host Discovery
Quickly identify live hosts on a network:
| Switch | Example | Description |
|---|---|---|
| -sn | nmap -sn 192.168.1.0/24 | Ping scan (host discovery only) |
| -PS | nmap -PS 192.168.1.1 | TCP SYN ping |
| -PA | nmap -PA 192.168.1.1 | TCP ACK ping |
| -PE | nmap -PE 192.168.1.1 | ICMP echo ping |
| -PP | nmap -PP 192.168.1.1 | ICMP timestamp ping |
| -PM | nmap -PM 192.168.1.1 | ICMP address mask ping |
| -PU | nmap -PU 192.168.1.1 | UDP ping |
| -PR | nmap -PR 192.168.1.0/24 | ARP ping |
4. Port Specification
Control which ports to scan:
| Switch | Example | Description |
|---|---|---|
| -p | nmap -p 22,80,443 192.168.1.1 | Scan specific ports |
| -F | nmap -F 192.168.1.1 | Fast scan (top 100 ports) |
5. Service and Version Detection
Identify services and their versions:
| Switch | Example | Description |
|---|---|---|
| -sV | nmap -sV 192.168.1.1 | Service version detection |
| -A | nmap -A 192.168.1.1 | Enable OS detection, version detection, script scanning, and traceroute |
6. Output Formats
Customize scan output for reporting and analysis:
| Switch | Example | Description |
|---|---|---|
| -oN | nmap -oN output.txt | Normal output |
| -oX | nmap -oX output.xml | XML output |
| -oG | nmap -oG output.gnmap | Grepable output |
| -oA | nmap -oA output | All formats |
7. Timing and Performance
Adjust scan speed and stealth:
| Switch | Example | Description |
|---|---|---|
| -T0 | nmap -T0 192.168.1.1 | Paranoid (IDS evasion) |
| -T1 | nmap -T1 192.168.1.1 | Sneaky |
| -T2 | nmap -T2 192.168.1.1 | Polite |
| -T3 | nmap -T3 192.168.1.1 | Normal (default) |
| -T4 | nmap -T4 192.168.1.1 | Aggressive |
| -T5 | nmap -T5 192.168.1.1 | Insane (fastest) |
Basic Scans
nmap [target]
nmap 192.168.0.1
✅ Host Discovery
nmap -sn 192.168.0.0/24
✅ Port Scanning Techniques
nmap -sS 192.168.0.1 # TCP SYN scan
nmap -sU 192.168.0.1 # UDP scan
✅ Service and Version Detection
nmap -sV 192.168.0.1
✅ Operating System Detection
nmap -O 192.168.0.1
✅ Aggressive Scanning
nmap -A 192.168.0.1
✅ Output Formats
nmap -oN output.txt
nmap -oX output.xml
How This Cheat Sheet Helps You?
- Speed Up Reconnaissance: One-liners save time during real-time engagements.
- Avoid Common Mistakes: Quickly recall the right flags for accurate results.
- Improve Workflow: Easily switch between scan types and output modes.
- Great for Interviews or Certifications: Perfect for CEH, CompTIA Security+, and OSCP exam prep.
Pro Tips for Using Nmap Efficiently
- Combine Options Smartly
Use combos like-sS -sV -O -Ato gather everything in one scan (be cautious—it’s noisy!). - Scan Stealthily
Use flags like-T0(paranoid) or--data-lengthto reduce detection. - Target Specific Ports bashCopyEdit
nmap -p 22,80,443 target.com - Use NSE Scripts for Deep Analysis
Nmap Scripting Engine (NSE) can detect vulnerabilities like SSL issues, backdoors, and misconfigurations.
Final Thoughts
Nmap is more than a port scanner — it’s your gateway into network analysis and ethical hacking. With this powerful cheat sheet and a few hands-on sessions, you’ll quickly grow from beginner to expert. Whether you’re prepping for a certification or a live engagement, this Nmap cheat sheet is your secret weapon.