tldr/pages/common/nmap.md

# nmap

> Network exploration tool and security/port scanner.
> Some features only activate when Nmap is run with root privileges.
> More information: <https://nmap.org>.

- Check if an IP address is up, and guess the remote host's operating system:

`nmap -O {{ip_or_hostname}}`

- Try to determine whether the specified hosts are up (ping scan) and what their names and MAC addresses are:

`sudo nmap -sn {{ip_or_hostname}} {{optional_another_address}}`

- Also enable scripts, service detection, OS fingerprinting and traceroute:

`nmap -A {{address_or_addresses}}`

- Scan a specific list of ports (use '-p-' for all ports from 1 to 65535):

`nmap -p {{port1,port2,...,portN}} {{address_or_addresses}}`

- Perform service and version detection of the top 1000 ports using default NSE scripts; writing results ('-oN') to output file:

`nmap -sC -sV -oN {{top-1000-ports.txt}} {{address_or_addresses}}`

- Scan target(s) carefully using 'default and safe' NSE scripts:

`nmap --script "default and safe" {{address_or_addresses}}`

- Scan web server running on standard ports 80 and 443 using all available 'http-*' NSE scripts:

`nmap --script "http-*" {{address_or_addresses}} -p 80,443`

- Perform a stealthy very slow scan ('-T0') trying to avoid detection by IDS/IPS and use decoy ('-D') source IP addresses:

`nmap -T0 -D {{decoy1_ipaddress,decoy2_ipaddress,...,decoyN_ipaddress}} {{address_or_addresses}}`
nmap docs 2014-02-02 09:57:44 +00:00			`# nmap`

pages/*: remove spaces around slashes (" / ") (#10349) 2023-06-13 18:14:43 +01:00			`> Network exploration tool and security/port scanner.`
nmap: update examples to be more practical and useful (#8099) 2022-06-28 22:56:49 +01:00			`> Some features only activate when Nmap is run with root privileges.`
Refactor: reword English pages' links' descriptions. 2019-06-03 01:06:36 +01:00			`> More information: <https://nmap.org>.`
nmap docs 2014-02-02 09:57:44 +00:00
nmap: add -O example (#4400) 2020-10-14 14:46:17 +01:00			`- Check if an IP address is up, and guess the remote host's operating system:`

			`nmap -O {{ip_or_hostname}}`

nmap: add `sudo` to `nmap -sn` example (#10623) Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> 2023-08-22 14:49:21 +01:00			`- Try to determine whether the specified hosts are up (ping scan) and what their names and MAC addresses are:`
nmap docs 2014-02-02 09:57:44 +00:00
nmap: add `sudo` to `nmap -sn` example (#10623) Co-authored-by: Lena <126529524+acuteenvy@users.noreply.github.com> 2023-08-22 14:49:21 +01:00			`sudo nmap -sn {{ip_or_hostname}} {{optional_another_address}}`
nmap docs 2014-02-02 09:57:44 +00:00
Formatted nmap 2016-01-21 12:21:22 +00:00			`- Also enable scripts, service detection, OS fingerprinting and traceroute:`
added fast scan for nmap 2015-12-29 00:34:45 +00:00
Update nmap.md. 2015-12-29 15:28:01 +00:00			`nmap -A {{address_or_addresses}}`
added fast scan for nmap 2015-12-29 00:34:45 +00:00
nmap: update examples to be more practical and useful (#8099) 2022-06-28 22:56:49 +01:00			`- Scan a specific list of ports (use '-p-' for all ports from 1 to 65535):`

			`nmap -p {{port1,port2,...,portN}} {{address_or_addresses}}`

			`- Perform service and version detection of the top 1000 ports using default NSE scripts; writing results ('-oN') to output file:`
added fast scan for nmap 2015-12-29 00:34:45 +00:00
nmap: update examples to be more practical and useful (#8099) 2022-06-28 22:56:49 +01:00			`nmap -sC -sV -oN {{top-1000-ports.txt}} {{address_or_addresses}}`
Update nmap.md. 2015-12-29 15:28:01 +00:00
nmap: update examples to be more practical and useful (#8099) 2022-06-28 22:56:49 +01:00			`- Scan target(s) carefully using 'default and safe' NSE scripts:`
Update nmap.md. 2015-12-29 15:28:01 +00:00
nmap: update examples to be more practical and useful (#8099) 2022-06-28 22:56:49 +01:00			`nmap --script "default and safe" {{address_or_addresses}}`
Update nmap.md. 2015-12-29 15:28:01 +00:00
nmap: update examples to be more practical and useful (#8099) 2022-06-28 22:56:49 +01:00			`- Scan web server running on standard ports 80 and 443 using all available 'http-*' NSE scripts:`
Update nmap.md. 2015-12-29 15:28:01 +00:00
nmap: update examples to be more practical and useful (#8099) 2022-06-28 22:56:49 +01:00			`nmap --script "http-*" {{address_or_addresses}} -p 80,443`
Add more examples for nmap for common activities such as: - scanning a host with nse scripts - scanning enabled SSL/TLS ciphers/protocols on a host on port 443 2017-10-23 22:33:57 +01:00
nmap: update examples to be more practical and useful (#8099) 2022-06-28 22:56:49 +01:00			`- Perform a stealthy very slow scan ('-T0') trying to avoid detection by IDS/IPS and use decoy ('-D') source IP addresses:`
nmap: add full nse scan example (#4480) 2020-10-14 23:29:25 +01:00
nmap: update examples to be more practical and useful (#8099) 2022-06-28 22:56:49 +01:00			`nmap -T0 -D {{decoy1_ipaddress,decoy2_ipaddress,...,decoyN_ipaddress}} {{address_or_addresses}}`