1. Nmap Online
  2. Nmap Commands
Membership level: Free member

Nmap Commands

Fast Scan

Cyber security experts, network administrators using Nmap (“Network Mapper”) open source tool for network exploration and security auditing. If you want to scan your target with nmap tool without any additional installations, skills, or it is lazy to configure or open terminal and enter this commands then nmap.online for you.

nmap command

nmap -F [hostname]

[hostname] - is your host name or IP address

This command scan just the most popular 100 ports with the -F (fast scan) option.

Port scan

nmap command

nmap -sV -p 21,22,25,80,110,143,443,445 [hostname]

[hostname] - is your domain name or IP address

TCP scan for FTP(21), SSH(22), SMTP(25), HTTP(80), POP(110), IMAP(143), HTTPS(443), SMB(445). Service detection (-sV) is also enabled in this port scanning configuration and you will get the version of the running services.

Ping Scan

nmap command

nmap -sP [hostname]

[hostname] - is your domain name or IP address

This option tells Nmap to only perform a ping scan, then print out the available hosts that responded to the scan. No further testing (such as port scanning or OS detection) is performed. This is one step more intrusive than a list scan, and can often be used for the same purposes. It performs light reconnaissance of a target network quickly and without attracting much attention. Knowing how many hosts are up is more valuable to attackers than the list of every single IP and host name.

Scan OS information and Traceroute

nmap command

nmap -A [hostname]

[hostname] - is your host name or IP address

To identify operating system (OS) on target, which is useful for an inventory sweep of your network. 
Use the -A switch to determine the OS for a remote system.

OS Detection

nmap command

nmap -O [hostname]

[hostname] - is your domain name or IP address

One of Nmap's best-known features is remote OS detection using TCP/IP stack fingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines practically every bit in the responses. 
Command with -O Enables OS detection on nmap scan.
 

Forward-confirmed Reverse DNS

nmap command

nmap -sn -Pn --script fcrdns  [hostname]

[hostname] - is your domain name or IP address

Performs a Forward-confirmed Reverse DNS lookup and reports anomalous results.

Determining Firewall Rules

nmap command

nmap -sA [hostname]

[hostname] - is your host name or IP address

-sA (TCP ACK scan)

When scanning unfiltered systems, open and closed ports will both return a RST packet. Nmap then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they are open or closed is undetermined. Ports that don't respond, or send certain ICMP error messages back, are labeled filtered. 

Nmap responses to ACK scan
TCP RST response - unfiltered
No response received (even after retransmissions) - filtered
ICMP unreachable error (type 3, code 1, 2, 3, 9, 10, or 13) - filtered

Scan most popular ports

nmap command

nmap --top-ports [x] [hostname]

[x] - a number to find the most common ports

[hostname] - is your domain name or IP address

Scan the top [x] most common ports.

Scan TCP or UDP protocols

nmap command

TCP scanning:
nmap -sT [hostname]

UDP scanning:
nmap -sU [hostname]

[hostname] - is your domain name or IP address

Scan TCP or UDP-based services

Detecting malware infections

nmap command

nmap -sV --script=http-malware-host [hostname]

[hostname] - is your domain name or IP address

Detect malware and backdoors by running extensive tests on a few popular OS services like on Identd, Proftpd, Vsftpd, IRC, SMB, and SMTP.