Nmap cheat sheet - zacharylongo/Tech-Journals GitHub Wiki

Nmap Flags

Flag	Description
-sS	TCP SYN scan: This scan sends SYN packets to target ports. It's the default scan type if none is specified.
-sT	TCP Connect scan: Establishes a full connection to the target port.
-sU	UDP scan: Used to scan UDP ports.
-sV	Version detection: Attempts to determine the version of services running on open ports.
-A	Aggressive scan: Enables OS detection, version detection, script scanning, and traceroute.
-O	OS detection: Tries to determine the operating system of the target.
-p	Port specification: Specifies ports or port ranges to scan. Example: -p 22,80-100.
-oN	Normal output: Saves scan results to a normal format text file. Example: -oN output.txt.
-oX	XML output: Saves scan results to an XML format file. Example: -oX output.xml.
--script	Script scanning: Executes Nmap scripts against target hosts. Example: --script vuln.
--traceroute	Traceroute: Performs a traceroute to the target.
-T	Timing template: Specifies timing and performance options. Example: -T4.
-iL	Input from list: Reads target IP addresses or hostnames from a file. Example: -iL targets.txt.
-exclude	Excludes hosts: Excludes specified hosts from the scan. Example: --exclude 192.168.1.1.
-Pn	No ping: Treats all hosts as online, skipping host discovery (ping scan).
-sn	Ping Scan: Disables port scanning and only performs host discovery.
-F	Fast scan: Scans only the 100 most common ports.
-p-	Scan all ports: Scans all 65535 ports.
-r	Scan random ports: Scans ports in random order.
-sN	Null scan: Sends packets with no TCP flags set.
-sF	FIN scan: Sends packets with the FIN flag set.
-sX	Xmas scan: Sends packets with the FIN, PSH, and URG flags set.
-sM	Maimon scan: Sends packets with the FIN and ACK flags set.
-sP	Ping scan: Only performs host discovery without port scanning.
--top-ports	Top N ports: Specifies the number of most common ports to scan. Example: --top-ports 10.

Please refer to the Nmap documentation for additional flags and detailed descriptions.