# Nmap

{% file src="<https://2647484537-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtaRkDPLbF1LZ2GtI5UCq%2Fuploads%2FllGG79vFbxdraCt7tCUt%2FNmap%20Cheat%20Sheet.pdf?alt=media&token=f0ce13cf-ceaa-44bf-aff8-1d3223bd79b9>" %}

### Simple Scan

```bash
# Scan IP
nmap 192.168.100.1 
```

### Port Options

```bash
# Scan All Ports
nmap -p- 192.168.100.56
# Fast Scan
nmap -f 192.168.100.56 
# Scan range of ports
nmap -p 1-100 192.168.100.56 
# Scan single port
nmap -p 80 192.168.100.56
# Scan a selection of ports
nmap -p 21,22,25 192.168.100.56
```

### IP options

```bash
# Scan range of IPs
nmap 192.168.100.1-20 
# Scan Subnet
nmap 192.168.100.1/24 
```

### Advanced Scans

```bash
# Save results to file
nmap -oA filename 192.168.100.56
# Change XML to HTML
xlstproc filename.xml -o filename.html
# OS detection
nmap -O 192.168.100.56 
```

### Vulnerable scan Option

```bash
# Vulnerability Detection
nmap -sC --script vuln 192.168.100.56 
# HTTP Vulnerability Detection
nmap -p 80 -sC --script http 192.168.100.56 
```

### Best Options :

```bash
# Full scan
nmap -A 192.168.100.56 
# Port list [TCP SYN Ping]
nmap -PS 192.168.100.56 
# port list [TCP ACK Ping]
nmap -PA 192.168.100.56 
# TCP SYN scan
nmap -sS 192.168.100.56 
# Version detection
nmap -sV 192.168.100.56 

# Scan with common scripts
nmap -Pn -T4 -A -p- <IP> --min-rate=5000
# Service Enumeration
nmap -T4 -sSCV -Pn -p=<PORTS> -vvv <IP> --min-rate=5000
```