Nmap Cheat Sheet V1.0 Page 2
ADVERTISEMENT
1
2Fine-Grained Timing Options
Aggregate Timing Options
Probing Options
-T0 Paranoid: Very slow, used for IDS evasion
--min-hostgroup/max-hostgroup <size>
-Pn
Don't probe (assume all hosts are up)
-T1 Sneaky: Quite slow, used for IDS evasion
Parallel host scan group sizes
-PB
-T2 Polite: Slows down to consume less
Default probe (TCP 80, 445 & ICMP)
--min-parallelism/max-parallelism
bandwidth, runs ~10 times slower than
-PS<portlist>
<numprobes>
default
Check whether targets are up by probing TCP
Probe parallelization
-T3 Normal: Default, a dynamic timing model
ports
based on target responsiveness
--min-rtt-timeout/max-rtt-
-T4 Aggressive: Assumes a fast and reliable
-PE
Use ICMP Echo Request
timeout/initial-rtt-timeout <time>
network and may overwhelm targets
Specifies probe round trip time.
-T5 Insane: Very aggressive; will likely
-PP
Use ICMP Timestamp Request
overwhelm targets or miss open ports
--max-retries <tries>
-PM
Use ICMP Netmask Request
Caps number of port scan probe
retransmissions.
Output Formats
Scan Types
--host-timeout <time>
-oN Standard Nmap output
-sP Probe only (host discovery, not port scan)
Give up on target after this long
-oG Greppable format
-oX XML format
--scan-delay/--max-scan-delay <time>
-sS SYN Scan
-oA <basename>
Adjust delay between probes
Generate Nmap, Greppable, and XML
-sT TCP Connect Scan
output files using basename for files
--min-rate <number>
Send packets no slower than
-sU UDP Scan
Misc Options
<number> per second
-sV Version Scan
Disable reverse IP address lookups
-n
--max-rate <number>
Use IPv6 only
-6
Send packets no faster than
-O
OS Detection
Use several features, including OS
-A
<number> per second
Detection, Version Detection, Script
--scanflags
Set custom list of TCP using
Scanning (default), and traceroute
URGACKPSHRSTSYNFIN in any order
--reason Display reason Nmap thinks port is
open, closed, or filtered
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education