Nmap Hacking Tricks for Hackers (Advanced)

In this article we show you the best Nmap Hacking Tricks for Hackers (Advanced).There are many nmap hacking commands but we will discuss popular nmap tricks.

Nmap is a free open source tool, employed to discover hosts and services on a computer network by sending packets and analyzing the retrieved responses. Nmap offers some features for probing computer networks, including host discovery and service and operating system detection.

Related Articles:

  • Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.
  • Host discovery – Identifying hosts on a network. For example, listing the hosts that respond to TCP and/or ICMP requests or have a particular port open.
  • Port scanning – Enumerating the open ports on target hosts.
  • OS detection – Determining the operating system and hardware characteristics of network devices.
  • Version detection – Interrogating network services on remote devices to determine the application name and version number.
  • Scriptable interaction with the target support using the Nmap Scripting Engine (NSE).

Usage of Nmap


  • Auditing the security of a device or firewall by identifying the network connections which can be made to, or through it.
  • Identifying open ports on a target host in preparation for auditing.
  • Network inventory, network mapping, and maintenance and asset management.
  • Auditing the security of a network by identifying new servers.
  • Generating traffic to hosts on a network, response analysis and response time measurement.
  • Finding and exploiting vulnerabilities in a network.
  • DNS queries and subdomain search

NMAP Commands Cheatsheet

The following section explains the usage of category-wise NMAP diverse commands with examples as following –

Basic Scanning Commands

Scan a Single Targetnmap [target]nmap
Scan Multiple Targetsnmap [target1, target2, etcnmap
Scan a Range of Hostsnmap [range of ip addresses]nmap
Scan an Entire Subnetnmap [ip address/cdir]nmap
Scan Random Hostsnmap -iR [number]nmap -iR 0
Excluding Targets from a Scannmap [targets] – exclude [targets]nmap –exclude,
Excluding Targets Using a Listnmap [targets] – excludefile [list.txt]nmap –excludefile notargets.txt
Perform an Aggressive Scannmap -A [target]nmap -A
Scan an IPv6 Targetnmap -6 [target]nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2afe

Discovery Options

Perform a Ping Only Scannmap -sP [target]nmap -sP
Don’t Pingnmap -PN [target]nmap -PN
TCP SYN Pingnmap -PS [target]nmap -PS
TCP ACK Pingnmap -PA [target]nmap -PA
UDP Pingnmap -PU [target]nmap -PU
SCTP INIT Pingnmap -PY [target]nmap -PY
ICMP Echo Pingnmap -PE [target]nmap -PE
ICMP Timestamp Pingnmap -PP [target]nmap -PP
CMP Address Mask Pingnmap -PM [target]nmap -PM
IP Protocol Pingnmap -PO [target]nmap -PO
ARP Pingnmap -PR [target]nmap -PR
Traceroutenmap –traceroute [target]nmap –traceroute
Force Reverse DNS Resolutionnmap -R [target]nmap -R
Disable Reverse DNS Resolutionnmap -n [target]nmap -n
Alternative DNS Lookupnmap –system-dns [target]nmap –system-dns
Manually Specify DNS Server(s)nmap –dns-servers [servers] [target]nmap –dns-servers
Create a Host Listnmap -sL [targets]nmap -sL

Advanced Scanning Options

TCP SYN Scannmap -sS [target]nmap -sS
TCP Connect Scannmap -sT [target]nmap -sT
UDP Scannmap -sU [target]nmap -sU
TCP NULL Scannmap -sN [target]nmap -sN
TCP FIN Scannmap -sF [target]nmap -sF
Xmas Scannmap -sX [target]nmap -sX
TCP ACK Scannmap -sA [target]nmap -sA
Custom TCP Scannmap –scanflags [flags] [target]nmap –scanflags SYNFIN
IP Protocol Scannmap -sO [target]nmap -sO
Send Raw Ethernet Packetsnmap –send-eth [target]nmap –send-eth
Send IP Packetsnmap –send-ip [target]nmap –send-ip

Port Scanning Options

Perform a Fast Scannmap -F [target]nmap -F
Scan Specific Portsnmap -p [port(s)] [target]nmap -p 21-25,80,139,8080
Scan Ports by Namenmap -p [port name(s)] [target]nmap -p ftp,http*
Scan Ports by Protocolnmap -sU -sT -p U: [ports],T:[ports] [target]nmap -sU -sT -p U:53,111,137,T:21- 25,80,139,8080
Scan All Portsnmap -p ‘*’ [target]nmap -p ‘*’
Scan Top Portsnmap –top-ports [number] [target]nmap –top-ports 10
Perform a Sequential Port Scannmap -r [target]nmap -r

Version Detection

Operating System Detectionnmap -O [target]nmap -O
Submit TCP/IP
Attempt to Guess an Unknown OSnmap -O –osscan guess [target]nmap -O –osscan-guess
Service Version Detectionnmap -sV [target]nmap -sV
Troubleshooting Version Scansnmap -sV –version trace [target]nmap -sV –version-trace
Perform a RPC Scannmap -sR [target]nmap -sR

Firewall Evasion Techniques

augment Packetsnmap -f [target]nmap -f
pacify a Specific MTUnmap –mtu [MTU] [target]nmap –mtu 32 192.168.0.
Use a Decoynmap -D RND:[number] [target]nmap -D RND:10
le Zombie Scannmap -sI [zombie] [target]nmap -sI
Manually Specify a Source Portnmap –source-port [port] [target]nmap –source-port 10
Append Random Datanmap –data-length [size] [target]nmap –data-length 2
Randomize Target Scan Ordernmap –randomize-hosts [target]nmap –randomize-ho
Spoof MAC Addressnmap –spoof-mac [MAC|0|vendor] [target]nmap –spoof-mac Cis
Send Bad Checksumsnmap –badsum [target]nmap –badsum

Troubleshooting And Debugging

Getting Helpnmap -hnmap -h
Display Nmap Versionnmap -Vnmap -V
Verbose Outputnmap -v [target]nmap -v
Debuggingnmap -d [target]nmap -d
Display Port State Reasonnmap –reason [target]nmap –reason
Only Display Open Portsnmap –open [target]nmap –open
Trace Packetsnmap –packet-trace [target]nmap –packet-trace
Display Host Networkingnmap –iflistnmap –iflist
Specify a Network Interfacenmap -e [interface] [target]nmap -e eth0

NMAP Scripting Engine

Execute Individual Scriptsnmap –script [script.nse] [target]nmap –script banner.nse
Execute Multiple Scriptsnmap –script [expression] [target]nmap –script ‘http-*’
Script Categoriesall, auth, default, discovery, external, intrusive, malware, safe, vuln
Execute Scripts by Categorynmap –script [category] [target]nmap –script ‘not intrusive’
Execute Multiple Script Categoriesnmap –script [category1,category2,etc]nmap –script ‘default or safe’
Troubleshoot Scriptsnmap –script [script] –script trace [target]nmap –script banner.nse –script-trace
Update the Script Databasenmap –script-updatedbnmap –script-updatedb

 Related Questions & Answers

Spread the love

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *