Input parameters below and click on the Update button to have commands dynamically updated.
Port Scanning (Nmap, Masscan)
Basic Nmap Scans
Quick Scan
Basic scan (default 1000 ports)
nmap $ipScan all ports
nmap -p 1-65535 $ipStealth SYN scan
nmap -sS $ipFull TCP connection scan
nmap -sT $ipAggressive Scan
OS, services, and version detection
nmap -A $ipAggressive fast scan
nmap -T4 -A -v $ipScanning Specific Ports
Scan specific ports
nmap -p 22,80,443 $ipScan all 65,535 ports
nmap -p- $ipScan first 1000 ports
nmap -p 1-1000 $ipService & Version Detection
Detect services and versions
nmap -sV $ipMore aggressive version detection
nmap -sV --version-intensity 5 $ipOS Detection
Detect OS
nmap -O $ipOS and service detection
nmap -A $ipSkip host discovery (useful for firewalled hosts)
nmap -Pn $ipEvading Firewalls & IDS
Slow stealth scan
nmap -sS -T2 $ipFragmented packets scan
nmap -f $ipUse custom MTU (bypass filters)
nmap --mtu 16 $ipUse decoys
nmap -D RND:10 $ipRandomize payload size
nmap --data-length 200 $ipUDP Scanning
Scan specific UDP ports
nmap -sU -p 53,161 $ipFull UDP scan
nmap -sU -p- $ipScanning Multiple Hosts
Scan a range of IPs
nmap 192.168.1.1-100Scan from a file
nmap -iL targets.txtPing sweep to find live hosts
nmap -sn 192.168.1.0/24Output & Logging
Save output in normal format
nmap -oN output.txt $ipSave output in XML
nmap -oX output.xml $ipSave in greppable format
nmap -oG output.gnmap $ipSave in all formats
nmap -oA fullscan $ipAdvanced & Specialized Scans
Scan Hosts Inside a Network
Identify live hosts
nmap -sn 192.168.1.0/24Ping sweep
nmap -sP 192.168.1.0/24Detecting Vulnerabilities
Run built-in vulnerability scans
nmap --script vuln $ipScan for HTTP vulnerabilities
nmap --script http-vuln* $ipScanning for Specific Services
Scan for SMB OS info
nmap -p 445 --script smb-os-discovery $ipScan MySQL version
nmap -p 3306 --script mysql-info $ipAdditional Tools for Port Scanning
Masscan
masscan -p1-65535 --rate=1000 $ipUnicornscan
unicornscan -i eth0 -mT $ipZmap
zmap -p 443 -o results.txt 192.168.1.0/24