–append-output: Append to rather than clobber specified output files –log-errors: Log errors/warnings to the normal-format output file –iflist: Print host interfaces and routes (for debugging)
–packet-trace: Show all packets sent and received –open: Only show open (or possibly open) ports –reason: Display the reason a port is in a particular state d: Increase debugging level (use -dd or more for greater effect) v: Increase verbosity level (use -vv or more for greater effect) oN/-oX/-oS/-oG : Output scan in normal, XML, s|: Output in the three major formats at once –badsum: Send packets with a bogus TCP/UDP/SCTP checksum –ip-options : Send packets with specified ip options –data-length : Append random data to sent packets –data-string : Append a custom ASCII string to sent packets –data : Append a custom payload to sent packets –proxies : Relay connections through HTTP/SOCKS4 proxies f –mtu : fragment packets (optionally w/given MTU) –max-rate : Send packets no faster than per second –min-rate : Send packets no slower than per second –scan-delay/–max-scan-delay : Adjust delay between probes –host-timeout : Give up on target after this long –max-retries : Caps number of port scan probe retransmissions. –min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout : Specifies –min-parallelism/max-parallelism : Probe parallelization –min-hostgroup/max-hostgroup : Parallel host scan group sizes T: Set timing template (higher is faster) ‘s’ (seconds), ‘m’ (minutes), or ‘h’ (hours) to the value (e.g. Options which take are in seconds, or append ‘ms’ (milliseconds), –osscan-guess: Guess OS more aggressively –osscan-limit: Limit OS detection to promising targets is a comma-separated list of script-files or
–script-updatedb: Update the script database. –script-trace: Show all data sent and received –script-args-file=filename: provide NSE script args in a file –script-args=: provide arguments to scripts –version-trace: Show detailed version scan activity (for debugging)ĭirectories, script-files or script-categories –version-all: Try every single probe (intensity 9) –version-light: Limit to most likely probes (intensity 2) –version-intensity : Set from 0 (light) to 9 (try all probes) sV: Probe open ports to determine service/version info –port-ratio : Scan ports more common than r: Scan ports consecutively – don’t randomize F: Fast mode – Scan fewer ports than the default scan –exclude-ports : Exclude the specified ports from scanning –dns-servers : Specify custom DNS servers n/-R: Never do DNS resolution/Always resolve PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes PS/PA/PU/PY: TCP SYN/ACK, UDP or SCTP discovery to given ports Pn: Treat all hosts as online - skip host discovery
sL: List Scan – simply list targets to scan Thanks for watching and please subscribe to my YouTube channel :) Nmap options summary Nmap Open Port Scanning and OS Detection Video Tutorial When we add -v to the command we can increase the verbosity : Now we will start an open port scan with version detection using the following command: Next we will start a SYN scan with OS detection on one of the live hosts using the following command: Let’s start with a ping scan on an IP range to determine live hosts using the following command: It may be against your ISP’s terms to use some Nmap features. Nmap also has a graphical user interface called Zenmap.įirst I want to start off with a little warning: Please be careful using the more aggressive functions of Nmap against hosts you do not own or do not have permission to scan. Nmap stands for Network Mapper and is an open source tool for network exploration and security auditing which comes standard with Kali Linux but is also available for Windows, OSX and many other UNIX platforms. In this tutorial we are going to use Nmap in Kali Linux to scan for open ports scan and we will be using OS detection.