Nmap top 10 commands you should know

Written by Darshit Varotaria

I'm a Web Application Pentester, Security Researcher and Bug Hunter.

May 17, 2019

Hey there Techies! In this blog we will be looking at Nmap top 10 commands you should know. It will be helpful if you are working or want to work in the field of network security, network architecture development, information security, information technology, ethical hacking and many more related fields.

No doubt if you are familiar with Nmap then you will be knowing few of them but I suggest you to go through entire blog, these commands will help you while using advanced Nmap commands.

First, if you don’t know about Nmap then let me give you a short intro, Nmap is a tool widely used by network security engineers, ethical hackers and information security professionals for scanning networks, ports, firewalls, networks services. Read here to setup Nmap in Windows.

So, without wasting our time, let’s get started with Nmap top 10 commands.

1. Single Target Scanning

The basic command or I can say the default Nmap command use to scan single target. I’ll not recommend you to scan networks which you do not have permission, scanning those networks might get you in trouble. So be aware of that…

So, let get started with our first command which can be used for single target scanning

$nmap 192.168.x.x01

2. Multiple Target Scanning

Now, suppose you have multiple targets and you want to scan them all together. To make your work easy, you can use the second command that is for multiple target scanning.

$nmap 192.168.x.x01 192.168.x.x02 192.168.x.x03

3. Scanning Range of Target

The multiple target scanning can work well if you have 3 to 4 targets, but what we can do if we have 40 to 50 targets and wanted to scan them all to gather?

The solution for this will be scanning range of targets. So, our next command will be for scanning range of targets i.e.

$nmap 192.168.x.1-150

4. Scanning Entire Subnet

This command will give you leverage to scan entire subnet. If you don’t know about subnet then you should google it, there are lots of blog out there.


5. Scanning from Text File

Now, suppose you have list of targets but all of them are in different range, so we can’t simply use entire range as all of them are in different range. The best thing you can do is, you can copy all the target into notepad and save it as text file. Now you can simply tell Nmap to scan those targets from the text file.

command can be given as

$nmap -iL Desktop/file.txt

here the text file is located on desktop, so the location given after -iL varies.

6. Random Target Scanning

Now, suppose you are getting bored having no work to do, then nmap also have this command to get you to work, that is choosing random targets. Personally, I will not suggest you to use this command as it will randomly start scanning any target and of which you don’t have permission, that might get you in trouble.

So, the command can be given as,

nmap -iR 9

“9” is the number of random targets you want, it can be 3, 4, 10 or any number.

7. Scanning by excluding a target

Now, if you have range of targets but you know that you don’t have to scan for a specific one, then our command can be used, that is excluding a target from scan.

The command can be given as

$nmap 192.168.x.1 --exclude 192.168.x.5

8. Scanning by excluding list of targets

The command will be for excluding list of targets from range. for that you can again use command which will exclude all targets given inside text file. So, all you have to do is to copy all targets which should get excluded in notepad and save it as text file.

The command can be given as,

$nmap –excludefile Desktop/file.txt

Make note that we have to write “excludefile”, in previous command we have only written “exclude”.

9. Aggressive Scanning

What is aggressive scan? In aggressive scan nmap scrite engine (NSE) will automatically select the advanced commands which are most commonly used in Nmap, example: scan for operating system, –traceroute and many more.

Therefore, instead of giving individual command, if you wanted to test such commonly used commands then you can simply do aggressive scan.

The command can be given as,

$nmap -A 192.168.x.x4

10. Scanning IPv6 targets

The last one is for scanning IPv6 targets, as we all know that IPv4 is getting out of IP addresses, many times you will find targets with IPv6 IP addresses.

IPv6 address is different from IPv4, it is of 128 bits having hexadecimals and saperated by colons(fe80::1ff:fd23:6789:890c).

So, to scan IPv6 target address you have to tell nmap that your target is IPv6.

The command can be given as,

$nmap -6 fe80::1ff:fd23:6789:890c

So, these are the top 10 Nmap commands which you should be knowing, If you found this blog helpful then please like it to support me and share it with others.

Video showing all steps

You May Also Like…


Submit a Comment

Your email address will not be published.