Nmap network security scanner
Target Setup
Host(s)
Port range (-p)
Scan Types
TCP SYN scan (-sS)
TCP connect() scan (-sT)
Stealth FIN scan (-sF)
Xmas Tree scan (-sX)
Null scan (-sN)
Ping scan (-sP)
UDP scan (-sU)
IP Protocol scan (-sO)
ACK scan (-sA)
Window scan (-sW)
List scan (-sL)
RPC scan (-sR)
Idlescan (-sI)
FTP bounce attack (-b)
General Options
Do not ping (-P0)
Use TCP ping (-PT)
Use SYN packets (-PS)
ICMP echo request (-PI)
ICMP timestamp request (-PP)
ICMP netmask request (-PM)
Default ping type (-PB)
Remote host identification (-O)
Generate random hosts (-iR)
Reverse ident scanning (-I)
Fragmented packets (-f)
Verbose mode (-v)
Fast scan mode (-F)
Never do reverse DNS (-n)
Always do reverse DNS (-R)
Randomize port order (-r)
Randomize hosts (--randomize_hosts)
Interface (-e)
Maximum sockets (-M)
Source Address (-S)
Source port number (-g)
Decoys (-D)
Data length (--data_length)
Timing Options
Timing Policy (-T)
Paranoid
Sneaky
Polite
Normal
Aggressive
Insane
Initial RTT timeout (--initial_rtt_timeout)
Host timeout (--host_timeout)
Max parallelism (--max_parallelism)
Max RTT timeout (--max_rtt_timeout)
Scan delay (--scan_delay)
Min RTT timeout (--min_rtt_timeout)
Packet Trace (--packet_trace)
File Options
Input file (-iL)
Log file name
Append to file (--append_output)
Normal format (-oN)
XML format (-oX)
Grepable format (-oG)
All log formats (-oA)
S|<ripT kiDd|3 (-oS)
Resume scan (--resume)