Skip to main content

 Nmap Fundamentals


Finding live hosts in your network 

nmap -sn scanme.namp.org 

Finding live hosts in your network

Listing open ports on a target host 

nmap scanme.nmap.org 


Listing open ports on a target host

Fingerprinting OS and services running on a target host 

nmap -sV scanme.nmap.org 


Fingerprinting OS and services running on a target host

To enable OS detection 

nmap -O scanme.nmap.org 


To enable OS detection

Using NSE(Nmap Scripting Engine) scripts against a target host 

nmap -sC scanme.nmap.org 


Using NSE(Nmap Scripting Engine) scripts against a target host

Excluding a host list from your scans 

nmap --excludefile excluding_file.txt 192.168.1.0/24


Excluding a host list from your scans

Scanning an IP address ranges 

nmap -p 8080,80 -O -T4 192.168.1.0/24 scanme.nmap.org/24 


Scanning an IP address ranges

Scanning random targets on the Internet 

nmap -iR 100 


Scanning random targets on the Internet

Collecting signatures of web servers 

nmap -p80,443 -Pn -T4 --open --script http-headers,http-title,ssl-cert scanme.nmap.org


Collecting signatures of web servers

Crafting ICMP echo replies with Nping 

nping --tcp-connect [target host]


nping --tcp-connect [target host]


nping --tcp-connect [target host] -p 3389 -c 1


nping --tcp-connect [target host] -p 3389 -c 1


nping --udp [target host] -p 53 --data-length 100
nping --tcp [target host] --rate 50 -c 500


nping --tcp [target host] --rate 50 -c 500

nping --arp [target host]
nping --arp 192.168.1.0/24

ping --arp [target host]


nping [target host] --icmp --icmp-type echo
nping [target host] --icmp --icmp-type echo


nping [target host] --icmp --icmp-type echo-reply


nping [target host] --icmp --icmp-type echo-reply