Nmap Commands

less than 1 minute read

This post covers basic Nmap commands for Intelligence Gathering using active techniques and passive techniques in conjunction with Metasploit.

Basic arguments such as OS Detection, Port Ranges, etc. are ommited.

Network Discovery

Simple List

nmap -sL

Ping Scan

nmap -sn

Port Scan

Basic Port Scan

nmap -sV

Aggressive (runs default scripts too)

will set off IDS/IPS

nmap -A

Dont ping to determine if alive

nmap -sP

Syn Scan

nmap -sS

Idle Scanning

If we can predict the IP ID of an idle host, we can use it as a zombie. Idle Incremental IP ID Discovery:

msfconsole> use auxiliary/scanner/ip/ipidseq
msfconsole> show options

Set RHOSTS and THREADS When you found an Incremental host, use it with nmap:

nmap -PN -sI <ip of found host>


Locate scripts

ls /usr/share/nmap/scripts/

Update Script Database

nmap --script-updatedb

Run Default Scripts

nmap -sC -p <port>

Script Information

nmap --script-help=<script name>

Specific script

nmap --script=<script name> -p <port>

Leave a Comment