Best Nmap Commands

Posted On // Leave a Comment
Topic :- Information Gathering
Sub Topic :- nmap
Skill level  :- 3/5
Platform :- Any
Download :- HERE
Introdution :- Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Source :-
How to :-
1. Command nmap -sP X.X.X.X/XX
use :- you can use this command for finding live host on your subnet
EX. nmap -sP
Sample output :-
tarting Nmap 6.40 ( ) at 2013-11-15 11:45 IST
Nmap scan report for
Host is up (0.0041s latency).
Nmap scan report for
Host is up (0.00047s latency).
Nmap done: 256 IP addresses (2 hosts up) scanned in 2.18 seconds
Note:- root/admin privileges not requierd for this.
2. command nmap X.X.X.X/XX or nmap X.X.X.X
Use:- you can use this command for port scanning
Ex. nmap
Sample Output :-
Starting Nmap 6.40 ( ) at 2013-11-15 11:52 IST
Nmap scan report for
Host is up (0.00095s latency).
Not shown: 999 closed ports
23/tcp open telnet
Nmap done: 1 IP address (1 host up) scanned in 9.01 seconds
Note :- you can give here a network example will take time .admin privileges not require.
3.command :- sudo nmap -O X.X.X.X
use :- we can detect the Target os
Ex :- nmap -O
Sample Output : Sorry :(
Note :- root/admin privileges required for this action because it goes under enumeration
4. Aggressively scan host
command  :- nmap -T4 -A X.X.X.X/XX or X.X.X.X
use :- aggressive speedy scanand perform service detection  very fast and aggressive
Ex. nmap -T4 -A
Sample Output - Error 404 (Not Found)
5. command :- nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" X.X.X.X
Use:- deadly scan load all nmap script and what we called A master command for Nmap
Note :- require root privileges and take time. above command tested under backtrack not tested on  windows.
Nmap gui :- zenamp and nmapfe is available for Gui ...
conclusion :  We can gather too much information with nmap. nmap is "BAAP" tool for Security information gathering
nmap have too many options and too many parameters for information gathering.
Enjoy network mapping...