Leave a Comment / Cheat Sheets, Tools & Techniques / By

Nmap Cheat Sheet & Commands (Beginners Guide)

๐Ÿ–ฅ๏ธ What is Nmap?

Nmap (Network Mapper) is an open-source network scanning tool used by ethical hackers to:

  • ๐Ÿ” Discover live hosts
  • ๐Ÿ“ก Detect open ports & services
  • ๐Ÿ–ฅ๏ธ Identify operating systems
  • ๐Ÿงช Test network defenses

๐Ÿš€ Why Nmap Matters in Ethical Hacking

  • โœ… Maps entire networks quickly
  • โœ… Reveals potential entry points
  • โœ… Essential in CEH v13 exam prep
  • โœ… Used in real-world pentesting labs (TryHackMe, HackTheBox)

๐Ÿ”‘ Top 10 Nmap Commands for Beginners

โšก Command๐Ÿ“Œ Purpose๐Ÿ› ๏ธ Example
nmap -sn 192.168.1.0/24Ping sweep โ†’ find active hostsScan WiFi devices
nmap -sS target.comSYN scan โ†’ stealthy checkEvade detection
nmap -sT target.comTCP connect โ†’ non-root useBeginner-friendly
nmap -sV target.comVersion detectionSpot software version
nmap -O target.comOS detectionLearn target system
nmap -A target.comAggressive scanDeep fingerprinting
nmap -p1-1000 target.comPorts 1-1000Fast audit
nmap -p- target.comAll ports (1-65535)Complete sweep
nmap -Pn target.comTreat host as โ€œupโ€Bypass firewall block
nmap -sU target.comUDP scanFind DNS, SNMP, DHCP

๐Ÿงญ Scan Types Made Simple

  • ๐Ÿ”ฆ Ping Sweep (-sn) โ†’ Find live hosts
  • ๐Ÿ•ต๏ธ SYN Scan (-sS) โ†’ Stealthy & fast
  • ๐Ÿ” TCP Connect (-sT) โ†’ For non-root users
  • ๐ŸŒ UDP Scan (-sU) โ†’ Detect hidden UDP services
  • ๐Ÿ–ฅ๏ธ OS Detection (-O) โ†’ Profile the system
  • ๐Ÿงฉ Aggressive Mode (-A) โ†’ Collect everything

๐Ÿ“‹ Quick Nmap Cheat Sheet

๐Ÿท๏ธ Flag๐ŸŽฏ Category๐Ÿ”‘ Function
-snHost DiscoveryList active devices
-sS / -sTScan TypesSYN stealth / TCP connect
-sUScan TypeUDP scan
-OOS DetectionGuess system type
-sVVersionDetect software version
-p / -p-PortsSpecify ranges or all
-PnDiscoverySkip ping, assume host up
-AAggressiveDeep scan + traceroute
-T<0-5>TimingSpeed vs stealth

โš–๏ธ Safe & Legal Use of Nmap

  • ๐Ÿ“ Always get permission before scanning
  • ๐Ÿ›ก๏ธ Use test labs (TryHackMe, HackTheBox)
  • โฑ๏ธ Avoid disruptive scans in production
  • ๐Ÿ“‘ Document findings for reports

๐ŸŽฏ CEH v13 Strategy Checklist

๐Ÿ“ Knowledge Exam

  • Know scan types: SYN = stealth, TCP connect = simple, UDP = hidden services
  • Map switch to purpose: -O = OS detection, -sV = version detection, -A = aggressive
  • Red flag terms: โ€œfilteredโ€ vs โ€œclosedโ€ vs โ€œopenโ€ โ†’ know the difference

๐Ÿ› ๏ธ Practical Exam

  • Start with host discovery: nmap -sn 192.168.1.0/24
  • Move to stealth: nmap -sS -p- target
  • Add details: nmap -sV -O target
  • Export results: nmap -oN results.txt target

โœ… Key Takeaways

  • ๐Ÿ” Nmap is the #1 recon tool for ethical hackers
  • ๐Ÿงฉ Learn 10 core commands before diving deeper
  • ๐Ÿ›ก๏ธ Practice in labs to avoid legal risks
  • ๐ŸŽ“ Nmap mastery is critical for CEH v13 success

๐Ÿ“Œ Final Note

Mastering Nmap builds the foundation for all ethical hacking skills. Start with the basics, practice safely, and build muscle memory with real-world labs.

Scroll to Top