Nmap Cheatsheet

Network scanning tool for discovering hosts, services, and vulnerabilities

Updated at: March 12, 2025

Target Specification

Target specification in Nmap allows you to define which hosts to scan. You can specify targets using IP addresses, hostnames, CIDR notation, or ranges, and can include targets from files or exclude specific hosts from your scans.

Scan Types

Nmap offers various scan techniques to discover services running on target systems. Each scan type has unique characteristics for different security testing scenarios, with varying levels of stealth, accuracy, and firewall evasion capabilities.

Port Selection

Port selection in Nmap allows you to target specific ports or port ranges for scanning, which can significantly improve scan speed and accuracy. Properly selecting ports helps focus your scan on relevant services and reduces network traffic.

Timing and Performance

Control nmap's scanning speed and timing behavior to balance between detection avoidance and scan efficiency. Proper timing settings help optimize scans for different network environments and target sensitivity.

Output Formats

Nmap can generate scan results in different formats for easy parsing, analysis, and integration with other tools. These output formats help in documenting scan results and processing them programmatically.