Nmap Commands Cheat Sheet for Ethical Hacking Beginners

If you're starting your journey in ethical hacking, one of the first tools you'll encounter is Nmap stand for Network Mapper. Nmap is a powerful open-source network scanning tool used by cybersecurity professionals, penetration testers, to discover hosts, identify open ports, detect services, and assess network security.

This Nmap commands cheat sheet provides the most useful commands every ethical hacking beginner should know, along with simple explanations and practical examples.

What is Nmap?

Nmap is a free, open-source network scanner used for host discovery, port scanning, service detection, and security auditing. It sends specially crafted packets to target hosts and analyzes responses to determine what ports are open, what services are running, and what operating systems are in use.

Every penetration test starts with reconnaissance, and Nmap is the go-to tool for that phase. Security professionals use it to map network topology, identify potential attack vectors, and gather intelligence before attempting exploitation.

It can identify:

• Live hosts on a network

One of the first steps in network reconnaissance is identifying which devices are active on a network.           Nmap provides several host discovery techniques to find live hosts quickly and efficiently.

• Open, Closed and Filtered ports

An open port means a service is actively listening and accepting connections on that port.

A closed port means the host is reachable, but no application is listening on that port.

A filtered port means Nmap cannot determine whether the port is open because a firewall, router, or     security device is blocking.

• Running services

After discovering live hosts and open ports, the next step is to identify which services are running   on those ports. Nmap's service detection helps determine the application, behind an open port.

Ex:

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 9.6p1

80/tcp open http Apache httpd 2.4.58

3306/tcp open mysql MySQL 8.0.36

• Service versions

Service version detection helps identify the exact software and version number     running on an open port. This is important because different versions may have      different features, configurations, or known vulnerabilities.

• Operating systems

Operating System (OS) detection allows Nmap to estimate which operating system     a target is running by analyzing how it responds to specially crafted network                packets.

• Firewall configurations

Firewalls control which network traffic is allowed or blocked. When performing    authorized network assessments, understanding firewall behavior helps explain      why ports appear open, closed, or filtered.

• Potential vulnerabilities

Nmap includes the NSE which contains hundreds of scripts that can help                  identify misconfigurations, outdated services, weak settings, and other potential           security issues on systems

How to Install Nmap:

Platform and Command

• Debian/Ubuntu/Kali   sudo apt install nmap
• RHEL/CentOS/Fedora, sudo dnf install nmap
• macOS (Homebrew), brew install nmap
• Windows, Download from nmap.org
• Basic Nmap Commands Cheat Sheet

Verify installation with nmap --version. You should see version.

Basic Nmap Commands Cheat Sheet

1. Scan a Single Host

nmap 192.168.1.10

This command performs a basic scan of the target host and displays commonly open ports.

2. Scan Multiple Hosts

nmap 192.168.1.10 192.168.1.20

Scan multiple IP addresses in a single command.

3. Scan an Entire Subnet

nmap 192.168.1.0/24

Scans all devices within the specified subnet.

4. Ping Scan (Host Discovery)

nmap -sn 192.168.1.0/24

Identifies live hosts without performing a port scan.

Port Scanning Commands

5. Scan a Specific Port

nmap -p 80 192.168.1.10

Checks whether port 80 is open on the target.

6. Scan Multiple Ports

nmap -p 22,80,443 192.168.1.10

Scans selected ports only.

7. Scan a Range of Ports

nmap -p 1-1000 192.168.1.10

Scans ports 1 through 1000.

8. Scan All Ports most importent

nmap -p- 192.168.1.10

Scans all 65,535 TCP ports.

Service and Version Detection

9. Detect Running Services

nmap -sV 192.168.1.10

Identifies services running on open ports.

10. Aggressive Service Detection

nmap -A 192.168.1.10

Performs:

• OS detection
• Version detection
• Script scanning
• Traceroute

Common Scan Types

11. TCP Connect Scan

nmap -sT 192.168.1.10

Uses the full TCP handshake to determine open ports.

12. SYN Scan (Stealth Scan)

sudo nmap -sS 192.168.1.10

One of the most commonly used scan types by penetration testers because it is faster and less noisy.

13. UDP Scan

sudo nmap -sU 192.168.1.10

Scans UDP services such as DNS, SNMP, and DHCP.

Fast Scanning Techniques

14. Fast Scan

nmap -F 192.168.1.10

Scans only the most common ports, saving time.

Nmap Scripting Engine (NSE)

The Nmap Scripting Engine transforms Nmap from a simple scanner into a full vulnerability assessment tool. NSE scripts automate discovery, enumeration, and nmap vulnerability scan tasks that would otherwise require multiple specialized tools.

NSE contains over 600 scripts written in Lua, covering everything from basic banner grabbing to complex vulnerability detection.

One of Nmap's most powerful features is the Nmap Scripting Engine (NSE).

15. Run Default Scripts

nmap -sC 192.168.1.10

Executes default security and information-gathering scripts.

16. Run Vulnerability Scripts

nmap --script vuln 192.168.1.10

Checks for known vulnerabilities using built-in NSE scripts.

17. Run a Specific Script

nmap --script http-title 192.168.1.10

Retrieves the title of a web page hosted on the target.

Firewall & IDS Evasion

Techniques to bypass firewalls, IDS/IPS, and avoid detection during scans.

nmap -f 192.168.1.10

Fragment packets — split into 8-byte fragments to evade packet inspection

nmap --mtu 16 192.168.1.10

Custom MTU — must be a multiple of 8 (16, 24, 32...)

nmap -D RND:10 192.168.1.10

Decoy scan — generate 10 random decoy IPs to hide your real source IP.

Output Formats

nmap -oN scan.txt 192.168.1.10

Normal output — human-readable text file

Conclusion

Nmap is one of the most important tools in an ethical hacker's toolkit. Learning these basic commands will help you perform network discovery, identify open ports, detect services, and gather information about target systems efficiently.

As you gain experience, explore advanced features such as custom NSE scripts, firewall evasion techniques, and automated reporting will provide a strong foundation for penetration testing and cybersecurity assessments.

To know more contect with Securium Academy.