NMAP Commands

Question 1

-iL

Answer 1

scan targets from a file

Question 2

-iR

Answer 2

scan 100 random hosts

Question 3

-exclude

Answer 3

exclude listed host

Question 4

-sS

Answer 4

tcp syn port scan (default)

Question 5

-sT

Answer 5

tcp connect port scan (default without root privelege)

Question 6

-sU

Answer 6

UDP port scan

Question 7

-sA

Answer 7

tcp ack port scan

Question 8

-sW

Answer 8

tcp window port scan

Question 9

-sM

Answer 9

tcp maimon port scan

Question 10

-sL

Answer 10

no scan, list targets only

Question 11

-sn

Answer 11

disable port scanning, host discovery only

Question 12

-Pn

Answer 12

disable host discover, port scan only

Question 13

-PS

Answer 13

tcp syn discovery on port x (port 80 by default)

Question 14

-PA

Answer 14

tcp ack discovery on port x (80 by default)

Question 15

-PU

Answer 15

udp discovery on port x (40125 by default)

Question 16

-PR

Answer 16

arp discovery on local network

Question 17

-n

Answer 17

never do DNS resolution

Question 18

-p

Answer 18

port scan for port x

Question 19

-p 10-21

Answer 19

port range 10-21

Question 20

-p U:53,T:21-25,80

Answer 20

port scan multiple tcp and udp ports

Question 21

-p-

Answer 21

port scan all ports

Question 22

-p http, https

Answer 22

port scan from service name

Question 23

-F

Answer 23

fast port scan (100 ports)

Question 24

-top-ports x

Answer 24

port scan the top x ports

Question 25

-p- 65535

Answer 25

leaving off the initial port in range makes the scan start at port 1

Question 26

-p0-

Answer 26

leaving off the end port in range makes the scan go through to port 65535

Question 27

-sV

Answer 27

attempts to determine version of service running on port

Question 28

-sV -version-intensity

Answer 28

intensity level 0-9. higher number increases possibility of correctness

Question 29

-sV -version-light

Answer 29

enable light mode, lower possibility of correctness. faster

Question 30

-sV -version-all

Answer 30

enable intensity level 9. higher possibility of correctness, slower

Question 31

-A

Answer 31

enable OS detection, version detection, script scanning, and traceroute

Question 32

-O

Answer 32

remote OS detection

Question 33

-O -osscan-guess

Answer 33

makes nmap guess more aggressively

Question 34

-O -max-os-tries

Answer 34

set the max number of OS detection tries

Question 35

-T0 > -T5

Answer 35

adjust scan speed
0: paranoid
1: sneaky
2: polite
3: normal
4: aggressive
5: insane

Question 36

-sC

Answer 36

scan with default NSE scripts

Question 37

-script (ex. -script=banner)

Answer 37

scan with a single script

Question 38

nmap -script whois* domain.com

Answer 38

whois query

Question 39

-f

Answer 39

request scan (including ping) use tiny fragmented IP packets. harder for packet filters

Question 40

-D

Answer 40

send scans from spoofed IPs

Question 41

-g

Answer 41

use given source port number

Question 42

-oN normal.file

Answer 42

normal output to normal.file

Question 43

-oX xml.file

Answer 43

XML output to file xml.file

Question 44

-oG grep.file

Answer 44

grepable output to the file grep.file