Nmap - Target Specified Commands

We discussed a lot of theories and important topics in the last few blogs about Nmap. But now let's dig in with Target Specified Commands Section. After the end of this read, you will learn and understand how you can define a single IP or range of IPs or a Domain Name or how to exclude IPs for scanning using Nmap.

Alert: Use Nmap as a root user. If you do not have root access, type sudo before every Nmap command.

First things first, you can use the help command for Nmap by typing nmap -h

Ways to define IPs and Domain Names:

  • As we discussed in Nmap - Working and Basic Commands how to scan a single IP. But if you want to scan the whole network, you can use
    • Syntax: nmap <IP>/<net_mask>
    • Example: nmap
  • To scan the specific range of IPs, you can use
    • Syntax: nmap <IP>-<last_ip>
    • Example: Suppose you need to scan only the first 20 IPs in the network which has mask 24. Then, nmap This can be anything not necessarily starting from 1. It can be, nmap This will scan the IPs starting from to
  • To scan via a domain name, you can use
    • Syntax: nmap <domain_name> OR nmap <domain>/<mask>
    • Example: nmap scanme.nmap.org OR nmap microsoft.com/24
  • To scan multiple networks or IPs. You do not need to wait or open multiple tabs for scanning. Write everything in a text file, one host per line, and save it as .txt.
    • Example: 
    • To start scanning, type
nmap -iL scan.txt
  • To randomly scan any network or host, type
nmap -iR <no._of_host>
  • To exclude one or two hosts from a network, you can add
    • Syntax: nmap <IP>/<mask> --exclude <IP> [Use comma(,) to add more host to exclude list]
    • Example: nmap --exclude, [This will scan all the IPs in the given range except the two mentions above]
**NOTE - If you want to exclude multiple hosts you can also use the command --excludefile <filename>. Every host should be in a new line.
If you want to know what is going on during the scan. Add the -v command, which is for verbosity. It has three levels: -v, -vv, -vvv. More v's means more verbose. If you chose one level of verbose you can press in the middle of the scan to increase the verbosity.

Similarly, -d command, is for debugging. It has 9 levels and can be defined as -d1 till -d9. That is the highest effective level and will produce thousands of lines unless you run a very simple scan with very few ports and targets.

To know the percentage of completion, you can press any key in the middle of the scan and it will display the percentage.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment