Whether you are a penetration tester, network administrator, or cybersecurity student, Nmap (Network Mapper) is one of the most essential tools in your arsenal. Our brand-new 10-page Nmap Cheat Sheet covers everything you need — from basic host discovery to advanced firewall evasion and vulnerability scanning.
What Is Nmap?
Nmap is a free, open-source network scanner used by security professionals worldwide. It can discover hosts on a network, identify open ports, detect running services and their versions, fingerprint operating systems, and even find vulnerabilities — all from the command line.
Created by Gordon Lyon (Fyodor) in 1997, Nmap has grown into the most widely used network scanning tool, trusted by both offensive security teams (penetration testers, red teams) and defensive teams (system administrators, SOC analysts).
What Is Inside the Cheat Sheet?
Our 10-page PDF covers 16 sections with 100+ commands, organized for quick reference:
Target Specification
Learn how to scan single hosts, IP ranges, entire subnets, and targets from files. Master CIDR notation and exclusion lists for precise scanning.
Host Discovery
Understand the difference between SYN, ACK, UDP, and ICMP discovery methods. Know when to use -sn for ping-only scans and -Pn to skip discovery entirely.
Port Scanning Techniques
Master 12 different scan types:
- SYN Scan (-sS) — The default stealth scan, fast and reliable
- TCP Connect (-sT) — Full handshake, works without root
- UDP Scan (-sU) — Essential for finding DNS, SNMP, DHCP services
- ACK Scan (-sA) — Map firewall rules without triggering alerts
- NULL/FIN/Xmas (-sN/-sF/-sX) — Advanced stealth techniques
- Idle Scan (-sI) — Ultimate stealth using zombie hosts
Includes a comparison table showing speed, stealth level, and best use cases for each scan type.
Service and OS Detection
Identify exactly what software is running on each port with version detection (-sV), and fingerprint the target operating system (-O). The aggressive scan option (-A) combines everything into one powerful command.
Nmap Scripting Engine (NSE)
NSE is what makes Nmap truly powerful. Our cheat sheet covers:
- 13 script categories (vuln, safe, exploit, auth, brute, discovery, and more)
- 13 essential scripts every security professional should know
- How to pass custom arguments to scripts
- Running specific scripts vs. categories vs. wildcards
Firewall and IDS Evasion
16 techniques for bypassing security controls:
- Packet fragmentation (-f)
- Decoy scanning (-D RND:5)
- Source IP/port spoofing
- MAC address spoofing
- Custom TTL and data padding
- Proxy relaying
Timing and Performance
Understand the 6 timing templates (T0-T5) from Paranoid to Insane, plus fine-grained controls for rate limiting, parallelism, retries, and timeouts.
Practical Scenarios
10 real-world scan commands you can copy and paste:
- Quick network inventory
- Full vulnerability assessment
- Stealth scan through firewalls
- Web server security audit
- SMB vulnerability check (EternalBlue)
- SSH security audit
- DNS enumeration
- Database discovery
- Banner grabbing
- Fast internal network scan
Port States and Common Ports
Quick reference for port states (open, closed, filtered, unfiltered) and the 18 most important port numbers every admin should know by heart.
Download the Nmap Cheat Sheet
The complete 10-page PDF is free to download — just enter your email on the cheat sheet page.
Download Nmap Cheat Sheet PDF (Free) →
Who Is This For?
- Penetration Testers — Quick reference during engagements
- Network Administrators — Audit your own infrastructure
- Security Students — Study material for CEH, OSCP, CompTIA Security+
- SOC Analysts — Understand attacker reconnaissance techniques
- DevOps Engineers — Verify firewall rules and exposed services
Learn More
If you want to go deeper into network security, ethical hacking, and penetration testing, check out our related eBooks:
- Mastering Kali Linux: Penetration Testing and Cybersecurity
- Ethical Hacking and Penetration Testing
- Network Security Fundamentals
- Linux Security Auditing
Bookmark this page and share it with your team. For more free cheat sheets on Docker, Kubernetes, Bash, PostgreSQL, and more, visit our Free Cheat Sheets library.
