└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Nmap Cheat Sheet 2 | Reference guide for scanning networks with Nmap. 3 | 4 | **Table of Contents** 5 | 1. [What is Nmap?](#what-is-nmap) 6 | 2. [How to Use Nmap](#how-to-use-nmap) 7 | 1. [Command Line](#command-line) 8 | 3. [Basic Scanning Techniques](#basic-scanning-techniques) 9 | 1. [Scan a Single Target](#scan-a-single-target) 10 | 2. [Scan Multiple Targets](#scan-multiple-targets) 11 | 3. [Scan a List of Targets](#scan-a-list-of-targets) 12 | 4. [Scan a Range of Hosts](#scan-a-range-of-hosts) 13 | 5. [Scan an Entire Subnet](#scan-an-entire-subnet) 14 | 6. [Scan Random Hosts](#scan-random-hosts) 15 | 7. [Exclude Targets From a Scan](#exclude-targets-from-a-scan) 16 | 8. [Exclude Targets Using a List](#exclude-targets-using-a-list) 17 | 9. [Perform an Aggresive Scan](#perform-an-aggressive-scan) 18 | 10. [Scan an IPv6 Target](#scan-an-ipv6-target) 19 | 4. [Port Scanning Options](#port-scanning-options) 20 | 1. [Perform a Fast Scan](#perform-a-fast-scan) 21 | 2. [Scan Specific Ports](#scan-specific-ports) 22 | 3. [Scan Ports by Name](#scan-ports-by-name) 23 | 4. [Scan Ports by Protocol](#scan-ports-by-protocol) 24 | 5. [Scan All Ports](#scan-all-ports) 25 | 6. [Scan Top Ports](#scan-top-ports) 26 | 7. [Perform a Sequential Port Scan](#perform-a-sequential-port-scan) 27 | 8. [Attempt to Guess an Unknown OS](#attempt-to-guess-an-unkown-os) 28 | 9. [Service Version Detection](#service-version-detection) 29 | 10. [Troubleshoot Version Scan](#troubleshoot-version-scan) 30 | 11. [Perform a RPC Scan](#perform-a-rpc-scan) 31 | 5. [Discovery Options](#discovery-options) 32 | 1. [Perform a Ping Only Scan](#perform-a-ping-only-scan) 33 | 2. [Do Not Ping](#do-not-ping) 34 | 3. [TCP SYN Ping](#tcp-syn-ping) 35 | 3. [TCP ACK Ping](#tcp-ack-ping) 36 | 4. [UDP Ping](#udp-ping) 37 | 5. [SCTP INIT Ping](#sctp-init-ping) 38 | 6. [ICMP Echo Ping](#icmp-echo-ping) 39 | 7. [ICMP Timestamp Ping](#icmp-timestamp-ping) 40 | 8. [ICMP Address Mask Ping](#icmp-address-mask-ping) 41 | 9. [IP Protocol Ping](#ip-protocol-ping) 42 | 10. [ARP Ping](#arp-ping) 43 | 11. [Traceroute](#traceroute) 44 | 12. [Force Reverse DNS Resolution](#force-reverse-dns-resolution) 45 | 13. [Disable Reverse DNS Resolution](#disable-reverse-dns-resolution) 46 | 14. [Alternative DNS Lookup](#alternate-dns-lookup) 47 | 15. [Manually Specify DNS Server](#manually-specify-dns-server) 48 | 16. [Create a Host List](#create-a-host-list) 49 | 6. [Firewall Evasion Techniques](#firewall-evasion-techniques) 50 | 1. [Fragment Packets](#fragment-packets) 51 | 2. [Specify a Specific MTU](#specify-a-specify-mtu) 52 | 3. [Use a Decoy](#use-a-decoy) 53 | 4. [Idle Zombie Scan](#idle-zombie-scan) 54 | 5. [Manually Specify a Source Port](#manually-specify-a-source-port) 55 | 6. [Append Random Data](#append-random-data) 56 | 7. [Randomize Target Scan Order](#randomize-target-scan-order) 57 | 8. [Spoof MAC Address](#spoof-mac-address) 58 | 9. [Send Bad Checksums](#send-bad-checksums) 59 | 7. [Advanced Scanning Functions](#advanced-scanning-functions) 60 | 1. [TCP SYN Scan](#tcp-syn-scan) 61 | 2. [TCP Connect Scan](#tcp-connect-scan) 62 | 3. [UDP Scan](#udp-scan) 63 | 4. [TCP NULL Scan](#tcp-null-scan) 64 | 5. [TCP FIN Scan](#tcp-fin-scan) 65 | 6. [Xmas Scan](#xmas-scan) 66 | 7. [TCP ACK Scan](#tcp-ack-scan) 67 | 8. [Custom TCP Scan](#custom-tcp-scan) 68 | 9. [IP Protocol Scan](#ip-protocol-scan) 69 | 10. [Send Raw Ethernet Packets](#send-raw-ethernet-packets) 70 | 11. [Send IP Packets](#send-ip-packets) 71 | 8. [Timing Options](#timing-options) 72 | 1. [Timing Templates](#timing-templates) 73 | 2. [Set the Packet TTL](#set-the-packet-ttl) 74 | 3. [Minimum Number of Parallel Operations](#minimum-number-of-parallel-operations) 75 | 4. [Maximum Number of Parallel Operations](#maximum-number-of-parallel-operations) 76 | 5. [Minimum Host Group Size](#minimum-host-group-size) 77 | 6. [Maximum Host Group Size](#maximum-host-group-size) 78 | 7. [Maximum RTT Timeout](#maximum-rtt-timeout) 79 | 8. [Initial RTT TImeout](#initial-rtt-timeout) 80 | 10. [Maximum Number of Retries](#maximum-number-of-retries) 81 | 11. [Host Timeout](#host-timeout) 82 | 12. [Minimum Scan Delay](#minimum-scan-delay) 83 | 13. [Maximum Scan Delay](#maximum-scan-delay) 84 | 14. [Minimum Packet Rate](#minimum-packet-rate) 85 | 15. [Maximum Packet Rate](#maximum-packet-rate) 86 | 16. [Defeat Reset Rate Limits](#defeat-reset-rate-limits) 87 | 9. [Output Options](#output-options) 88 | 1. [Save Output to a Text File](#save-output-to-a-text-file) 89 | 2. [Save Output to a XML File](#save-output-to-a-xml-file) 90 | 3. [Grepable Output](#grepable-output) 91 | 4. [Output All Supported File Types](#output-all-supported-file-types) 92 | 5. [Periodically Display Statistics](#periodically-display-statistics) 93 | 6. [1337 Output](#1337-output) 94 | 10. [Compare Scans](#compare-scans) 95 | 1. [Comparison Using Ndiff](#comparison-using-ndiff) 96 | 2. [Ndiff Verbose Mode](#ndiff-verbose-mode) 97 | 3. [XML Output Mode](#xml-output-mode) 98 | 11. [Troubleshooting and Debugging](#troubleshooting-and-debugging) 99 | 1. [Get Help](#get-help) 100 | 2. [Display Nmap Version](#display-nmap-version) 101 | 3. [Verbose Output](#verbose-output) 102 | 4. [Debugging](#debugging) 103 | 5. [Display Port State Reason](#display-port-state-reason) 104 | 6. [Only Display Open Ports](#only-display-open-ports) 105 | 7. [Trace Packets](#trace-packets) 106 | 8. [Display Host Networking](#display-host-networking) 107 | 9. [Specify a Network Interface](#specify-a-network-interface) 108 | 12. Nmap Scripting Engine 109 | 1. [Execute Individual Scripts](#execute-individual-scripts) 110 | 2. [Execute Multiple Scripts](#execute-multiple-scripts) 111 | 3. [Execute Scripts by Category](#execute-scripts-by-category) 112 | 4. [Execute Multiple Script Categories](#execute-multiple-script-categories) 113 | 5. [Troubleshoot Scripts](#troubleshoot-scripts) 114 | 6. [Update the Script Database](#update-the-script-database) 115 | 116 | ## What is Nmap? 117 | Nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running. It was designed to rapidly scan large networks, but works fine against single hosts. 118 | 119 | ## How to Use Nmap 120 | Nmap can be used in a variety of ways depending on the user's level of technical expertise. 121 | 122 | | Technical Expertise | Usage | 123 | |:--------------------|:------| 124 | | Beginner | [Zenmap](https://nmap.org/zenmap/) the graphical user interface for Nmap | 125 | | Intermediate | [Command line](https://nmap.org/) | 126 | | Advanced | Python scripting with the [Python-Nmap](https://pypi.org/project/python-nmap/) package | 127 | 128 | ### Command Line 129 | ```shell 130 | nmap [ ...] [ ] { } 131 | ``` 132 | 133 | ## Basic Scanning Techniques 134 | The `-s` switch determines the type of scan to perform. 135 | 136 | | Nmap Switch | Description | 137 | |:------------|:----------------------------| 138 | | **-sA** | ACK scan | 139 | | **-sF** | FIN scan | 140 | | **-sI** | IDLE scan | 141 | | **-sL** | DNS scan (a.k.a. list scan) | 142 | | **-sN** | NULL scan | 143 | | **-sO** | Protocol scan | 144 | | **-sP** | Ping scan | 145 | | **-sR** | RPC scan | 146 | | **-sS** | SYN scan | 147 | | **-sT** | TCP connect scan | 148 | | **-sW** | Windows scan | 149 | | **-sX** | XMAS scan | 150 | 151 | ### Scan a Single Target 152 | ```shell 153 | nmap [target] 154 | ``` 155 | 156 | ### Scan Multiple Targets 157 | ```shell 158 | nmap [target1, target2, etc] 159 | ``` 160 | 161 | ### Scan a List of Targets 162 | ```shell 163 | nmap -iL [list.txt] 164 | ``` 165 | 166 | ### Scan a Range of Hosts 167 | ```shell 168 | nmap [range of IP addresses] 169 | ``` 170 | 171 | ### Scan an Entire Subnet 172 | ```shell 173 | nmap [ip address/cdir] 174 | ``` 175 | 176 | ### Scan Random Hosts 177 | ```shell 178 | nmap -iR [number] 179 | ``` 180 | 181 | ### Exclude Targets From a Scan 182 | ```shell 183 | nmap [targets] --exclude [targets] 184 | ``` 185 | 186 | ### Exclude Targets Using a List 187 | ```shell 188 | nmap [targets] --excludefile [list.txt] 189 | ``` 190 | 191 | ### Perform an Aggresive Scan 192 | ```shell 193 | nmap -A [target] 194 | ``` 195 | 196 | ### Scan an IPv6 Target 197 | ```shell 198 | nmap -6 [target] 199 | ``` 200 | 201 | ## Port Scanning Options 202 | 203 | ### Perform a Fast Scan 204 | ```shell 205 | nmap -F [target] 206 | ``` 207 | 208 | ### Scan Specific Ports 209 | ```shell 210 | nmap -p [port(s)] [target] 211 | ``` 212 | 213 | ### Scan Ports by Name 214 | ```shell 215 | nmap -p [port name(s)] [target] 216 | ``` 217 | 218 | ### Scan Ports by Protocol 219 | ```shell 220 | nmap -sU -sT -p U:[ports],T:[ports] [target] 221 | ``` 222 | 223 | ### Scan All Ports 224 | ```shell 225 | nmap -p 1-65535 [target] 226 | ``` 227 | 228 | ### Scan Top Ports 229 | ```shell 230 | nmap --top-ports [number] [target] 231 | ``` 232 | 233 | ### Perform a Sequential Port Scan 234 | ```shell 235 | nmap -r [target] 236 | ``` 237 | 238 | ### Attempt to Guess an Unknown OS 239 | ```shell 240 | nmap -O --osscan-guess [target] 241 | ``` 242 | 243 | ### Service Version Detection 244 | ```shell 245 | nmap -sV [target] 246 | ``` 247 | 248 | ### Troubleshoot Version Scan 249 | ```shell 250 | nmap -sV --version-trace [target] 251 | ``` 252 | 253 | ### Perform a RPC Scan 254 | ```shell 255 | nmap -sR [target] 256 | ``` 257 | 258 | ## Discovery Options 259 | **Host Discovery** 260 | The `-p` switch determines the type of ping to perform. 261 | 262 | | Nmap Switch | Description | 263 | |:------------|:----------------------------| 264 | | **-PI** | ICMP ping | 265 | | **-Po** | No ping | 266 | | **-PS** | SYN ping | 267 | | **-PT** | TCP ping | 268 | 269 | ### Perform a Ping Only Scan 270 | ```shell 271 | nmap -sn [target] 272 | ``` 273 | 274 | ### Do Not Ping 275 | ```shell 276 | nmap -Pn [target] 277 | ``` 278 | 279 | ### TCP SYN Ping 280 | ```shell 281 | nmap -PS [target] 282 | ``` 283 | 284 | ### TCP ACK Ping 285 | ```shell 286 | nmap -PA [target] 287 | ``` 288 | 289 | ### UDP Ping 290 | ```shell 291 | nmap -PU [target] 292 | ``` 293 | 294 | ### SCTP INIT Ping 295 | ```shell 296 | nmap -PY [target] 297 | ``` 298 | 299 | ### ICMP Echo Ping 300 | ```shell 301 | nmap -PE [target] 302 | ``` 303 | ### ICMP Timestamp Ping 304 | ```shell 305 | nmap -PP [target] 306 | ``` 307 | 308 | ### ICMP Address Mask Ping 309 | ```shell 310 | nmap -PM [target] 311 | ``` 312 | 313 | ### IP Protocol Ping 314 | ```shell 315 | nmap -PO [target] 316 | ``` 317 | 318 | ### ARP ping 319 | ```shell 320 | nmap -PR [target] 321 | ``` 322 | 323 | ### Traceroute 324 | ```shell 325 | nmap --traceroute [target] 326 | ``` 327 | 328 | ### Force Reverse DNS Resolution 329 | ```shell 330 | nmap -R [target] 331 | ``` 332 | 333 | ### Disable Reverse DNS Resolution 334 | ```shell 335 | nmap -n [target] 336 | ``` 337 | 338 | ### Alternative DNS Lookup 339 | ```shell 340 | nmap --system-dns [target] 341 | ``` 342 | 343 | ### Manually Specify DNS Server 344 | Can specify a single server or multiple. 345 | ```shell 346 | nmap --dns-servers [servers] [target] 347 | ``` 348 | 349 | ### Create a Host List 350 | ```shell 351 | nmap -sL [targets] 352 | ``` 353 | 354 | ## Port Specification and Scan Order 355 | 356 | | Nmap Switch | Description | 357 | |:------------|:----------------------------| 358 | 359 | ## Service/Version Detection 360 | 361 | | Nmap Switch | Description | 362 | |:------------|:-----------------------------| 363 | | **-sV** | Enumerates software versions | 364 | 365 | ## Script Scan 366 | 367 | | Nmap Switch | Description | 368 | |:------------|:------------------------| 369 | | **-sC** | Run all default scripts | 370 | 371 | ## OS Detection 372 | 373 | | Nmap Switch | Description | 374 | |:------------|:----------------------------| 375 | 376 | ## Timing and Performance 377 | The `-t` switch determines the speed and stealth performed. 378 | 379 | | Nmap Switch | Description | 380 | |:------------|:----------------------------| 381 | | **-T0** | Serial, slowest scan | 382 | | **-T1** | Serial, slow scan | 383 | | **-T2** | Serial, normal speed scan | 384 | | **-T3** | Parallel, normal speed scan | 385 | | **-T4** | Parallel, fast scan | 386 | 387 | Not specifying a `T` value will default to `-T3`, or normal speed. 388 | 389 | ## Firewall Evasion Techniques 390 | 391 | ### Firewall/IDS Evasion and Spoofing 392 | | Nmap Switch | Description | 393 | |:------------|:----------------------------| 394 | 395 | ### Fragment Packets 396 | ```shell 397 | nmap -f [target] 398 | ``` 399 | 400 | ### Specify a Specific MTU 401 | ```shell 402 | nmap --mtu [MTU] [target] 403 | ``` 404 | 405 | ### Use a Decoy 406 | ```shell 407 | nmap -D RND:[number] [target] 408 | ``` 409 | 410 | ### Idle Zombie Scan 411 | ```shell 412 | nmap -sI [zombie] [target] 413 | ``` 414 | 415 | ### Manually Specify a Source Port 416 | ```shell 417 | nmap --source-port [port] [target] 418 | ``` 419 | 420 | ### Append Random Data 421 | ```shell 422 | nmap --data-length [size] [target] 423 | ``` 424 | 425 | ### Randomize Target Scan Order 426 | ```shell 427 | nmap --randomize-hosts [target] 428 | ``` 429 | 430 | ### Spoof MAC Address 431 | ```shell 432 | nmap --spoof-mac [MAC|0|vendor] [target] 433 | ``` 434 | 435 | ### Send Bad Checksums 436 | ```shell 437 | nmap --badsum [target] 438 | ``` 439 | 440 | ## Advanced Scanning Functions 441 | 442 | ### TCP SYN Scan 443 | ```shell 444 | nmap -sS [target] 445 | ``` 446 | 447 | ### TCP Connect Scan 448 | ``` 449 | nmap -sT [target] 450 | ``` 451 | 452 | ### UDP Scan 453 | ```shell 454 | nmap -sU [target] 455 | ``` 456 | 457 | ### TCP NULL Scan 458 | ```shell 459 | nmap -sN [target] 460 | ``` 461 | 462 | ### TCP FIN Scan 463 | ```shell 464 | nmap -sF [target] 465 | ``` 466 | 467 | ### Xmas Scan 468 | ```shell 469 | nmap -sA [target] 470 | ``` 471 | 472 | ### TCP ACK Scan 473 | ```shell 474 | nmap -sA [target] 475 | ``` 476 | 477 | ### Custom TCP Scan 478 | ```shell 479 | nmap --scanflags [flags] [target] 480 | ``` 481 | 482 | ### IP Protocol Scan 483 | ```shell 484 | nmap -sO [target] 485 | ``` 486 | 487 | ### Send Raw Ethernet Packets 488 | ```shell 489 | nmap --send-eth [target] 490 | ``` 491 | 492 | ### Send IP Packets 493 | ```shell 494 | nmap --send-ip [target] 495 | ``` 496 | 497 | ## Timing Options 498 | 499 | ### Timing Templates 500 | ```shell 501 | nmap -T[0-5] [target] 502 | ``` 503 | 504 | ### Set the Packet TTL 505 | ```shell 506 | nmap --ttl [time] [target] 507 | ``` 508 | 509 | ### Minimum NUmber of Parallel Operations 510 | ```shell 511 | nmap --min-parallelism [number] [target] 512 | ``` 513 | 514 | ### Maximum Number of Parallel Operations 515 | ```shell 516 | nmap --max-parallelism [number] [target] 517 | ``` 518 | 519 | ### Minimum Host Group Size 520 | ```shell 521 | nmap --min-hostgroup [number] [targets] 522 | ``` 523 | 524 | ### Maximum Host Group Size 525 | ```shell 526 | nmap --max-hostgroup [number] [targets] 527 | ``` 528 | 529 | ### Maximum RTT Timeout 530 | ```shell 531 | nmap --initial-rtt-timeout [time] [target] 532 | ``` 533 | 534 | ### Initial RTT Timeout 535 | ```shell 536 | nmap --max-rtt-timeout [TTL] [target] 537 | ``` 538 | 539 | ### Maximum Number of Retries 540 | ```shell 541 | nmap --max-retries [number] [target] 542 | ``` 543 | 544 | ### Host Timeout 545 | ```shell 546 | nmap --host-timeout [time] [target] 547 | ``` 548 | 549 | ### Minimum Scan Delay 550 | ```shell 551 | nmap --scan-delay [time] [target] 552 | ``` 553 | 554 | ### Maxmimum Scan Delay 555 | ```shell 556 | nmap --max-scan-delay [time] [target] 557 | ``` 558 | 559 | ### Minimum Packet Rate 560 | ```shell 561 | nmap --min-rate [number] [target] 562 | ``` 563 | 564 | ### Maximum Packet Rate 565 | ```shell 566 | nmap --max-rate [number] [target] 567 | ``` 568 | 569 | ### Defeat Reset Rate Limits 570 | ```shell 571 | nmap --defeat-rst-ratelimit [target] 572 | ``` 573 | 574 | ## Output Options 575 | 576 | | Nmap Switch | Description | 577 | |:------------|:--------------| 578 | | ``-oN`` | Normal output | 579 | | ``-oX`` | XML output | 580 | | ``-oA`` | Normal, XML, and Grepable format all at once | 581 | 582 | ### Save Output to a Text File 583 | ```shell 584 | nmap -oN [scan.txt] [target] 585 | ``` 586 | 587 | ### Save Output to a XML File 588 | ```shell 589 | nmap -oX [scan.xml] [target] 590 | ``` 591 | 592 | ### Grepable Output 593 | ```shell 594 | nmap -oG [scan.txt] [target] 595 | ``` 596 | 597 | ### Output All Supported File Types 598 | ```shell 599 | nmap -oA [path/filename] [target] 600 | ``` 601 | 602 | ### Periodically Display Statistics 603 | ```shell 604 | nmap --stats-every [time] [target] 605 | ``` 606 | 607 | ### 1337 Output 608 | ```shell 609 | nmap -oS [scan.txt] [target] 610 | ``` 611 | 612 | ## Compare Scans 613 | 614 | ### Comparison Using Ndiff 615 | ```shell 616 | ndiff [scan1.xml] [scan2.xml] 617 | ``` 618 | 619 | ### Ndiff Verbose Mode 620 | ```shell 621 | ndiff -v [scan1.xml] [scan2.xml] 622 | ``` 623 | 624 | ### XML Output Mode 625 | ```shell 626 | ndiff --xml [scan1.xml] [scan2.xml] 627 | ``` 628 | 629 | ## Troubleshooting and Debugging 630 | 631 | ### Get Help 632 | ```shell 633 | nmap -h 634 | ``` 635 | 636 | ### Display Nmap Version 637 | ```shell 638 | nmap -V 639 | ``` 640 | 641 | ### Verbose Output 642 | ```shell 643 | nmap -v [target] 644 | ``` 645 | 646 | ### Debugging 647 | ```shell 648 | nmap -d [target] 649 | ``` 650 | 651 | ### Display Port State Reason 652 | ```shell 653 | nmap --reason [target] 654 | ``` 655 | 656 | ### Only Display Open Ports 657 | ```shell 658 | nmap --open [target] 659 | ``` 660 | 661 | ### Trace Packets 662 | ```shell 663 | nmap --packet-trace [target] 664 | ``` 665 | 666 | ### Display Host Networking 667 | ```shell 668 | nmap --iflist 669 | ``` 670 | 671 | ### Specify a Network Interface 672 | ```shell 673 | nmap -e [interface] [target] 674 | ``` 675 | 676 | ## Nmap Scripting Engine 677 | 678 | ### Execute Individual Scripts 679 | ```shell 680 | nmap --script [script.nse] [target] 681 | ``` 682 | 683 | ### Execute Multiple Scripts 684 | ```shell 685 | nmap --script [expression] [target] 686 | ``` 687 | 688 | ### Execute Scripts by Category 689 | ```shell 690 | nmap --script [category] [target] 691 | ``` 692 | 693 | ### Execute Multiple Script Categories 694 | ```shell 695 | nmap --script [category1,category2,etc] 696 | ``` 697 | 698 | ### Troubleshoot Scripts 699 | ```shell 700 | nmap --script [script] --script-trace [target] 701 | ``` 702 | 703 | ### Update the Script Database 704 | ```shell 705 | nmap --script-updatedb 706 | ``` 707 | 708 | 709 | **Reference Sites** 710 | - [X] [Nmap - The Basics](https://www.youtube.com/watch?v=_JvtO-oe8k8) 711 | - [ ] [Reference link 1](https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/) 712 | - [ ] [Beginner's Guide to Nmap](https://www.linux.com/learn/beginners-guide-nmap) 713 | - [ ] [Top 32 Nmap Command](https://www.cyberciti.biz/security/nmap-command-examples-tutorials/) 714 | - [ ] [Nmap Linux man page](https://linux.die.net/man/1/nmap) 715 | - [ ] [29 Practical Examples of Nmap Commands](https://www.tecmint.com/nmap-command-examples/) 716 | - [ ] [Nmap Scanning Types, Scanning Commands , NSE Scripts](https://medium.com/@infosecsanyam/nmap-cheat-sheet-nmap-scanning-types-scanning-commands-nse-scripts-868a7bd7f692) 717 | - [ ] [Nmap CheatSheet](https://www.cheatography.com/netwrkspider/cheat-sheets/nmap-cheatsheet/) 718 | - [ ] [Nmap Cheat Sheet](https://highon.coffee/blog/nmap-cheat-sheet/) 719 | - [ ] [Nmap Cheat Sheet: From Discovery to Exploits](https://resources.infosecinstitute.com/nmap-cheat-sheet/) 720 | - [ ] [Nmap: my own cheatsheet](https://www.andreafortuna.org/2018/03/12/nmap-my-own-cheatsheet/) 721 | - [ ] [NMAP Commands Cheatsheet](https://hackersonlineclub.com/nmap-commands-cheatsheet/) 722 | - [ ] [Nmap Cheat Sheet](https://www.stationx.net/nmap-cheat-sheet/) 723 | - [ ] [Nmap Cheat Sheet](http://nmapcookbook.blogspot.com/2010/02/nmap-cheat-sheet.html) 724 | --------------------------------------------------------------------------------