nmap has an incredible number of flags available to customise scans. A full list can be found by running the command

nmap

Some common flags to be aware of when using nmap are:

-p

-p allows the user to specify what ports should be scanned.

The syntax is:

Nmap -sS -p- for a full 65535 portscan

Nmap -sS -p 21,53,80 for a list of ports

Nmap -sS -p 21-25 for a consecutive list of ports

-F

-F triggers a “fast” scan, this will only scan the top 100 most common ports.

The syntax for -F is:

Nmap -sS -F

--top-ports

--top-ports allows the user to define the number of top ports to use as part of a scan. It is therefore possible to scan the top 10, 15, 72, etc. ports

The syntax for --top-ports is:

Nmap -sS --top-ports #

-vv

-vv provides a level of verbosity to the nmap output. By using the verbose flag, it is possible to see nmap results in the terminal before the scan has completed. The verbose flag is one of the only flags that can be used while a scan is currently occurring

The syntax for -vv is:

Nmap -sS -vv

-g

-g allows the user to control the source port that nmap will use when port scanning. This may be helpful when trying to send traffic through network devices that only allow traffic from specific ports.

The syntax for -g is:

Nmap -sS -g #

-T

-T stands for time. Nmap has the ability to run scans very slowly or very quickly. It should be noted that the faster a scan runs, the more likely there will be false positives or negatives. The default value for an nmap scan is -T 3 which is a standard scan. The values are 1-5 with 1 being the slowest and 5 being the fastest.

The syntax for -T is:

Nmap -sS -T #

‍