Commands tagged nmap (19)

  • scan whole specific network for active online ips Show Sample Output

    nmap -n -sn -oG - | awk '/Up$/{print $2}'
    aysadk · 2019-09-04 13:31:53 30
  • nmap for windows and other platforms is available on developer's site: nmap is robust tool with many options and has various output modes - is the best (imho) tool out there.. from nmap 5.21 man page: -oN/-oX/-oS/-oG : Output scan in normal, XML, s| Show Sample Output

    nmap -v -sP
    anapsix · 2010-07-14 19:53:02 2
  • Using NMAP to check to see if port 22(SSH) is open on servers and network devices. Show Sample Output

    nmap -oG - -T4 -p22 -v | grep ssh
    SeeFor · 2011-01-11 16:12:23 2

  • 6
    nmap --iflist
    bandie91 · 2013-06-22 10:50:43 4
  • This command uses nmap to perform reverse DNS lookups on a subnet. It produces a list of IP addresses with the corresponding PTR record for a given subnet. You can enter the subnet in CDIR notation (i.e. /24 for a Class C)). You could add "--dns-servers x.x.x.x" after the "-sL" if you need the lookups to be performed on a specific DNS server. On some installations nmap needs sudo I believe. Also I hope awk is standard on most distros. Show Sample Output

    nmap -R -sL | awk '{if($3=="not")print"("$2") no PTR";else print$3" is "$2}' | grep '('
    netsaint · 2009-09-02 16:33:15 4
  • Shows how many Windows and Linux devices are on your network. May add support for others, but that's all that are on my network right now. Show Sample Output

    sudo nmap -F -O | grep "Running: " > /tmp/os; echo "$(cat /tmp/os | grep Linux | wc -l) Linux device(s)"; echo "$(cat /tmp/os | grep Windows | wc -l) Window(s) devices"
    matthewbauer · 2010-01-10 03:09:56 4

  • 3
    nmap -sP
    harpo · 2014-11-07 12:15:06 5

  • 2
    nmap -sn
    pdxdoughnut · 2014-01-28 23:32:18 3
  • Will report back IP address's of all hosts that are UP. Show Sample Output

    fping -ga 2> /dev/null
    netaxiz · 2014-01-31 19:19:19 3

  • 2
    nmap -sP
    snaguber · 2021-04-25 19:48:43 81
  • populate the auth.hosts file with a list of IP addresses that are authorized to be in use and when you run this command it will return the addresses that are pingable and not in the authorized list. Can be combined with the "Command line Twitter" command to tweet unauthorized access. Show Sample Output

    diff <(nmap -sP | grep ^Host | sed 's/.appears to be up.//g' | sed 's/Host //g') auth.hosts | sed 's/[0-9][a-z,A-Z][0-9]$//' | sed 's/</UNAUTHORIZED IP -/g'
    bandit36 · 2009-03-12 05:28:08 6
  • TCP Connect scanning for localhost and network Show Sample Output

    nmap -v -sT
    Dhinesh · 2011-11-19 07:06:52 7
  • the command for the impatient sysadmin: simply checks every five secs, if a host or a specific service running on it is up. ideal for hosts that are configured not to respond on pings. Show Sample Output

    while true; do clear; nmap ${hostname} -PN -p ${hostport}; sleep 5; done
    flokra · 2009-08-14 20:19:59 2
  • Change the IP address from to the target machines ip address. Even if the target has ICMP (ping) blocked, it will show you what ports are open on the target. Very handy for situations where you know the target is up and online but wont respond to pings. Show Sample Output

    nmap -sT -PN -vv <target ip>
    Richie086 · 2011-07-22 02:37:19 2
  • Check to see if a port is open or closed on a given host. Show Sample Output

    checkport() { sudo nmap -sS -p $1 $2 }
    peterRepeater · 2011-12-13 11:46:15 4
  • Nmap will list all IP's in the target specified, can specify subnet or range of IP addresses. It will attempt to resolve all IP's listed. No packets sent to target only generates DNS queries. Show Sample Output

    nmap -sL
    the_wanderer · 2012-05-30 00:51:20 2

  • 0
    nmap -n | grep udp | cut -d":"-f3>> test02
    h_kaur2 · 2015-11-13 13:28:35 6

  • 0
    nmap -n | grep udp | cut -d":"-f3>>
    h_kaur2 · 2015-11-13 13:31:14 6
  • Displays live hosts on the same network as the local machine with their hostnames and IP addresses. This command is IPv6 and multiple network adapter safe and does not rely on awk or sed, however it requires the "nmap" package installed. Might not work on OSX. Example alias for shell startup file: alias livehosts='nmap -sP "$(ip -4 -o route get 1 | cut -d " " -f 7)"/24 | grep report | cut -d " " -f 5-' Show Sample Output

    nmap -sP "$(ip -4 -o route get 1 | cut -d ' ' -f 7)"/24 | grep report | cut -d ' ' -f 5-
    lordtoran · 2019-02-01 03:52:02 23

What's this? is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Remind yourself to leave in 15 minutes
If you spend most of your time in front of the terminal, leave is a useful reminder. Leave can have absolute form: leave 1555 reminds you to leave at 3:55PM

RTFM function

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Scrape commands from commandline fu's 1st page
just bored here at work ... if your are daring ... add '| bash' .... enjoy require 'ruby'

intersection between two files

Rotate a pdf by 90 degrees CW

Huh? Where did all my precious space go ?
Sort ls output of all files in current directory in ascending order Just the 20 biggest ones: $ ls -la | sort -k 5bn | tail -n 20 A variant for the current directory tree with subdirectories and pretty columns is: $ find . -type f -print0 | xargs -0 ls -la | sort -k 5bn | column -t And finding the subdirectories consuming the most space with displayed block size 1k: $ du -sk ./* | sort -k 1bn | column -t

Print a row of 50 hyphens
This feels more intuitive to me.

get a process list by listen port

Get listening ports on a localhost
ss is a tool that will help you to get all kinds of useful information about the current sockets on a localhost. You can also get the uid of the daemons process using the flag: $ ss -le

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.


Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: