Interactive Tool

Nmap Command Builder

Construct complex Nmap scan commands without memorizing every flag. Configure scan types, timing templates, scripts, and output formats visually.

💡 New to Nmap? Start Here

Port scanning workflow:

Choose scan type for your goal (stealth vs speed vs accuracy)
Select timing based on stealth needs (T0-T2 for quiet, T4 for fast)
Add NSE scripts for deeper enumeration (optional but powerful)
Configure output formats to save results for your report

📚 What is port scanning?

Port scanning is the process of probing a target system to identify which network services (ports) are open, closed, or filtered.

Why scan? Open ports reveal running services that may have vulnerabilities. Each service is a potential entry point.

Nmap (Network Mapper) is the industry-standard tool for network discovery and security auditing. It can detect OS versions, service versions, firewalls, and more.

Legal note: Only scan systems you own or have explicit permission to test. Unauthorized scanning is illegal in most jurisdictions.

Beginner Mode

Expert Mode

📋 Scan Presets

Discovery

Enumeration

Vulnerability Assessment

Stealth

GENERATED COMMAND

💡 Scan target 10.10.10.10, on top 1000 ports, using stealth SYN packets, detecting service versions, aggressively (fast).

Scan Complexity

Stealth Level

Loud

Speed

⚡ Fast

Detection Risk

⚠️ Medium

🎯 Target & Timing

Target IP / Host

Timing Template

⚡ Aggressive: Fast, assumes good network (Recommended)

🎯 Host Discovery

Skip Port Scan (-sn)Treat as Online (-Pn)

Ping Type

🔍 Scan Techniques

Scan Type

Enable All Advanced Options (-A)

Includes OS detection, version detection, script scanning, and traceroute.

Service Version Detection (-sV)OS Detection (-O)

🔌 Port Selection

Custom Ports

💾 Output

Base Filename

All Formats (-oA)

Common Scan Types

SYN Scan (-sS): The default and most popular scan. Fast and stealthy (doesn't complete the TCP handshake). Requires root/admin privileges.
Connect Scan (-sT): Uses the OS network API to connect. Slower and noisier, but works without root privileges.
UDP Scan (-sU): Scans for open UDP ports (DNS, SNMP, DHCP). significantly slower than TCP scans.

Timing Templates

-T0 to -T2: Slow scans for IDS evasion.
-T3: Default timing.
-T4: Aggressive. Recommended for most CTFs and internal pentests with stable connections.
-T5: Insane. Can overwhelm networks and miss ports.

📚 Need More Help?

Check out our comprehensive Nmap Cheatsheet for detailed syntax, advanced techniques, and real-world examples.

Nmap Command Builder

📋 Scan Presets

Discovery

Quick Discovery

CTF Initial

All Ports

Enumeration

Web Application

SMB Enumeration

Database Scan

AD/LDAP Scan

Vulnerability Assessment

Vuln Scan

Aggressive Full

Service Deep Dive