Interactive Tool

Nmap Command Builder

Construct complex Nmap scan commands without memorizing every flag. Configure scan types, timing templates, scripts, and output formats visually.

Workbench mode

Use presets for common scans, then refine targets, ports, scripts, output, and workflow steps.

BeginnerExpert

Start from a known workflow, then tune the command below.

Target IP / host / CIDR

Skip port scan (-sn)Treat as online (-Pn)

Ping type

Timing template

Scan type

Aggressive detection (-A)

Service version (-sV)OS detection (-O)

Version intensity (0-9)

Custom ports

Base filename

All formats (-oA)

Copy or add commands to build history.

This configuration usually requires root or administrator privileges.

Generated command

nmap -sS -sV -T4 -oA scan_results 10.10.10.10

SYN Scan (-sS): The default and most popular scan. Fast and stealthy (doesn't complete the TCP handshake). Requires root/admin privileges.
Connect Scan (-sT): Uses the OS network API to connect. Slower and noisier, but works without root privileges.
UDP Scan (-sU): Scans for open UDP ports (DNS, SNMP, DHCP). significantly slower than TCP scans.

-T0 to -T2: Slow scans for IDS evasion.
-T3: Default timing.
-T4: Aggressive. Recommended for most CTFs and internal pentests with stable connections.
-T5: Insane. Can overwhelm networks and miss ports.

Need More Help?

Check out our comprehensive Nmap Cheatsheet for detailed syntax, advanced techniques, and real-world examples.