Target Expansion

Specifying Target Hosts and Networks

There is a statement given by Nmap itself,"Everything on the Nmap command-line that isn't an option (or option argument) is treated as a target host specification"

IPv4 Scan & Hostname

Simplest way to specify your target is to specify an IPv4 address or IPv6 address of target you want to scan



  • You can specify Hostname

nmap //here is hostname

List of IP addresses

  • We can also specify list of IP addresses

nmap 192.168.2,4.1,103

here nmap is going to scan following list of IP
192 168.2.1

Range of IP addresses

  • Range of IP address can also be passed in nmap


It will scan range of IP addresses

CIDR notations based scanning

  • We can also pass CIDR notations like


Here total host will be 8 hosts

Verifying your Ranges and IPs

If you are doing pentest of large infrastructure and have multiple ranges of IPs. You may sometime pass wrong IP address which can be really disastrous but Nmap has solution for this problem also. To know whether you are scanning or passing proper range of IP addresses, use -sL which means List Scan. -sL will tell you which IPs are going to be scanned.


What -sl and -n do :
-sl : List scan
-n : Never do DNS resolution

Passing multiple targets in a File

  • We can also pass list of IP address in a file. Suppose you have 5000 IP address to be scanned, so instead of passing all in terminal. You can specify them in a file and pass it to Nmap.

nmap -iL dataisdata/ipfile


-iL : input file name(Input from List)
ipfile : File with 8 IP address

Excluding Unwanted Scans

  • If you don't want to scan few of the IP address out of your listed IP addresses. You can exclude them using --exclude argument

nmap -iL dataisdata/ipfile --exclude

nmapexclude You can see that now instead of 8 Ip addresses there are oly 6 IP address because we excluded 2 IP addresses

results matching ""

    No results matching ""