The exact Nmap commands I use on every TryHackMe machine. Includes a full cheat sheet.
Nmap is the first tool every cybersecurity learner needs to master. It's free, powerful, and used in virtually every penetration test. I first used it on TryHackMe and it completely changed how I understood network reconnaissance.
Nmap (Network Mapper) is a free, open-source tool for network discovery and security auditing. It tells you what devices are on a network, what ports are open, what services are running, and what operating system a device is running.
Download the installer from nmap.org — free.
Checks the 1000 most common ports. Use this first on any TryHackMe machine.
Checks all 65,535 ports. Slower but you won't miss anything.
Find out exactly what software is running on each open port.
My personal favorite — tells you what operating system the target is running. Knowing the OS immediately narrows down what exploits might work.
Combines OS detection, version detection, scripts, and traceroute. Perfect for CTFs and TryHackMe rooms.
Complete picture of a target. Slower but thorough.
Scans only the 100 most common ports. Quick overview.
Always save your results — you'll want to refer back to them.
| Command | What it Does |
|---|---|
nmap <ip> | Basic scan (1000 ports) |
nmap -p- <ip> | Scan all 65,535 ports |
nmap -sV <ip> | Service/version detection |
nmap -O <ip> | OS detection |
nmap -sC <ip> | Default scripts |
nmap -A <ip> | All of the above combined |
nmap -F <ip> | Fast scan (100 ports) |
nmap -oN file.txt <ip> | Save output to file |
When I start a new TryHackMe machine I always run scans in this order:
This two-step approach saves time — the fast scan gives you something to work with immediately while the full scan runs in the background.
Legal reminder: Only scan systems you own or have explicit permission to test. Always practice on TryHackMe, HackTheBox, or your own lab VMs.