Most Asked Nmap Interview Questions Asked by Big Companies [Updated 2022]

Nmap is the most popular port scanning tool among the cybersecurity community. Nearby each Security Professional used this tool at least once. This tool is a prerequisite for any job in the cyber-security industry especially vulnerability assessments and penetration testing jobs. Another tool Masscan can be used alternate to Nmap.

Here we have discussed the Nmap interview question asked by cybersecurity experts in the interview. Big companies do ask these Nmap questions to check the basic understanding of Nmap. Click Here to know which tool is better - Nmap or Nessus as both are used for vulnerability scanning.

Q1. Write a ping scan command in Nmap.


$nmap -sn <target>

Q2. Write a Nmap command to scan targets from a file.


$nmap -iL <target-file>

<target-file> indicates list of IP

$cat <target-file>

Q3. How to write Nmap command for specific ports and services?


$nmap -p80,443 <target> 

#Scan ports 1 to 1000
$nmap -p1-1000 <target> 

#Scan all ports
$nmap -p- <target> 

$nmap -p snmp <target> 

#using wildcard
$nmap -p snmp* <target>

Q4. How to scan a target using default scripts?


nmap -sC <target>

-sC option runs default scripts against target

Q5. How to scan a target using a TCP SYN scan? List out advantages for the same.


$nmap -sS -p1-100 <target>

Advantages of TCP SYN scan: fast, hard to detect by the victim

Q6. How can you contribute to the Nmap community?

Ans: You can upload more signature and fingerprints on url

Q7. How to scan a target from a specific interface?

Ans: Although the selection of interface automatically, you can forcefully assign a specific interface also by using the below command.

#nmap -e <interface> <target>

Click here for Nmap cheatsheet

Q8. How to scan a target using a UDP scan? List out advantages for the same.


$nmap -sU -sS --host-timeout -p1-100 <target>

--host-timeout option allows skipping slow hosts

Q9. How to write a Nmap script to scan a target for service detection?


$ nmap -sV <target>

Q10. How to exclude specific IPs from the range of IP or whole subnet of IP?


$nmap --exclude-file <target-file>

Q11. Write nmap query for OS detection.


$ nmap -O <target>

$nmap -O --osscan-guess <target> 

$nmap -O --osscan-limit <target>

$nmap -O -v <target>

-v option use for verbose mode

--osscan-guess option force Nmap to guess OS

--osscan-limit option give results for OS if meet by ideal condition

Click here for Information Security Interview Questions

Q12. How to write a Nmap script to scan the target for version detection?


$nmap -sV --version-intensity [0-9] <target>

0 indicates low intensity and 9 indicates high intensity.

Q13. Explain the Aggresive Detection command in Nmap.

Ans: Aggresive Detection command enables OS detection (-O), script scanning (-sC), version detection (-sV),  and traceroute (--traceroute)

$nmap -A <target>

Q14.How do you update the Nmap script database on your local computer?


$nmap --script-updatedb

Q15. Write the Nmap script for the ping scan using UDP.


$nmap -sn -PU

Q16. How to write a Nmap script to spoof Mac Address of the attacker?


$ nmap -sn -PR --spoof-mac <mac address> <target>

Q17. Write Nmap command to scan IPv6 target.


$ nmap -6 -O <target>
$ nmap -6 -sT <target>

Q18. Write a Nmap command to extract whois information.


$nmap -sn --script whois-* <target>

Q19. Write a command to print a summary while sending and receiving every packet.

Ans: This command is useful in understand how Nmap works.

#nmap --packet-trace -n -sn <target>

Q20. List out command options of Nmap for Firewall/IDS Evasion and Spoofing.


Nmap optionsDescription
--ttl <value>to set IP time-to-live field
-S <target>spoof source address
-D <decoy1>[,<decoy2>][,ME][,...]use for an initial host discovery scan
--randomize-hostsuse for randomizing target host order
--spoof-mac <MAC address, prefix, or vendor name> use for spoof MAC address
--data <hex string>to append custom binary data to sent packets
--data-length <number> Append random binary data to sent packets
-fUse to sent tiny fragment packets
--source-port <portnumber>
-g <portnumber> 
to spoof source port number
--mtufor specified maximum transmission unit (MTU)
--proxies <Comma-separated list of proxy URLs> Use to relay TCP connections through a chain of proxies
--adler32To use deprecated Adler32 instead of CRC32C for SCTP checksums
--data-string <string> Use to append a custom string to sent packets
--badsumSend packets with false TCP/UDP checksums

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

1 Response

  1. Abdillahi Mawlid Dool says:

    this is best answers of nmapping its help for me alot so thank you dear

Leave a Reply

Your email address will not be published.