Most Asked Nmap Interview Questions Asked by Big Companies [Updated 2022]
Nmap is the most popular port scanning tool among the cybersecurity community. Nearby each Security Professional used this tool at least once. This tool is a prerequisite for any job in the cyber-security industry especially vulnerability assessments and penetration testing jobs. Another tool Masscan can be used alternate to Nmap.
Here we have discussed the Nmap interview question asked by cybersecurity experts in the interview. Big companies do ask these Nmap questions to check the basic understanding of Nmap. Click Here to know which tool is better - Nmap or Nessus as both are used for vulnerability scanning.
Q1. Write a ping scan command in Nmap.
$nmap -sn <target>
Q2. Write a Nmap command to scan targets from a file.
$nmap -iL <target-file>
<target-file> indicates list of IP
$cat <target-file> 192.168.1.1 192.168.1.10-100
Q3. How to write Nmap command for specific ports and services?
$nmap -p80,443 <target> #Scan ports 1 to 1000 $nmap -p1-1000 <target> #Scan all ports $nmap -p- <target> $nmap -p snmp <target> #using wildcard $nmap -p snmp* <target>
Q4. How to scan a target using default scripts?
nmap -sC <target>
-sC option runs default scripts against target
Q5. How to scan a target using a TCP SYN scan? List out advantages for the same.
$nmap -sS -p1-100 <target>
Advantages of TCP SYN scan: fast, hard to detect by the victim
Q6. How can you contribute to the Nmap community?
Ans: You can upload more signature and fingerprints on url https://nmap.org/cgi-bin/submit.cgi?
Q7. How to scan a target from a specific interface?
Ans: Although the selection of interface automatically, you can forcefully assign a specific interface also by using the below command.
#nmap -e <interface> <target>
Click here for Nmap cheatsheet
Q8. How to scan a target using a UDP scan? List out advantages for the same.
$nmap -sU -sS
--host-timeout -p1-100 <target>
--host-timeout option allows skipping slow hosts
Q9. How to write a Nmap script to scan a target for service detection?
$ nmap -sV <target>
Q10. How to exclude specific IPs from the range of IP or whole subnet of IP?
--exclude-file <target-file> 192.168.1.1/16
Q11. Write nmap query for OS detection.
$ nmap -O <target> $nmap -O
--osscan-guess <target> $nmap -O
--osscan-limit <target> $nmap -O -v <target>
-v option use for verbose mode
--osscan-guess option force Nmap to guess OS
--osscan-limit option give results for OS if meet by ideal condition
Click here for Information Security Interview Questions
Q12. How to write a Nmap script to scan the target for version detection?
--version-intensity [0-9] <target>
0 indicates low intensity and 9 indicates high intensity.
Q13. Explain the Aggresive Detection command in Nmap.
Ans: Aggresive Detection command enables OS detection (-O), script scanning (-sC), version detection (-sV), and traceroute (
$nmap -A <target>
Q14.How do you update the Nmap script database on your local computer?
Q15. Write the Nmap script for the ping scan using UDP.
$nmap -sn -PU scanme.nmap.org
Q16. How to write a Nmap script to spoof Mac Address of the attacker?
$ nmap -sn -PR
--spoof-mac <mac address> <target>
Q17. Write Nmap command to scan IPv6 target.
$ nmap -6 -O <target> $ nmap -6 -sT <target>
Q18. Write a Nmap command to extract whois information.
--script whois-* <target>
Q19. Write a command to print a summary while sending and receiving every packet.
Ans: This command is useful in understand how Nmap works.
packet-trace -n -sn <target>
Q20. List out command options of Nmap for Firewall/IDS Evasion and Spoofing.
|to set IP time-to-live field|
|-S <target>||spoof source address|
|-D ||use for an initial host discovery scan|
|use for randomizing target host order|
|use for spoof MAC address|
|to append custom binary data to sent packets|
|--||Append random binary data to sent packets|
|-f||Use to sent tiny fragment packets|
|--||to spoof source port number|
|for specified maximum transmission unit (MTU)|
|--||Use to relay TCP connections through a chain of proxies|
|To use deprecated Adler32 instead of CRC32C for SCTP checksums|
|Use to append a custom string to sent packets|
|Send packets with false TCP/UDP checksums|
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.