Nmap : Target Specification.

Nmap is a popular port scanner. Today we are going to see the versatality in specifying targets. In Nmap target can be specified in six different ways. We are going to look at each one of them. For this, I am using Kali Linux connected internally with IP address

1. nmap -iL <input filename>

This option reads targets from a specific file. Let’s create a file named alpha with a few   newline separated or tab-limited or space separated IP addresses using vi on Desktop.


Then, move to Desktop directory and type the command nmap -iL alpha as shown below. It scans the four IP addresses listed in our file.Image

2. nmap -iR <number of hosts>

This option is used to specify random hosts to scan. Nmap generates its own targets to scan. The <number of hosts> argument tells nmap the number of IP’s to generate. Let’s type command nmap -iR 5. We can see that nmap generated five random targets to scan. The scan failed to detrmine route to the generated IP addresses because my system is not connected to Internet. Why didn’t it generate any internal IP addresses? Because in this scan private, multicast and unallocated address ranges are automatically skipped.


3. nmap <IP address/dir>

This option is used to scan the entire subnet.  Assuming you know CIDR let’s type the command nmap to scan eight IP addresses from to and see the result below.


4. nmap [targets] -exclude[targets]

This option specifies a comma separated list of targets to be excluded from the scan even if they are part of overall network range we specify. For example, in our previous scan we saw that one host which is the system I am working on) is alive. Now I decided to exclude that host and another host from the scan. So I type the command nmap -exclude, and press Enter. We can see that nmap has only scanned six IP addresses.


5. nmap [targets] -excludefile[file name]

Now what if the subnet was very big and there are more number of hosts to be excluded from the scan. The above option helps us to achieve this. Remember the file alpha( with four IP addresses) we created. Now let’s specify nmap to quit scanning the hosts listed in the file. Type command nmap -excludefile alpha. We can see that nmap scanned only four hosts in the subnet.


6. nmap [target1 target2  target3]

This option specfies nmap to scan multiple targets separated by space. Type the command  nmap We can see the result below. Image

Hope this was helpful.

About these ads

2 Responses to Nmap : Target Specification.

  1. Anonymous says:


  2. Pingback: Nmap: network scanning | NetJNL

Comment on this article.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 159 other followers

%d bloggers like this: