Target Specification

1. -iL (Input from list)

This option allows you to scan targets listed in a file. The file can contain IPs, hostnames, CIDR ranges, or octet ranges.

Example:

nmap -iL target_list.txt

Where target_list.txt contains:

192.168.1.1
example.com
10.0.0.0/24

2. -iR (Choose random targets)

Randomly generates a specified number of IP addresses to scan.

Example:

nmap -iR 1000 -p 80

This command scans 1000 randomly chosen IPs on port 80.

3. --exclude [,[,...]] (Exclude hosts/networks)

Excludes certain hosts or networks from the scan.

Example:

nmap -p 80 192.168.1.0/24 --exclude 192.168.1.1,192.168.1.50

This command will scan the entire 192.168.1.0/24 network except for 192.168.1.1 and 192.168.1.50.

4. --excludefile <exclude_file> (Exclude list from file)

Similar to --exclude, but the excluded targets come from a file.

Example:

nmap -p 80 192.168.1.0/24 --excludefile exclude_list.txt

Where exclude_list.txt contains:

192.168.1.1
192.168.1.50

5. -n (No DNS resolution)

Disables reverse DNS resolution during the scan.

Example:

nmap -n 192.168.1.0/24

This scans the 192.168.1.0/24 network without attempting DNS resolution.

6. -R (DNS resolution for all targets)

Forces Nmap to perform reverse DNS resolution on all targets, even if they aren't active.

Example:

nmap -R 192.168.1.1 192.168.2.0/24

This command resolves the hostnames of all targets, even if they are down.

7. --resolve-all (Scan each resolved address)

Scans all resolved addresses when a hostname resolves to multiple IPs.

Example:

nmap --resolve-all example.com

This scans all IPs associated with example.com.

8. --unique (Scan each address only once)

Ensures that each IP address is scanned only once, even if it appears multiple times in the target list.

Example:

nmap --unique 192.168.1.1 192.168.1.1 192.168.2.0/24

This ensures that 192.168.1.1 is scanned only once, despite being listed twice.

9. --system-dns (Use system DNS resolver)

Forces Nmap to use the system's DNS resolver rather than Nmap's parallel resolver.

Example:

nmap --system-dns 192.168.1.1

This forces the system's DNS resolver to resolve the target instead of Nmap's default.

10. --dns-servers [,[,...]] (Servers to use for reverse DNS queries)

Specifies custom DNS servers for reverse DNS queries.

Example:

nmap --dns-servers 8.8.8.8,8.8.4.4 192.168.1.1

This uses Google’s DNS servers (8.8.8.8 and 8.8.4.4) for reverse DNS resolution.

These examples demonstrate how to fine-tune Nmap's target selection and DNS options for different scanning needs, from basic network sweeps to customized DNS lookups and exclusions.