> For the complete documentation index, see [llms.txt](https://ghoulsec.gitbook.io/Toolbase/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ghoulsec.gitbook.io/Toolbase/network-scanning-enumaration-and-vulnerability-detection-tools/nmap/target-specification.md). # Target Specification #### 1. **-iL (Input from list)** This option allows you to scan targets listed in a file. The file can contain IPs, hostnames, CIDR ranges, or octet ranges. Example: ```bash nmap -iL target_list.txt ``` Where `target_list.txt` contains: ``` 192.168.1.1 example.com 10.0.0.0/24 ``` #### 2. **-iR (Choose random targets)** Randomly generates a specified number of IP addresses to scan. Example: ```bash nmap -iR 1000 -p 80 ``` This command scans 1000 randomly chosen IPs on port 80. #### 3. **--exclude \[,\[,...]] (Exclude hosts/networks)** Excludes certain hosts or networks from the scan. Example: ```bash nmap -p 80 192.168.1.0/24 --exclude 192.168.1.1,192.168.1.50 ``` This command will scan the entire `192.168.1.0/24` network except for `192.168.1.1` and `192.168.1.50`. #### 4. **--excludefile \ (Exclude list from file)** Similar to `--exclude`, but the excluded targets come from a file. Example: ```bash nmap -p 80 192.168.1.0/24 --excludefile exclude_list.txt ``` Where `exclude_list.txt` contains: ``` 192.168.1.1 192.168.1.50 ``` #### 5. **-n (No DNS resolution)** Disables reverse DNS resolution during the scan. Example: ```bash nmap -n 192.168.1.0/24 ``` This scans the `192.168.1.0/24` network without attempting DNS resolution. #### 6. **-R (DNS resolution for all targets)** Forces Nmap to perform reverse DNS resolution on all targets, even if they aren't active. Example: ```bash nmap -R 192.168.1.1 192.168.2.0/24 ``` This command resolves the hostnames of all targets, even if they are down. #### 7. **--resolve-all (Scan each resolved address)** Scans all resolved addresses when a hostname resolves to multiple IPs. Example: ```bash nmap --resolve-all example.com ``` This scans all IPs associated with `example.com`. #### 8. **--unique (Scan each address only once)** Ensures that each IP address is scanned only once, even if it appears multiple times in the target list. Example: ```bash nmap --unique 192.168.1.1 192.168.1.1 192.168.2.0/24 ``` This ensures that `192.168.1.1` is scanned only once, despite being listed twice. #### 9. **--system-dns (Use system DNS resolver)** Forces Nmap to use the system's DNS resolver rather than Nmap's parallel resolver. Example: ```bash nmap --system-dns 192.168.1.1 ``` This forces the system's DNS resolver to resolve the target instead of Nmap's default. #### 10. **--dns-servers \[,\[,...]] (Servers to use for reverse DNS queries)** Specifies custom DNS servers for reverse DNS queries. Example: ```bash nmap --dns-servers 8.8.8.8,8.8.4.4 192.168.1.1 ``` This uses Google’s DNS servers (8.8.8.8 and 8.8.4.4) for reverse DNS resolution. These examples demonstrate how to fine-tune Nmap's target selection and DNS options for different scanning needs, from basic network sweeps to customized DNS lookups and exclusions. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ghoulsec.gitbook.io/Toolbase/network-scanning-enumaration-and-vulnerability-detection-tools/nmap/target-specification.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.