Home page logo
Zenmap screenshot
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
Example Nmap output

Nmap Network Scanning

Command Execution Options

-e <command>, --exec <command> (Execute command)

Execute the specified command after a connection has been established. The command must be specified as a full pathname. All input from the remote client will be sent to the application and responses sent back to the remote client over the socket, thus making your command-line application interactive over a socket. Combined with --keep-open, Ncat will handle multiple simultaneous connections to your specified port/application like inetd. Ncat will only accept a maximum, definable, number of simultaneous connections controlled by the -m option. By default this is set to 100 (60 on Windows).

-c <command>, --sh-exec <command> (Execute command via sh)

Same as -e, except it tries to execute the command via /bin/sh. This means you don't have to specify the full path for the command, and shell facilities like environment variables are available.

--lua-exec <file> (Execute a .lua script)

Runs the specified file as a Lua script after a connection has been established, using a built-in interpreter. Both the script's standard input and the standard output are redirected to the connection data streams.

All exec options add the following variables to the child's environment:


The IP address and port number of the remote host. In connect mode, it's the target's address; in listen mode, it's the client's address.


The IP address and port number of the local end of the connection.


The protocol in use: one of TCP, UDP, and SCTP.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]