These options allow you to define which targets (IP addresses, hostnames, or ranges) Nmap should scan. You can specify targets from a file, choose random IP addresses, or skip host discovery to treat all hosts as online.

-iL (Input from a File)

The -iL option lets you specify a file that contains a list of targets (IP addresses, hostnames, or subnets). This is useful when you need to scan many hosts and want to avoid entering them manually.

Example:

nmap -iL targets.txt -sS
  • -iL specifies a file containing a list of targets.
  • Each line in the file should have a single target, either an IP, hostname, or CIDR subnet.
  • This option simplifies bulk scanning and automation tasks.

-iR (Random Target Scan)

The -iR option allows you to scan a random selection of IP addresses. You can specify how many random IPs you want Nmap to scan.

Example:

nmap -iR 5
  • -iR 5 will scan 5 random IP addresses from anywhere on the internet (globally)
  • This is useful when you want to explore unknown or random IPs for reconnaissance.
  • This option is typically used for random or exploratory scans.

-PN (Treat Hosts as Online)

The -PN option skips the host discovery phase and assumes all specified hosts are online. This is helpful when hosts block ping requests or when you already know they are up.

Example:

nmap -PN 192.168.1.10
  • -PN treats the target as online, skipping host discovery.
  • Useful when hosts are configured to block ping requests or other discovery methods.
  • Skipping discovery speeds up the scan since it doesn’t check if the hosts are online first.

Summary Table for -iL, -iR, and -PN

OptionWhat It DoesExample UsageUse Case
-iLSpecifies a file containing a list of targets (IP addresses, hostnames, or subnets)nmap -iL targets.txt -sSUse when scanning a large number of hosts from a file
-iRScans a random set of IP addressesnmap -iR 5Use for random reconnaissance or testing multiple unknown IPs
-PNSkips host discovery and treats hosts as onlinenmap -PN 192.168.1.10Use when you already know the hosts are up or to avoid host discovery (e.g., when hosts block ICMP)