| Purpose | Example |
|---|---|
| 1 target | `nmap IP` |
| scan multiple targets | `nmap IP1, IP2, IP3` |
| scan a list | `nmap -iL list.txt` |
| scan CIDR range | `nmap 192.168.1.0/24` |
| Purpose | Example |
|---|---|
| Scan top 1k popular ports | `nmap IP` |
| Port range | `nmap -p x-y` |
| Port list | `nmap -p x,y,z` |
| linear portrange | `nmap -r x-y` |
| Purpose | Example |
|---|---|
| Don't probe | `nmap IP -Pn` |
| Default probe | `nmap IP -PB` |
| ICMP Echo Request | `nmap IP -PE` |
| ICMP Timestamp Request | `nmap IP -PP` |
| ICMP Network Request | `nmap IP -PM` |
| Purpose | Example |
|---|---|
| Probe only | `nmap IP -sn` |
| SYN Scan | `nmap IP -sS` |
| TCP Connect Scan | `nmap IP -sT` |
| UDP Scan | `nmap IP -su` |
| Version scan | `nmap IP -sV` |
| OS Detection | `nmap IP -PM` |
| Set TCP flags | `nmap IP --scanflags: x,y,z` |
| Purpose | Example |
|---|---|
| Paranoid | `nmap IP -T0` |
| Sneaky | `nmap IP -T1` |
| Polite | `nmap IP -T2` |
| Normal | `nmap IP -T3` |
| Aggressive | `nmap IP -T4` |
| Insane | `nmap IP -T5` |
| Purpose | Example |
|---|---|
| Standard | `nmap IP -oN file.txt` |
| Greppable | `nmap IP -oG file.txt` |
| XML | `nmap IP -oX file.txt` |
| all formats | `nmap IP -oA file` |
| Purpose | Example |
|---|---|
| Aggresive scan | `nmap IP -A` |
| nmap reason why a port is in a state | `nmap IP --reason` |