Basic Scans
Host Discovery
Scan Types
| Scan | Flag | Use Case |
|---|---|---|
| SYN | -sS | Default stealth scan |
| Connect | -sT | No root required |
| UDP | -sU | UDP services |
| ACK | -sA | Map firewall rules |
Port Specification
Service & Version Detection
NSE Scripts
Script Categories
Script Args
Find Scripts
Timing & Performance
Evasion & Spoofing
Output Formats
Parse Grepable
Useful Combinations
Full TCP Scan
Quick Recon
UDP Top Ports
Vuln Scan
Quick Reference
| Task | Command |
|---|---|
| Full scan | nmap -sV -sC -p- TARGET |
| Stealth | nmap -sS TARGET |
| UDP | nmap -sU --top-ports 20 TARGET |
| Scripts | nmap --script=vuln TARGET |
| Evasion | nmap -f -D RND:10 TARGET |
| All output | nmap -oA scan TARGET |