| Command | Purpose |
|---|---|
| nmap [target] | Default scan (TCP SYN) |
| nmap -sP [range] | Ping sweep to find live hosts |
| nmap -sn [range] | Host discovery without port scan |
| nmap -v [target] | Verbose output |
| Command | Purpose |
|---|---|
| nmap -sS [target] | Stealth SYN scan |
| nmap -D RND:10 [target] | Decoy scan to mask source |
| nmap -f [target] | Fragment packets to bypass filters |
| nmap --data-length 50 [target] | Obfuscate scan with random payload |
| Command | Purpose |
|---|---|
| nmap -sV [target] | Detect service versions |
| nmap -p 80,443 [target] | Scan specific ports |
| nmap -A [target] | Aggressive scan: OS, version, script, traceroute |
| nmap -O [target] | Detect operating system |
| Command | Purpose |
|---|---|
| nmap -oN output.txt [target] | Save results in normal format |
| nmap -oX output.xml [target] | Save results in XML format |
| nmap -oG output.gnmap [target] | Save results in grepable format |
| nmap -oA allformats [target] | Save results in all formats |