Flags
-p
: specify port (-p-
all ports,-p1-100
ports 1 through 100,-p1,6,7
ports 1, 6, and 7,-p1-100,102
ports 1 through 100 and 102)-Pn
: skip host discovery-sV
: probe open port for service discovery-sL
: list targets to scan (don’t send any packets)-sn
: ping sweep-A
: OS and version detection, script scanning, and traceroute-sU
: UDP scan
Syntax tips
-p-
: scan all ports (1-65535)192.168.1.0/24
: scan subnet192.168.1.*
: scan with wildcard (similar to subnet)
Todo
Commands I’ve run in the past (pulled from my zsh_history
) that I have not yet documented.