Flags
-p: specify port (-p-all ports,-p1-100ports 1 through 100,-p1,6,7ports 1, 6, and 7,-p1-100,102ports 1 through 100 and 102)-Pn: skip host discovery-sV: probe open port for service discovery-sL: list targets to scan (don’t send any packets)-sn: ping sweep-A: OS and version detection, script scanning, and traceroute-sU: UDP scan
Syntax tips
-p-: scan all ports (1-65535)192.168.1.0/24: scan subnet192.168.1.*: scan with wildcard (similar to subnet)
Todo
Commands I’ve run in the past (pulled from my zsh_history) that I have not yet documented.
nmap -sX 192.168.1.*
nmap -p 1-65535 -T4 -A -v 10.0.0.107EOF