nmap -flags -target
| Flags | Use |
|---|---|
| -sn | Disables Port Scan |
| -PR | Preforms ARP Scan |
| -PU | UDP Ping Scan |
| -PE | ICMP ECHO Ping Scan |
| -PP | ICMP Timestamp Ping Scan |
| -PM | ICMP Adress Mask Ping Scan |
| -PS | TCP SYN Ping Scan |
| -PA | TCP ACK Ping Scan |
| -PO | IP Protocol Ping Scan |
| -sT | TCP Connect/Full Open Scan |
| -v | Verbose Output |
| -sS | Stealth Scan/TCP half open scan |
| -sX | Xmas Scan |
| -sM | TCP Maimon Scan |
| -sA | ACK Flag Probe Scan |
| -sU | UDP Scan |
| -sN | Null Scan |
| -A | Agressive |
| -T(1-4) | To specify the Speed |
| -sl | IDLE/IPID Header Scan |
| -sY | SCTP INIT Scan |
| -sZ | SCTP Cookie ECHO Scan |
| -sV | Service Scan |
| -O | OS Detection |
| -sC | Script Scanning |
| --traceroute | To preform a traceroute as well |
| -f | Split into Fragments |
| -g --source-port | To Spoof the Source Port |
| -mtu | Specifies the number of Maximum Tranmission Units |
| -D | Decoy Scan |
| RND:# | To Specify a Random Number of IP addresses to use as Decoy |
| -Pn | Skip Host Discoverey |
| --spoof-mac 0 | Randomize the MAC Address |
| Scripts | Desctription |
|---|---|
| --script smb-os-discovery.nse | Attempts to determine the OS, Computer name, Domain, Workgroup, and current time over smb |