NMAP
Host Discovery
Section titled “Host Discovery”sudo nmap -sn 192.168.1.0/24Port Scanning
Section titled “Port Scanning”- Top 1000
nmap -Pn $IP- All ports
nmap -Pn -p- $IP- Specific ports
nmap -Pn -p 80,443,8080 $IP- Port range
nmap -Pn -p1-10000 $IP- Fast scan
nmap -Pn -F $IP- UDP scan
nmap -Pn -sU $IP- Service detection (fast mode)
nmap -Pn -F -sV $IP- OS detection (fast mode)
nmap -Pn -F -sV -O $IP- NMAP Scripts
nmap -Pn -F -sV -O -sC $IP- Agressive scan (combine sV, O and sC)
nmap -Pn -F -A $IP- Fastest Timing template (T0 → T5)
nmap -Pn -T5 -F -A $IP- Export result
nmap -Pn -T5 -F -A $IP -oN output.txt
nmap -Pn -T5 -F -A $IP -oX output.xml