netdiscover -r 10.0.2.0/24
nmap -sP 10.195.0.0/16 // ping discovery scan
nmap -sT -A -sV --version-intensity 6 -p- 192.168.31.149
nmap -sTU -A 192.168.1.1 // Os and services for TCP and UDP
nmap -sV 192.168.1.1 // service detection
nmap -sV --version-intensity 5 192.168.1.1 // service detection agressive. 0 is less agressive
xprobe2 -v -p tcp:80:open IP
## nmap -sS is the default scanning mode // TCP SYN SCAN
nmap -iL list-of-ips.txt //scan the targets from the text file
nmap 192.168.1.1 /24 //scan a subnet
nmap -F 192.168.1.1 //scan most common 100 ports. Fast.
nmap -p 100-200 192.168.1.1 // scan a range of ports
nmap -p- 192.168.1.1 // scan all ports
nmap -Pn -F 192.168.1.1 //scan selected ports and ignore discovery
Other NMAP parameters
-oN outputfile.txt // save as txt
--script=ssl-heartbleed // checks for heartbleed
Unicorn scans
us -H -msf -Iv 192.168.56.101 -p 1-65535 ## TCP connect SYN scan
us -H -mU -Iv 192.168.56.101 -p 1-65535 ## UDP scan
## -H = resolve hostnames
## -m = scan mode (sf - tcp, U - udp)
## -Iv - verbose
Locate NSE scripts
locate nse | grep script