Скачать или смотреть Kail linux passing the time with nmap commands

nmap -sP 192.168.0.1/24 scans all ips on local network
nmap -A -T4 -A is to enable OS and version detection & -T4 for faster execution; and then the hostname
sudo nmap -sT -p 80,4444 192.168.0.1/24
The -sT, Command does a tcp Connect Using a 3-way handshake really cool how this does its job (full open scan)
sudo nmap -sT 192.168.0.119 scans top 1000 ports if u dont use -p
sudo nmap -sS 192.168.0.119 stealth scan
nmap -sS -O scanme.nmap.org/24
-sS -O -This option scans all reserved TCP ports on the machine scanme.nmap.org . The -v option enables verbose mode.


nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127 -Launches host enumeration and a TCP scan at the first half of each of the 255 possible eight-bit subnets in the 198.116.0.0/16 address space. This tests whether the systems run SSH, DNS, POP3, or IMAP on their standard ports, or anything on port 4564. For any of these ports found open, version detection is used to determine what application is running.
nmap -v -iR 100000 -Pn -p 80 ---Asks Nmap to choose 100,000 hosts at random and scan them for web servers (port 80). Host enumeration is disabled with -Pn since first sending a couple probes to determine whether a host is up is wasteful when you are only probing one port on each target host anyway.