Scan open ports
nmap [target ip/domain]
Scan IPv6
nmap -6 [target ip/domain]
Select interface and scan
nmap -e [INTERFACE] [target ip/domain]
Save output to a file
nmap -oN [filename] [target ip/domain]
Selected port scan
nmap -p[port number] [targer ip/domain]
Port range scan
nmap -p[1-1000] [targer ip/domain]
Scan by service
nmap -p smtp [target]
Run individual script
nmap -script [script.nse] [target]
Execute script by category
nmap -script [category] [target]
Update script database
nmap -script-updatedb
Timing templates
-T[0-5]
Set live from packet time
-ttl
For minimum parallel operation
-min-parallelism
For maximum parallel operation
-max-parallelism
Minimal host group size
-min-hostgroup
Maximum host group size
-max-hostgroup
Maximum RTT timeout
-max-rtt-timeout
Initial RTT timeout
-initial-rtt-timeout
Maximum retries
-max-retries
Host timeout
-host-timeout
Minimal scan delay
-scan-delay
Maximum scan delay
-max-scan-delay
Minimum packet rate
-min-rate
Maximum packet rate
-max-rate
Default reset rate limit
-defeat-rst-ratelimit
Display service version
nmap -sV [target]
Aggressive scan
nmap -A [target]
Detect operating system
nmap -O [target]
Detect operating system verbose
nmap -O -v [target]
To detect service and operating system
nmap -sV -O [target]
Detect web server
nmap -sV --script http-title [target]
Scan common port
nmap --top-ports 10 [target]
Brute force DNS records
nmap --script dns-brute [target]
Detect sniffer
nmap -sP --script sniffer-detect [target]