nmap flags & options

-sS

TCP SYN scan (half-open, stealthy, requires root).

sudo nmap -sS 192.168.1.1

-sV

Probe open ports to determine service and version info.

nmap -sV 192.168.1.1

-O

Enable OS detection (requires root).

sudo nmap -O 192.168.1.1

-p

Specify ports or port ranges to scan.

nmap -p 80,443 192.168.1.1

nmap -p 1-1024 192.168.1.1

nmap -p- 192.168.1.1

-A

Aggressive scan: OS detection, version, scripts, and traceroute.

sudo nmap -A 192.168.1.1

-Pn

Skip host discovery and treat target as online.

nmap -Pn 192.168.1.1

-oN

Save output in normal format to a file.

nmap -oN scan_results.txt 192.168.1.1

nmap -oX scan_results.xml 192.168.1.1

--script

Run NSE scripts against targets.

nmap --script vuln 192.168.1.1

nmap --script http-title -p 80 192.168.1.0/24

-sn

Ping scan to discover live hosts without port scanning.

nmap -sn 192.168.1.0/24