Most people only use nmap target. But Nmap's real power lies in its 600+ NSE scripts and advanced scanning engine.
# Run all vulnerability scripts
nmap --script vuln target
# HTTP enumeration
nmap --script http-enum target
# Brute force SSH
nmap --script ssh-brute --script-args userdb=users.txt,passdb=pass.txt target
# Check for specific CVE
nmap --script smb-vuln-ms17-010 target # EternalBlue checknmap -O target # Basic OS detection
nmap -O --osscan-guess target # Aggressive guessing
nmap -A target # OS + version + scripts + traceroute# Decoy scan — hide among fake IPs
nmap -D RND:10 target
# Fragment packets
nmap -f target
# Custom MTU
nmap --mtu 24 target
# Spoof source port
nmap --source-port 53 target # Look like DNS traffic
# Timing control
nmap -T0 target # Paranoid — 1 probe per 5 minutes
nmap -T1 target # Sneaky — 15 second intervalsnmap -oN scan.txt target # Normal output
nmap -oX scan.xml target # XML (for tools)
nmap -oG scan.gnmap target # Grepable
nmap -oA scan target # All formats at onceSubscribe to ONLY4YOU and get hands-on access to 40+ premium courses — Ethical Hacking, Kali Linux, Metasploit, Network Hacking, Bug Bounty & more!