nmap
Scan network for open ports and services
TLDR
Scan the top 1000 ports of a remote host with various [v]erbosity levels
Run a ping sweep over an entire subnet or individual hosts very aggressively
Enable OS detection, version detection, script scanning, and traceroute of hosts from a file
Scan a specific list of ports (use -p- for all ports from 1 to 65535)
Perform service and version detection of the top 1000 ports using default NSE scripts, writing results (-oA) to output files
Scan target(s) carefully using default and safe NSE scripts
Scan for web servers running on standard ports 80 and 443 using all available http-* NSE scripts
Attempt evading IDS/IPS detection by using an extremely slow scan (-T0), decoy source addresses (-D), [f]ragmented packets, random data and other methods
SYNOPSIS
nmap [Scan Type(s)] [Options] {target specification}
PARAMETERS
-iL
Input from list. Scan targets from a list of hosts/networks.
-iR
Choose random targets. Scans a number of randomly chosen hosts.
-sS/sT/sA/sW/sM
TCP SYN/Connect()/ACK/Window/Maimon scans.
-sU
UDP Scan.
-sN/sF/sX
TCP Null, FIN, and Xmas scans.
-sV
Version detection. Determines service and software version.
-O
Enable operating system detection.
-p
Only scan specified ports. E.g. -p22; -p1-65535; -p U:53,111,T:21-25,80,139,8080
-F
Fast mode. Scan fewer ports than the default scan.
-T<0-5>
Set timing template (higher is faster). 0 is paranoid, 5 is insane.
-A
Aggressive scan mode. Enables OS detection, version detection, script scanning, and traceroute.
-v
Increase verbosity level. (use -vv or more for greater effect)
-oN
Output scan in normal format to the given filename.
-oX
Output scan in XML format to the given filename.
--script=