# Single target scan: nmap [target] # Scan from a list of targets: nmap -iL [list.txt] # iPv6: nmap -6 [target] # OS detection: nmap -O [target] # Save output to text file: nmap -oN [output.txt] [target] # Save output to xml file: nmap -oX [output.xml] [target] # Scan a specific port: nmap -source-port [port] [target] # Do an aggressive scan: nmap -A [target] # Traceroute: nmap -traceroute [target] # Ping scan only: -sP # Don't ping: -PN # TCP SYN ping: -PS # TCP ACK ping: -PA # UDP ping: -PU # ARP ping: -PR # Example: Ping scan all machines on a class C network nmap -sP 192.168.0.0/24