Full Port Scan (1-65535)
"-p-"
Service Version Scan
"-sV"
Light Scan
"--top-ports 50 --open"
Ping Sweep
"-sn"
Source Port 53
"--source_port 53"
Send more probes and change ICMP
nmap -sP -PE -PP -PS21,22,23,25,80,113,21339 -PA80,113,443,10042 --source_port 53 -n -T4 -iL ips.list
TCP Netcat Scanning
nc -unvv -w 1 -z <ip> 440-450
UDP Netcat Scanning
nc -nv -u -z -w1 <ip> 160-161
Shitty Portscanner (Egypt)
for port in {1..1023}; do : 2>/dev/null > "/dev/tcp/192.168.0.1/$port" && echo "$port"; done
Greppable Output (good for multiple hosts)
"-oG scan.grep"
XML Output (viewable in iexplore.exe)
"-oX scan.xml"
UnicornScan (Faster for UDP scans)
unicornscan -m {UT} <ip-address>:1-65535
ARP
arp-scan -l
ARP
netdiscover -i tap0