# Nmap

### Basic Scanning

* **Scan a single host**: `nmap <hostname or IP>`
* **Scan multiple hosts**: `nmap <host1> <host2> <host3>`
* **Scan a range of IPs**: `nmap <IP range>` (e.g., `nmap 192.168.1.1-20`)
* **Scan a subnet**: `nmap <CIDR>` (e.g., `nmap 192.168.1.0/24`)
* **Scan from a file**: `nmap -iL <input file>`

### Port Scanning

* **Scan common ports**: `nmap -p <port list>` (e.g., `nmap -p 22,80,443`)
* **Scan all ports**: `nmap -p-`
* **Scan specific range of ports**: `nmap -p <start>-<end>` (e.g., `nmap -p 1000-2000`)

### Scan Types

* **TCP Connect Scan**: `nmap -sT`
* **SYN Scan**: `nmap -sS`
* **UDP Scan**: `nmap -sU`
* **TCP ACK Scan**: `nmap -sA`
* **TCP Window Scan**: `nmap -sW`
* **TCP Maimon Scan**: `nmap -sM`

### Service and Version Detection

* **Service detection**: `nmap -sV`
* **Aggressive service detection**: `nmap -sV --version-intensity 5`

### OS Detection

* **Operating system detection**: `nmap -O`
* **Aggressive detection**: `nmap -A`

### Scripts and NSE (Nmap Scripting Engine)

* **List available scripts**: `nmap --script-help`
* **Run a script**: `nmap --script <script name>`
* **Run multiple scripts**: `nmap --script <script1>,<script2>`

### Timing and Performance

* **Set timing template**: `nmap -T<0-5>` (0: slowest, 5: fastest)
* **Max parallel scans**: `nmap --max-parallelism <number>`
* **Max retries**: `nmap --max-retries <number>`

### Output Options

* **Normal output**: `nmap -oN <filename>`
* **XML output**: `nmap -oX <filename>`
* **Grepable output**: `nmap -oG <filename>`
* **All formats**: `nmap -oA <basename>`

### Firewall and IDS Evasion

* **Fragment packets**: `nmap -f`
* **Specify a decoy**: `nmap -D <decoy1,decoy2,...>`
* **Send bad checksums**: `nmap --badsum`
* **Set source port**: `nmap --source-port <port>`

### Miscellaneous

* **Scan with root privileges**: `sudo nmap <options>`
* **Resume scan**: `nmap --resume <filename>`
* **Use IPv6**: `nmap -6`

#### Examples

* **Basic Scan**: `nmap scanme.nmap.org`
* **TCP SYN Scan**: `sudo nmap -sS 192.168.1.1`
* **Service Version Detection**: `nmap -sV example.com`
* **OS Detection**: `nmap -O 192.168.1.1`
* **Aggressive Scan**: `nmap -A scanme.nmap.org`
* **Save Output to All Formats**: `nmap -oA output example.com`
* **UDP Scan**: `sudo nmap -sU -p 123,161,162 example.com`

This cheatsheet covers the basic and commonly used options of Nmap. For more advanced usage and options, refer to the Nmap official documentation.