Useful `nmap` Snippets

Basic Scans

Perform a simple scan:
```
nmap 192.168.1.1
```
Scan multiple targets:
```
nmap 192.168.1.1 192.168.1.2
```
Scan a range of IPs:
```
nmap 192.168.1.1-254
```
Scan an entire subnet:
```
nmap 192.168.1.0/24
```

Port Scanning

Scan specific ports:
```
nmap -p 80,443 192.168.1.1
```
Scan a range of ports:
```
nmap -p 1-1000 192.168.1.1
```
Scan all 65535 ports:
```
nmap -p- 192.168.1.1
```

Service and Version Detection

Detect services and versions:
```
nmap -sV 192.168.1.1
```

Aggressive service detection:

nmap -sV --version-intensity 5 192.168.1.1

Operating System Detection

Detect OS of a host:
```
nmap -O 192.168.1.1
```
Combine OS detection with version detection:
```
nmap -A 192.168.1.1
```

Stealth Scanning

Perform a TCP SYN scan:
```
nmap -sS 192.168.1.1
```
Perform a TCP connect scan:
```
nmap -sT 192.168.1.1
```

UDP Scanning

Scan UDP ports:
```
nmap -sU 192.168.1.1
```

Script Scanning

Run default scripts:
```
nmap -sC 192.168.1.1
```
Run specific scripts:
```
nmap --script=http-title 192.168.1.1
```

Run multiple scripts:

nmap --script=http-title,ssl-cert 192.168.1.1

Output Control

Save output to a file:
```
nmap -oN output.txt 192.168.1.1
```
Save output in all formats:
```
nmap -oA output 192.168.1.1
```
Generate machine-readable output:
```
nmap -oX output.xml 192.168.1.1
```

Firewall Evasion

Use decoys to mask scan origin:
```
nmap -D RND:10 192.168.1.1
```
Use a specific source port:
```
nmap --source-port 80 192.168.1.1
```
Fragment packets to bypass firewalls:
```
nmap -f 192.168.1.1
```

Network Discovery

Ping scan to find live hosts:
```
nmap -sn 192.168.1.0/24
```
Scan without pinging:
```
nmap -Pn 192.168.1.1
```

Advanced Options

Scan with maximum speed:
```
nmap -T5 192.168.1.1
```
Save a list of targets:
```
nmap -iL targets.txt
```
Scan IPv6 targets:
```
nmap -6 2001:db8::1
```

Vulnerability Scanning

Use vulnerability scanning scripts:
```
nmap --script vuln 192.168.1.1
```