nmap (Network Mapper) is a powerful open-source tool used for network discovery and security auditing. It can be used to identify live hosts on a network, discover open ports, and detect services running on those ports.
# TCP SYN scan
# https://nmap.org/book/synscan.html
nmap -sS <host>
# No port scan
nmap -sn <host>/24
# List Scan
nmap -sL <host>/24
# FIN scan
nmap -sF <host>
# Xmas scan
nmap -sX <host>
# Null scan
nmap -sN <host>
# Scan all ports
nmap -p 1-65535 <host>
# Faster scan (Aggressive timing template)
# https://nmap.org/book/performance-timing-templates.html
nmap -T4 <host>
nmap -T3 <host> # (Default)
# Aggressive scan with OS and version detection
nmap -A <host>
# Verbose output
nmap -v <host>
# OS detection (big "O", not zero)
nmap -O <host>
# Run vulnerability scripts against the target
nmap --script vuln <host>