Common NMAP Command line format

0) View the native open ports

Nmap localhost

1 Get the remote host system type and open port

Nmap-ss-p0-sv-o <target>

Here the < target > can be a single IP, or host name, or domain name, or subnet
-ss TCP SYN Scan (also known as semi-open, or stealth scan)
-P0 allows you to turn off ICMP pings.
-SV Open System version detection
-O attempt to identify the remote operating system
Other options:
-a simultaneously turns on operating system fingerprint and version detection
-v Verbose output scan condition.
Nmap-ss-p0-a-V < target >

2 List of hosts with the specified port open
Nmap-st-p 80-og–192.168.1.* | grep Open

3 Find all online hosts on the network
NMAP-SP 192.168.0.*
Or you can also use the following command:
NMAP-SP 192.168.0.0/24
Specify subnet

4 Ping specified range of IP address
NMAP-SP 192.168.1.100-254

5 Find unused IP on a certain satin web
NMAP-T4-SP 192.168.2.0/24 && egrep "00:00:00:00:00:00″/proc/net/arp

6 Scan for Conficker worm virus on LAN
Nmap-pn-t4-p139,445-n-v–script=smb-check-vulns–script-args safe=1 192.168.0.1-254

7) Scan the network for malicious access points (rogue APs).
Nmap-a-p1-85,113,443,8080-8100-t4–min-hostgroup 50–max-rtt-timeout 2000–initial-rtt-timeout 300–max-retries 3–host -timeout 20m–max-scan-delay 1000-oa Wapscan 10.0.0.0/8

8 Use Decoy Scan method to scan host port
sudo nmap-ss 192.168.0.10-d 192.168.0.2

9 List Reverse DNS records for a subnet
Nmap-r-SL 209.85.229.99/27 | awk ' {if ($3== "not") print "(" $2″) no PTR "; else Print$3″is" $} "| grep ' ('

10 shows how many Linux and Win devices are there on the network?
sudo nmap-f-o 192.168.0.1-255 | grep "Running:" >/tmp/os; echo "$ (Cat/tmp/os | grep Linux | WC-L) Linux device (s) "; echo "$ (Cat/tmp/os | grep Windows | wc-l) window (s) device "