Here’s the list of Nmap commands with numbered sections and no symbols:

1. Basic Scanning Commands

1.1 Simple Ping Scan

```

nmap -sn <target>

```

This scan sends ICMP requests to see if a host is up without performing a port scan.

1.2 Port Scan of a Single IP Address

```

nmap <target>

```

Performs a basic scan, checking 1,000 common TCP ports on the target.

1.3 Range of IP Addresses

```

nmap <target1-target2>

```

Scans multiple IP addresses, either as a range (e.g., `192.168.1.1-254`) or using CIDR notation (e.g.,
`192.168.1.0/24`).

1.4 Port Range Scan

```

nmap -p <port-range> <target>

```

Scans specific ports, like `-p 1-100`, for a more focused scan.

2. Scan Techniques
 2.1 TCP SYN Scan (Default)

```

nmap -sS <target>

```

The most popular scan, known as a "stealth scan," as it doesn’t complete TCP connections.

2.2 TCP Connect Scan

```

nmap -sT <target>

```

Performs a full TCP connection, used when SYN scan isn’t available.

2.3 UDP Scan

```

nmap -sU <target>

```

Scans UDP ports to find services like DNS or SNMP. Often used with TCP scan: `nmap -sS -sU
<target>`.

2.4 Aggressive Scan

```

nmap -A <target>

```

Enables OS detection, version detection, script scanning, and traceroute.

3. OS and Version Detection

3.1 Operating System Detection

```

nmap -O <target>

```
 Tries to determine the target's operating system.

3.2 Service Version Detection

```

nmap -sV <target>

```

Checks version details of services running on open ports.

3.3 Combine OS and Service Version Detection

```

nmap -O -sV <target>

```

4. Output Options

4.1 Standard Output

```

nmap <target> -oN <filename>

```

Saves scan results in a human-readable format.

4.2 XML Output

```

nmap <target> -oX <filename>

```

Exports scan results as XML for further analysis.

4.3 Grepable Output

```

nmap <target> -oG <filename>

```
 Outputs results in a `grep`-friendly format for filtering.

5. Advanced and Special Scans

5.1 Script Scan (Nmap Scripting Engine)

```

nmap -sC <target>

```

Uses default Nmap scripts for vulnerability detection. You can also specify scripts:

```

nmap --script <script-name> <target>

```

5.2 Scan for Only Open Ports

```

nmap --open <target>

```

Displays only open ports, hiding filtered or closed ports.

5.3 Traceroute

```

nmap --traceroute <target>

```

Traces the network path to the target.

5.4 Timing Template for Faster Scans

```

nmap -T<0-5> <target>

```

Adjusts scan speed, with `-T4` being faster and `-T0` being the slowest (stealthiest).
6. Firewall Evasion and Spoofing

6.1 Decoy Scanning

```

nmap -D RND:<num>,<decoy1>,<decoy2>,... <target>

```

Masks your IP address by adding decoys.

6.2 Fragmentation

```

nmap -f <target>

```

Fragments packets to bypass firewalls, although this is often detected by modern systems.

6.3 Spoofed Source IP

```

nmap -S <IP> <target>

```

Uses a fake IP address as the source of scan packets (requires root access).

6.4 MAC Address Spoofing

```

nmap --spoof-mac <mac-address> <target>

```

Masks your MAC address.

7. Specific Host Discovery

7.1 Skip Host Discovery

```

nmap -Pn <target>

 ```

Assumes targets are up without checking, useful for firewalls that block ping.

7.2 List Scan (List Targets Only)

```

nmap -sL <target>

```

Lists targets without actually scanning them.

8. Popular Ports Scan

8.1 Top 1000 Ports (Default)

```

nmap <target>

```

Scans the most common 1,000 ports.

8.2 Top 10 or Top 100 Ports Only

```

nmap --top-ports <10 or 100> <target>

```

9. Common Use Examples

9.1 Scan Entire Local Network

```

nmap 192.168.1.0/24

```

9.2 Detect All Open Ports

```
nmap -p- <target>

```

9.3 Run All Available Scripts (Aggressive)

```

nmap -A <target>

```