Yes, Nmap has a wide range of flags (options) that you can use to customize your scans. Here are some commonly used Nmap flags:
- -sS: TCP SYN scan (stealth scan).
- -sT: TCP connect scan (full TCP handshake).
- -sU: UDP scan.
- -p: Specify port(s) to scan (e.g.,
-p 22,80or-p 1-1000). - -O: Enable OS detection.
- -A: Enable OS detection, version detection, script scanning, and traceroute.
- -Pn: Treat all hosts as online (skip host discovery).
- -v: Increase verbosity level (use multiple times for more detail).
- -oN: Output scan results in normal format to a file (e.g.,
-oN output.txt). - -T: Set timing template (0-5, where 0 is the slowest and 5 is the fastest).
These flags can be combined to tailor your scan to specific needs. For example:
nmap -sS -sV -O -p 1-1000 <target>This command performs a SYN scan, detects service versions, performs OS detection, and scans the first 1000 ports on the specified target.
