The nmap commands I keep forgetting

Every time I open nmap I forget at least one of these. Posting them so future-me has a single tab to grep.

Stealth-ish initial sweep:

nmap -sS -sV -O -T4 -p- 10.10.10.0/24

SYN scan, version detection, OS guess, all 65k ports, aggressive timing.

Top 1000 ports, fast:

nmap -F 10.10.10.5

Useful when you want a vibe check, not a full enum.

Service + script scan on a single host:

nmap -sC -sV -p- 10.10.10.5

-sC runs the default NSE scripts. Often surfaces banner info, anonymous FTP, weak SMB, etc.

UDP top 100 (slow, but worth it):

nmap -sU --top-ports 100 10.10.10.5

Output everything for later:

nmap -A -oA scan-target1 10.10.10.5

Three files: .nmap, .gnmap, .xml. The XML is what you import into other tools.

Pro tip: --reason tells you why nmap classified a port the way it did. Saves arguments with yourself later.