-iL: Input from list of hosts/networks
-iR: Choose random targets
--exclude: Exclude hosts/networks
--excludefile: Exclude list from file
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS[portlist]: TCP SYN discovery to given ports
-PA[portlist]: TCP ACK discovery to given ports
-PU[portlist]: UDP discovery to given ports
-PY[portlist]: SCTP discovery to given ports
-PE: ICMP echo request discovery probe
-PP: ICMP timestamp request discovery probe
-PM: ICMP netmask request discovery probe
-PO[protocol list]: IP Protocol Ping
-n: Never do DNS resolution
-R: Always resolve DNS
--dns-servers: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
-sS: TCP SYN scan
-sT: TCP Connect() scan
-sA: TCP ACK scan
-sW: TCP Window scan
-sM: TCP Maimon scan
-sN: TCP scan type N
-sF: TCP scan type F
-sX: TCP scan type X
-sY: SCTP INIT scan
-sZ: SCTP COOKIE-ECHO scan
-sU: UDP Scan
--min-hostgroup: Minimum parallel host scan group size
--max-hostgroup: Maximum parallel host scan group size
--scanflags: Customize TCP scan flags
-sI: Idle scan
-sO: IP protocol scan
-b: FTP bounce scan
-p: Only scan specified ports
--exclude-ports: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports sequentially - don't randomize
--top-ports: Scan most common ports
--port-ratio: Scan ports more common than
-sV: Probe open ports to determine service/version info
--version-intensity: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
-sC: equivalent to --script=default
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
Options which take are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-parallelism: Minimum probe parallelization
--max-parallelism: Maximum probe parallelization
--min-rtt-timeout: Specifies minimum RTT timeout
--max-rtt-timeout: Specifies maximum RTT timeout
--initial-rtt-timeout: Specifies initial RTT timeout
--scan-delay: Adjust default delay between probes
--max-scan-delay: Adjust maximum delay between probes
-g: Use given source port number
--source-port: Use given source port number
-oN: Output scan in normal format to the given filename
-oX: Output scan in XML format to the given filename
-oS: Output scan in s|<rIpt kIddi3 format to the given filename
-oG: Output scan in Grepable format to the given filename
send-eth: [Description needed]
--send-ip: [Description needed]
--max-retries: Caps number of port scan probe retransmissions.
--host-timeout: Give up on target after this long
--min-rate: Send packets no slower than per second
--max-rate: Send packets no faster than per second
-f; --mtu: fragment packets (optionally w/given MTU)
-D: Cloak a scan with decoys
-S: Spoof source address
-e: Use specified interface
--proxies: Relay connections through HTTP/SOCKS4 proxies
--data: Append a custom payload to sent packets
--data-string: Append a custom ASCII string to sent packets
--data-length: Append random data to sent packets
--ip-options: Send packets with specified ip options
--ttl: Set IP time-to-live field
--spoof-mac: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
-oA: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume: Resume an aborted scan
--noninteractive: Disable runtime interactions via keyboard
--stylesheet: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
-6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir: Specify custom Nmap data file location
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number