NMAP

Definitions

-sS: TCP-SYN (synchronize TCP) where this scan just sends one packet with SYN flag. No need to do the three-way handshake as it just waits for either RST (closed) or SYN-ACK (open) flag.

Scanning

-A: Enable OS detection (-O), version detection (-sV), script scanning, and traceroute (--traceroute)
-F: Fast mode - Scan fewer ports than the default scan
-T<0-5>: Set timing template (higher is faster)

Recommended Flags

Capture The Flag

nmap -A -T5 <ip> -v

Bug Bounty

nmap -A -F -T1 <ip> -v

Cheatsheet

Scan for Active Hosts

Fast Scanning

nmap -n -sn -PR -PS -PA -PU -T5 192.168.240.1/24