Collection of the NMAP usage

cat /usr/share/nmap/scripts/script.db | grep smtp

Search for the custom scripts (for smtp) in nmap

>sudo nmap -n -p 445 --open --script=smb-protocols 10.130.13.0/24

Use the smb-protocols script to check smb protocol version on the target machine.
You can check the usable scripts by grep the /usr/share/nmap/scripts/script.db

>nmap -A [IP Address]

-A means Enable OS detection(-O), version detection(-sV), script scanning in category Default(-sC), and traceroute

>nmap -n -sn 10.130.10.0/24 --packet-trace 

-n means not resolve domain names, -sn means do a host discovery sweep, packet-trace means display a summary of each packet before it sends it

>sudo nmap -n -sT 10.130.10.13

-sT means TCP scan

>nmap -sT -p- --min-rate 10000 -oA scans/alltcp 10.10.10.3
>nmap -sCV -p 80,135,139,445 10.10.10.3

Scan all TCP port, then -sCV for the detail information

>sudo nmap -n -sT 10.130.10.13 --top-ports 3000

top-ports [number] means scan top 3,000 most frequently used ports. nmap scans top1,000 most frequently used ports in default. You can use -p to scan all ports.

>sudo nmap -n -sT 10.130.10.0.24 -oA /tmp/scan

-oA means storing the results in all major format styles: Normal, Greppable and XML output

sudo nmap -n -sU 10.130.10.13

-sU means UDP scan

sudo nmap -n -sU 10.130.10.13 -p 53,111,414,500-501 --open

-p means the port you want to scan. -open means only show open ports.

sudo nmap -n -O -sT --open 10.130.10.13

-O means OS fingerprinting

>sudo nmap -n -sT -F --open 10.130.10.13-15 -sV

-F means fast mode, only scan top 100 ports. -sV provides version scan, which is better than the OS fingerprinting

>sudo nmap -sT -Pn -n --open 10.10.10.161 -p389 --script ldap-rootdse

LDAP scan. -Pn means no Ping(no host discovery)

>sudo nmap -n -p0-65535 10.10.10.19

Scan all ports on the host

>nmap -p 80,135,139,445 -sV -sC 10.10.10.19

-sV means identify the service on the port. -sC means identify service version