legal contact
 

nmap

NMAP Flags

-sL List Scan (List Targets to Scan)
-sn Ping Scan (Disable Port Scan)
-sS SYN Scan
-sT TCP Connect Scan
-sP Ping Scan
-sU UDP Scan
-sO IP Scan
-b FTP Bounce Scan
-sN TCP Null Scan
-sF FIN Scan
-sX XMAS Scan
-sA ACK Scan
-sW Windows Scan
-sR RPC Scan
-sI <zombie host[:probeport]>: Idle scan
-sY SCTP INIT Scan
-sZ COOKIE-ECHO scans
-sV Probe Open Ports to Identify Service Version Info Scan
-sC SNMP Scan
-A Enable OS Detection, Version Detection, Script Scanning, and 
TraceRoute
-Pn Treat All Hosts as OnLine (Skip Host Discovery)
-PN Do Not Ask for ICMP Echo Response
-PS / PA / PU / PY[portlist] TCP SYN/ACK, UDP or SCTP Discovery to Specified 
Ports
-PE / PP / PM ICMP Echo, Timestamp, and Netmask Request Discovery Probes
-n / -R Never do DNS Resolution / Always Resolve [Default: Sometimes]
--dns-servers <serv1[,serv2],...> Specify Custom DNS Servers
--system-dns Use OS's DNS Resolver
--traceroute Trace Hop Path to Each Host
-F Fast Mode
-p <Port-Range>
-O OS Detection
-T<0-5> Timing Template (Higher is Faster)

FIREWALL/IDS EVASION and SPOOFING:

-f; --mtu <val> Fragment Packets (Optionally with specified MTU)

-D <decoy1,decoy2[,ME],...> Cloak a Scan with Decoys

-S <IP_Address> Spoof Source Address

-e <iface> Use Specified Network Interface

-g <portnum> Use specified Port Number

--data-length <num> Append Random Data to Sent Packets

--ip-options <options> Send Packets with Specified IP Options

--ttl <val> Set IP Time-To-Live Field

--spoof-mac <MAC Address/Prefix/Vendor Name> Spoof your MAC address

--badsum Send Packets with a Bogus TCP/UDP/SCTP Checksum