Nmap 6 Cookbook: The Fat Free Guide to Network Security Scanning (2015)
Appendix B - Miscellaneous Nmap Options
In the interest of being a complete (but also fat-free) guide to Nmap, the rarely used options listed here are not covered in this book but are mentioned below for your reference.
--nsock-engine
Specify a specific nsock engine (see nmap -V for a list of available engines)
--resume
Resume an aborted scan (requires -oN or -oG logs)
--port-ratio
Scan ports in the nmap-services file greater than the specified ratio
--datadir
Override the default Nmap data directory
--servicedb
Override the default nmap-services file
--versiondb
Override the default nmap-service-probes file
--privileged
Assume that the user has the required privileges for raw socket sniffing
--unprivileged
Assume that the user does not have the required privileges for raw socket sniffing
--release-memory
Used for memory leak debugging
--send-eth
Instructs Nmap to use raw ethernet frames while scanning
--send-ip
Instructs Nmap to use IP packets while scanning
--ip-options
Specify IP options in IP packets
-S
Spoof the specified IP address
--proxies
Use an HTTP or SOCKS4 proxy for TCP connections (this feature is still under development)
-sY
Perform an SCTP INIT scan
-sZ
Perform a SCTP COOKIE ECHO scan
-PY
Perform an SCTP INIT Ping
--adler32
Calculate SCTP checksums using Adler32 algorithm
-sW
Perform a TCP Window scan
-sM
Perform a TCP Maimon scan
-R
Force Reverse DNS Lookup