Nmap 6 Cookbook: The Fat Free Guide to Network Security Scanning (2015)

Appendix B - Miscellaneous Nmap Options

In the interest of being a complete (but also fat-free) guide to Nmap, the rarely used options listed here are not covered in this book but are mentioned below for your reference.

--nsock-engine
Specify a specific nsock engine (see nmap -V for a list of available engines)

--resume
Resume an aborted scan (requires -oN or -oG logs)

--port-ratio
Scan ports in the nmap-services file greater than the specified ratio

--datadir
Override the default Nmap data directory

--servicedb
Override the default nmap-services file

--versiondb
Override the default nmap-service-probes file

--privileged
Assume that the user has the required privileges for raw socket sniffing

--unprivileged
Assume that the user does not have the required privileges for raw socket sniffing

--release-memory
Used for memory leak debugging

--send-eth
Instructs Nmap to use raw ethernet frames while scanning

--send-ip
Instructs Nmap to use IP packets while scanning

--ip-options
Specify IP options in IP packets

-S
Spoof the specified IP address

--proxies
Use an HTTP or SOCKS4 proxy for TCP connections (this feature is still under development)

-sY
Perform an SCTP INIT scan

-sZ
Perform a SCTP COOKIE ECHO scan

-PY
Perform an SCTP INIT Ping

--adler32
Calculate SCTP checksums using Adler32 algorithm

-sW
Perform a TCP Window scan

-sM
Perform a TCP Maimon scan

-R
Force Reverse DNS Lookup