# TCP SYN scan
nmap -sS TARGET_IP

# TCP connect scan
nmap -sT TARGET_IP

# UDP scan
nmap -sU TARGET_IP

# TCP ACK scan
nmap -sA TARGET_IP

# TCP FIN scan
nmap -sF TARGET_IP

# TCP NULL scan
nmap -sN TARGET_IP

# TCP XMAS scan
nmap -sX TARGET_IP

# TCP Maimon scan
nmap -sM TARGET_IP

# TCP Window scan
nmap -sW TARGET_IP

# TCP Idle scan
nmap -sI ZOMBIE_IP TARGET_IP

# Comprehensive scan
nmap -sS -sU -O -A -v TARGET_IP

# Stealth scan
nmap -sS -f TARGET_IP

# Fragment packets
nmap -sS -f -D RND:10 TARGET_IP

# Decoy scan
nmap -sS -D decoy1,decoy2,decoy3 TARGET_IP

# Source port scan
nmap -sS --source-port 53 TARGET_IP

# Timing template
nmap -T0 TARGET_IP  # Paranoid
nmap -T1 TARGET_IP  # Sneaky
nmap -T2 TARGET_IP  # Polite
nmap -T3 TARGET_IP  # Normal
nmap -T4 TARGET_IP  # Aggressive
nmap -T5 TARGET_IP  # Insane

# Port range
nmap -p 1-1000 TARGET_IP
nmap -p 80,443,8080,8443 TARGET_IP
nmap -p- TARGET_IP  # All ports

# Service detection
nmap -sV TARGET_IP

# OS detection
nmap -O TARGET_IP

# Script scanning
nmap -sC TARGET_IP

# SYN scan (stealth)
nmap -sS TARGET_IP

# Connect scan (reliable)
nmap -sT TARGET_IP

# UDP scan (slow but necessary)
nmap -sU TARGET_IP

# ACK scan (firewall detection)
nmap -sA TARGET_IP

# FIN scan (stealth)
nmap -sF TARGET_IP

# NULL scan (stealth)
nmap -sN TARGET_IP

# XMAS scan (stealth)
nmap -sX TARGET_IP

# Maimon scan (stealth)
nmap -sM TARGET_IP

# Window scan (stealth)
nmap -sW TARGET_IP

# Idle scan (stealth)
nmap -sI ZOMBIE_IP TARGET_IP

# Basic port scan
masscan -p80,443 TARGET_NETWORK

# Scan all ports
masscan -p0-65535 TARGET_NETWORK

# Scan common ports
masscan -p1-1000 TARGET_NETWORK

# Scan specific ports
masscan -p22,80,443,8080,8443 TARGET_NETWORK

# Scan with rate limit
masscan -p80,443 --rate=1000 TARGET_NETWORK

# Scan with output file
masscan -p80,443 -oG results.txt TARGET_NETWORK

# Scan with XML output
masscan -p80,443 -oX results.xml TARGET_NETWORK

# Scan with JSON output
masscan -p80,443 -oJ results.json TARGET_NETWORK

# Scan with binary output
masscan -p80,443 -oB results.bin TARGET_NETWORK

# Stealth scan
masscan -p80,443 --rate=100 TARGET_NETWORK

# Randomize hosts
masscan -p80,443 --randomize-hosts TARGET_NETWORK

# Randomize ports
masscan -p80,443 --randomize-ports TARGET_NETWORK

# Adapter selection
masscan -p80,443 --adapter eth0 TARGET_NETWORK

# Source IP
masscan -p80,443 --source-ip 192.168.1.100 TARGET_NETWORK

# Source port
masscan -p80,443 --source-port 40000 TARGET_NETWORK

# Banner grab
masscan -p80,443 --banners TARGET_NETWORK

# Ping scan
masscan --ping TARGET_NETWORK

# ARP scan
masscan --arp TARGET_NETWORK

# ICMP scan
masscan --icmp TARGET_NETWORK

# Basic port scan
zmap -p 80 TARGET_NETWORK

# Scan multiple ports
zmap -p 80,443 TARGET_NETWORK

# Scan port range
zmap -p 80-443 TARGET_NETWORK

# Scan with rate limit
zmap -p 80 --rate=1000 TARGET_NETWORK

# Scan with bandwidth limit
zmap -p 80 --bandwidth=10M TARGET_NETWORK

# Scan with output file
zmap -p 80 -o results.txt TARGET_NETWORK

# Scan with JSON output
zmap -p 80 -o results.json TARGET_NETWORK

# Scan with CSV output
zmap -p 80 -o results.csv TARGET_NETWORK

# Scan with binary output
zmap -p 80 -o results.bin TARGET_NETWORK

# Stealth scan
zmap -p 80 --rate=100 TARGET_NETWORK

# Randomize targets
zmap -p 80 --shards=1/1 TARGET_NETWORK

# Blacklist file
zmap -p 80 --blacklist-file=blacklist.txt TARGET_NETWORK

# Whitelist file
zmap -p 80 --whitelist-file=whitelist.txt TARGET_NETWORK

# Source IP
zmap -p 80 --source-ip=192.168.1.100 TARGET_NETWORK

# Source port
zmap -p 80 --source-port=40000 TARGET_NETWORK

# Interface selection
zmap -p 80 --interface=eth0 TARGET_NETWORK

# Gateway MAC
zmap -p 80 --gateway-mac=00:11:22:33:44:55 TARGET_NETWORK

# Probe module
zmap -p 80 --probe-module=tcp_synscan TARGET_NETWORK

# Output module
zmap -p 80 --output-module=json TARGET_NETWORK

import socket
import threading
import queue
import time
import ipaddress

def port_scanner(target, ports, threads=10, delay=0):
    def worker():
        while True:
            try:
                port = ports.get()
                if port is None:
                    break
                
                sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                sock.settimeout(1)
                result = sock.connect_ex((target, port))
                
                if result == 0:
                    print(f"[OPEN] {target}:{port}")
                
                sock.close()
                time.sleep(delay)
                
            except Exception as e:
                pass
            finally:
                ports.task_done()
    
    # Start threads
    for i in range(threads):
        t = threading.Thread(target=worker)
        t.daemon = True
        t.start()
    
    # Add ports to queue
    for port in range(1, 65536):
        ports.put(port)
    
    # Wait for completion
    ports.join()

# Usage
target = "TARGET_IP"
ports = queue.Queue()
port_scanner(target, ports, threads=100, delay=0.01)

#!/bin/bash

TARGET_IP="TARGET_IP"
THREADS=10

# Function to check port
check_port() {
    local port=$1
    local target=$2
    
    if timeout 1 bash -c "echo >/dev/tcp/$target/$port" 2>/dev/null; then
        echo "[OPEN] $target:$port"
    fi
}

# Export function for parallel
export -f check_port
export TARGET_IP

# Run parallel port check
seq 1 65535 | parallel -j "$THREADS" check_port {} "$TARGET_IP"

# SYN scan (stealth)
nmap -sS TARGET_IP

# Connect scan (reliable)
nmap -sT TARGET_IP

# ACK scan (firewall detection)
nmap -sA TARGET_IP

# FIN scan (stealth)
nmap -sF TARGET_IP

# NULL scan (stealth)
nmap -sN TARGET_IP

# XMAS scan (stealth)
nmap -sX TARGET_IP

# Maimon scan (stealth)
nmap -sM TARGET_IP

# Window scan (stealth)
nmap -sW TARGET_IP

# Idle scan (stealth)
nmap -sI ZOMBIE_IP TARGET_IP

# UDP scan
nmap -sU TARGET_IP

# UDP scan with specific ports
nmap -sU -p 53,67,68,69,123,135,137,138,139,161,162,445,500,514,520,631,1434,1900,4500,49152 TARGET_IP

# UDP scan with service detection
nmap -sU -sV TARGET_IP

# UDP scan with OS detection
nmap -sU -O TARGET_IP

# UDP scan with scripts
nmap -sU --script vuln TARGET_IP

# ICMP ping
ping -c 4 TARGET_IP

# ICMP ping with timestamp
ping -D TARGET_IP

# ICMP ping with flood
ping -f TARGET_IP

# ICMP ping with interval
ping -i 0.2 TARGET_IP

# ICMP ping with size
ping -s 1000 TARGET_IP

# ICMP ping with TTL
ping -t 64 TARGET_IP

# ICMP ping with verbose
ping -v TARGET_IP

# ICMP ping with quiet
ping -q TARGET_IP

# Telnet banner grab
telnet TARGET_IP 80

# Netcat banner grab
nc TARGET_IP 80

# Nmap banner grab
nmap -sV --script banner TARGET_IP

# Curl banner grab
curl -I http://TARGET_IP

# Wget banner grab
wget --spider -S http://TARGET_IP

# OpenSSL banner grab
openssl s_client -connect TARGET_IP:443

# SMTP banner grab
nc TARGET_IP 25

# FTP banner grab
nc TARGET_IP 21

# SSH banner grab
nc TARGET_IP 22

# HTTP service enumeration
nmap --script http-enum TARGET_IP
nmap --script http-headers TARGET_IP
nmap --script http-methods TARGET_IP
nmap --script http-robots.txt TARGET_IP
nmap --script http-sitemap-generator TARGET_IP
nmap --script http-title TARGET_IP
nmap --script http-vhosts TARGET_IP

# SMB service enumeration
nmap --script smb-enum-shares TARGET_IP
nmap --script smb-enum-users TARGET_IP
nmap --script smb-enum-groups TARGET_IP
nmap --script smb-enum-domains TARGET_IP
nmap --script smb-os-discovery TARGET_IP
nmap --script smb-protocols TARGET_IP
nmap --script smb-security-mode TARGET_IP
nmap --script smb-system-info TARGET_IP

# SNMP service enumeration
nmap --script snmp-info TARGET_IP
nmap --script snmp-brute TARGET_IP
nmap --script snmp-communities TARGET_IP
nmap --script snmp-hh3c-logins TARGET_IP
nmap --script snmp-interfaces TARGET_IP
nmap --script snmp-ios-config TARGET_IP
nmap --script snmp-netstat TARGET_IP
nmap --script snmp-processes TARGET_IP
nmap --script snmp-public TARGET_IP
nmap --script snmp-sysdescr TARGET_IP
nmap --script snmp-win32-services TARGET_IP
nmap --script snmp-win32-shares TARGET_IP
nmap --script snmp-win32-software TARGET_IP
nmap --script snmp-win32-users TARGET_IP

# Vulnerability scripts
nmap --script vuln TARGET_IP

# Safe scripts
nmap --script safe TARGET_IP

# Auth scripts
nmap --script auth TARGET_IP

# Discovery scripts
nmap --script discovery TARGET_IP

# Exploit scripts
nmap --script exploit TARGET_IP

# Malware scripts
nmap --script malware TARGET_IP

# Intrusive scripts
nmap --script intrusive TARGET_IP

# Version scripts
nmap --script version TARGET_IP

# Multiple script categories
nmap --script vuln,exploit TARGET_IP

# HTTP enumeration script
nmap --script http-enum TARGET_IP

# SMB enumeration script
nmap --script smb-enum-shares TARGET_IP

# SNMP enumeration script
nmap --script snmp-info TARGET_IP

# DNS enumeration script
nmap --script dns-brute TARGET_IP

# FTP enumeration script
nmap --script ftp-anon TARGET_IP

# SSH enumeration script
nmap --script ssh-hostkey TARGET_IP

# SMTP enumeration script
nmap --script smtp-commands TARGET_IP

# Add delay between requests
nmap -T2 TARGET_IP

# Use fewer threads
nmap -T1 TARGET_IP

# Use proxy rotation
nmap -sS --proxies http://proxy1:8080,http://proxy2:8080 TARGET_IP

# Use random timing
nmap -T3 --randomize-hosts TARGET_IP

# Use fragment packets
nmap -sS -f TARGET_IP

# Use decoy scans
nmap -sS -D decoy1,decoy2,decoy3 TARGET_IP

# Use source port spoofing
nmap -sS --source-port 53 TARGET_IP

# Save results to file
nmap -oN results.txt TARGET_IP

# Filter by port status
grep "open" results.txt
grep "filtered" results.txt
grep "closed" results.txt

# Filter by service
grep "http" results.txt
grep "ssh" results.txt
grep "ftp" results.txt
grep "smb" results.txt
grep "snmp" results.txt

# Connection timeout
nmap -T1 TARGET_IP

# Too many requests
nmap -T0 TARGET_IP

# Invalid target
nmap -sn TARGET_NETWORK

# Permission denied
sudo nmap -sS TARGET_IP

# Use appropriate timing
nmap -T4 TARGET_IP

# Use smaller port ranges
nmap -p 1-1000 TARGET_IP

# Use specific scripts
nmap --script vuln TARGET_IP