Nmap Scripting Engine Documentation
OPTIONS: Search the online Nmap documentation, take a look through /usr/share/nmap/scripts, search through /usr/share/nmap/scripts/script.db (which is really just a structured text file).
If a script is added to /usr/share/nmap/scripts manually, then
nmap --script-updatedb needs to be run to update the script.db file.
The Windows firewall blocks ICMP packets by default, which causes nmap to think that no host exists. The -Pn flag works around this by having nmap scan an IP even if no ping response is recorded (this makes scans hang for a long time when there really isn’t a host at the other end though!).
On a local network, another work-around is to use ARP packets. Seems better to do this.
Some useful flags for firewall avoidance:
For whatever reason, Wireshark only works for me when run using
sudo -E wireshark from the terminal (something seems to be broken with the GUI process elevation prompt, and Wireshark can’t see any interfaces).
Nmap sends a RST after the three-way handshake in a TCP connect scan in order to quickly tear down the connection.