nmap

# HTB scan
# sV: enumerate versions
# sC: safe script
# oA: output all formats
nmap -sV -sC -oA nmap 0.0.0.0

# Nmap verbose scan, runs syn stealth, T4 timing (should be ok on LAN), OS and service version info, traceroute and scripts against services
nmap -v -sS -A -T4 target

# As above but scans all TCP ports (takes a lot longer)
nmap -v -sS -p- -A -T4 target

# As above but scans all TCP ports and UDP scan (takes even longer)
nmap -v -sU -sS -p- -A -T4 target

# Search nmap scripts for keywords
ls /usr/share/nmap/scripts/* | grep ftp

# Nmap script to scan for vulnerable SMB servers - WARNING: unsafe=1 may cause knockover
nmap -v -p 445 --script=smb-check-vulns --script-args=unsafe=1 target