___ # Tags #nmap #recon # Helpful Docs - [Nmap cheat sheet](https://www.stationx.net/nmap-cheat-sheet/) # Notes - `-sS`, utilizes a syn scan, it attempts to do the first part of the tcp handshake and awaits the ack portion - `-Pn`, specifies no ping while scanning - `-iL`, specifies to scan a list, in this case a text file full of hosts - `-oX`, this outputs the results of the scan to an xml file ```nmap sudo nmap -sS -Pn -iL list-of-hosts.txt -oX list-of-hosts-results.xml ```