-oA: Saves output in all three file types; grepable, XML, and script kiddie-oG: Saves output in a grepable format-oX: Saves output as an XML file-oS: Saves output in a script kiddie format-v: Verbose. Some output is nice to see the progress-vv: Very verbose-A: Aggresive scan. Enable OS detection, version detection, script scanning, and traceroute-O -sV -sC --traceroute-O: Operating system detection-p <ports,>: Specify ports to scan-p-: Scan every port-Pn: Treat each host as active. Skip host discovery-sS: TCP SYN scan (stealth scan). Quick scan. Does not complete the TCP connection-sT: TCP connection scan-sU: UDP scan-sV: Service version scanTo use a script: --script <script name>. Here is a list of nmap scripts.
Useful scripts:
-T<N>: How aggressively (quickly) to scan. Ranges from 0 to 5.
0: Paranoid. Waits 5 minutes between each probe1: Sneaky. Waits 15 seconds between probes2: Polite. Waits 0.4 seconds between probes3: Normal. Default. Includes parallelization4: Aggressive5: Insane1 and 2 are useful to avoid IDS alerts.