nmap

nmap -p- -Pn -n <ip>

  • -p- – Scan all ports
  • -Pn – Treat host as online, skip host discovery
  • -n – No DNS resolution
  • Followed by the command below to get more details about the open ports

nmap -p[portlist] -A -Pn -sT -n <ip>

  • -p[portlist] – A list of ports to scan, use the above to find these.
  • -A – enable OS/version detection, script scanning and traceroute.
  • -Pn – Treat host as online, skip host discovery
  • -sT – TCP Connect() on the ports
  • -n – no DNS resolution

nmap -O -sT -sV -p- <ip>

  • -O – OS detection
  • -sT – TCP Connect() scan
  • -sV – Probe open ports to determine service/version info
  • -p- – scan all ports

Nmap not available?

for p in $(seq 1 65535); do nc -nvzw1 x.x.x.x $p 2>&1; done | grep open
where x.x.x.x = target IP