From: https://nmap.org/nsedoc/scripts/broadcast-dns-service-discovery.html

 nmap --script broadcast-dns-service-discovery

From: https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html

sudo nmap --script broadcast-dhcp-discover

File broadcast-dhcp6-discover

sudo nmap -6 --script broadcast-dhcp6-discover

From: https://pentestlab.blog/2012/08/17/nmap-cheat-sheet/

Basic Scanning Techniques

Scan a single target —> nmap [target]

Scan multiple targets —> nmap [target1,target2,etc]

Scan a list of targets —-> nmap -iL [list.txt]

Scan a range of hosts —-> nmap [range of IP addresses]

Scan an entire subnet —-> nmap [IP address/cdir]

Scan random hosts —-> nmap -iR [number]

Excluding targets from a scan —> nmap [targets] –exclude [targets]

Excluding targets using a list —> nmap [targets] –excludefile [list.txt]

Perform an aggressive scan —> nmap -A [target]

Scan an IPv6 target —> nmap -6 [target]

From: http://krypted.com/tag/smb/

  Basic Scanning
  To then scan a computer, just use the mmap command followed by the host name or 
  even throw a -v option in there to see more information (you can use a hostname 
  or an IP):  nmap -v www.apple.com
  Use the -6 option if scanning via IPv6:
  nmap -v -6 8a33:1a2c::83::1a
  Firewalls
  Next, we’ll look at trying to bypass pesky annoyances like stageful packet inspection on 
  firewalls. First, check whether there is actually a firewall using -s:
  nmap -sA www.apple.com 
  Scan even if the host is protected by a firewall: 
  nmap -PN www.apple.com
  Just check to see if some devices are up even if behind a firewall:
  nmap -sP 192.168.210.10-20