I have used nmap and other IP scanners such as Angry IP scanner. My observation was that Nmap used Reverse DNS to resolve hostnames, so for that to work the DNS server should have reverse pointer records for the hosts. I found that other scanners follow up a PTR Query with a Netbios Query.
If you are sure that all hosts on the target network are Windows hosts and that they have NETBIOS enabled, you can use nbtscan tool to scan them.
You can run any specific checks you like, or all of them with --script smb-vuln-*, but be aware that many of these can cause a blue screen or other crash on the scanned system. Previously, these required you to add --script-args unsafe=1, so we added these scripts to the "dos" category so you can rule them out with --script "smb-vulns-* and not dos"
Best Answer
Is quite a good reference in itself.
It is available as PDF and on-line reference.
There are a few cheetsheets too,
SBDTools has Nmap5 Cheetsheet v1 (pdf), among other things.
And, don't forget the '
nmap
' tag right here and across SE sites.