diff --git a/cheat/cheatsheets/nmap b/cheat/cheatsheets/nmap
index 66816d3..0232bf1 100644
--- a/cheat/cheatsheets/nmap
+++ b/cheat/cheatsheets/nmap
@@ -85,3 +85,20 @@ nmap -sU: UDP Scan
 nmap -sV: Version Scan
 nmap -O: Used for OS Detection/fingerprinting
 nmap --scanflags: Sets custom list of TCP using `URG ACK PSH RST SYN FIN` in any order
+
+### Nmap Scripting Engine Categories
+The most common Nmap scripting engine categories:
+- auth: Utilize credentials or bypass authentication on target hosts.
+- broadcast: Discover hosts not included on command line by broadcasting on local network.
+- brute: Attempt to guess passwords on target systems, for a variety of protocols, including http, SNMP, IAX, MySQL, VNC, etc.
+- default: Scripts run automatically when -sC or -A are used.
+- discovery: Try to learn more information about target hosts through public sources of information, SNMP, directory services, and more.
+- dos: May cause denial of service conditions in target hosts.
+- exploit: Attempt to exploit target systems.
+- external: Interact with third-party systems not included in target list.
+- fuzzer: Send unexpected input in network protocol fields.
+- intrusive: May crash target, consume excessive resources, or otherwise impact target machines in a malicious fashion.
+- malware: Look for signs of malware infection on the target hosts.
+- safe: Designed not to impact target in a negative fashion.
+- version: Measure the version of software or protocols on the target hosts.
+- vul: Measure whether target systems have a known vulnerability.