diff --git a/docs/nmap.1 b/docs/nmap.1
index e0e08a9d0..e752045d0 100644
--- a/docs/nmap.1
+++ b/docs/nmap.1
@@ -2,12 +2,12 @@
 .\"     Title: nmap
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 04/23/2024
+.\"      Date: 05/07/2025
 .\"    Manual: Nmap Reference Guide
 .\"    Source: Nmap
 .\"  Language: English
 .\"
-.TH "NMAP" "1" "04/23/2024" "Nmap" "Nmap Reference Guide"
+.TH "NMAP" "1" "05/07/2025" "Nmap" "Nmap Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -119,7 +119,7 @@ This options summary is printed when Nmap is run with no arguments, and the late
 .RS 4
 .\}
 .nf
-Nmap 7\&.95SVN ( https://nmap\&.org )
+Nmap 7\&.96SVN ( https://nmap\&.org )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc\&.
@@ -336,7 +336,7 @@ The exclude file may contain comments that start with
 and extend to the end of the line\&.
 .RE
 .PP
-\fB\-n\fR (No DNS resolution)
+\fB\-n\fR (No reverse DNS resolution)
 .RS 4
 
 Tells Nmap to
@@ -344,7 +344,7 @@ Tells Nmap to
 do reverse DNS resolution on the active IP addresses it finds\&. Since DNS can be slow even with Nmap\*(Aqs built\-in parallel stub resolver, this option can slash scanning times\&.
 .RE
 .PP
-\fB\-R\fR (DNS resolution for all targets)
+\fB\-R\fR (Reverse DNS resolution for all targets)
 .RS 4
 Tells Nmap to
 \fIalways\fR
@@ -364,21 +364,21 @@ Scan each IP address only once\&. The default behavior is to scan each address a
 .PP
 \fB\-\-system\-dns\fR (Use system DNS resolver)
 .RS 4
-By default, Nmap reverse\-resolves IP addresses by sending queries directly to the name servers configured on your host and then listening for responses\&. Many requests (often dozens) are performed in parallel to improve performance\&. Specify this option to use your system resolver instead (one IP at a time via the
+By default, Nmap resolves names to IP addresses (and IP addresses to names) by sending queries directly to the name servers configured on your host and then listening for responses\&. Many requests (often dozens) are performed in parallel to improve performance\&. Specify this option to use your system resolver instead (one IP at a time via the
 \fBgetnameinfo\fR
-call)\&. This is slower and rarely useful unless you find a bug in the Nmap parallel resolver (please let us know if you do)\&. The system resolver is always used for forward lookups (getting an IP address from a hostname)\&.
+call)\&. This is slower and rarely useful unless you find a bug in the Nmap parallel resolver (please let us know if you do)\&.
 .RE
 .PP
-\fB\-\-dns\-servers \fR\fB\fIserver1\fR\fR\fB[,\fIserver2\fR[,\&.\&.\&.]]\fR\fB \fR (Servers to use for reverse DNS queries)
+\fB\-\-dns\-servers \fR\fB\fIserver1\fR\fR\fB[,\fIserver2\fR[,\&.\&.\&.]]\fR\fB \fR (Servers to use for DNS queries)
 .RS 4
-By default, Nmap determines your DNS servers (for rDNS resolution) from your resolv\&.conf file (Unix) or the Registry (Win32)\&. Alternatively, you may use this option to specify alternate servers\&. This option is not honored if you are using
+By default, Nmap determines your DNS servers from your resolv\&.conf file (Unix) or the Registry (Win32)\&. Alternatively, you may use this option to specify alternate servers\&. This option is not honored if you are using
 \fB\-\-system\-dns\fR\&. Using multiple DNS servers is often faster, especially if you choose authoritative servers for your target IP space\&. This option can also improve stealth, as your requests can be bounced off just about any recursive DNS server on the Internet\&.
 .sp
-This option also comes in handy when scanning private networks\&. Sometimes only a few name servers provide proper rDNS information, and you may not even know where they are\&. You can scan the network for port 53 (perhaps with version detection), then try Nmap list scans (\fB\-sL\fR) specifying each name server one at a time with
+This option also comes in handy when scanning private networks\&. Sometimes only a few name servers provide proper DNS information, and you may not even know where they are\&. You can scan the network for port 53 (perhaps with version detection), then try Nmap list scans (\fB\-sL\fR) specifying each name server one at a time with
 \fB\-\-dns\-servers\fR
 until you find one which works\&.
 .sp
-This option might not be honored if the DNS response exceeds the size of a UDP packet\&. In such a situation our DNS resolver will make the best effort to extract a response from the truncated packet, and if not successful it will fall back to using the system resolver\&. Also, responses that contain CNAME aliases will fall back to the system resolver\&.
+This option might not be honored if the DNS response exceeds the size of a UDP packet\&. In such a situation our DNS resolver will make the best effort to extract a response from the truncated packet, and if not successful it will fall back to using the system resolver\&.
 .RE
 .SH "HOST DISCOVERY"
 .PP
@@ -1248,6 +1248,10 @@ and is controlled by the following options:
 .RS 4
 Performs a script scan using the default set of scripts\&. It is equivalent to
 \fB\-\-script=default\fR\&. Some of the scripts in this category are considered intrusive and should not be run against a target network without permission\&.
+.sp
+Note that this shorthand option is ignored whenever at least one
+\fB\-\-script\fR
+is also specified\&.
 .RE
 .PP
 \fB\-\-script \fR\fB\fIfilename\fR\fR\fB|\fR\fB\fIcategory\fR\fR\fB|\fR\fB\fIdirectory\fR\fR\fB/|\fR\fB\fIexpression\fR\fR\fB[,\&.\&.\&.]\fR
@@ -1840,7 +1844,7 @@ Normally Nmap sends minimalist packets containing only a header\&. So its TCP pa
 and IP protocols
 get a custom payload by default\&. This option tells Nmap to append the given number of random bytes to most of the packets it sends, and not to use any protocol\-specific payloads\&. (Use
 \fB\-\-data\-length 0\fR
-for no random or protocol\-specific payloads\&.
+for no random or protocol\-specific payloads\&.)
 OS detection (\fB\-O\fR) packets are not affected
 because accuracy there requires probe consistency, but most pinging and portscan packets support this\&. It slows things down a little, but can make a scan slightly less conspicuous\&.
 .RE
diff --git a/docs/zenmap.1 b/docs/zenmap.1
index 3795d1e09..798c31fcc 100644
--- a/docs/zenmap.1
+++ b/docs/zenmap.1
@@ -2,12 +2,12 @@
 .\"     Title: zenmap
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 04/23/2024
+.\"      Date: 05/07/2025
 .\"    Manual: Zenmap Reference Guide
 .\"    Source: Zenmap
 .\"  Language: English
 .\"
-.TH "ZENMAP" "1" "04/23/2024" "Zenmap" "Zenmap Reference Guide"
+.TH "ZENMAP" "1" "05/07/2025" "Zenmap" "Zenmap Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/ncat/docs/ncat.1 b/ncat/docs/ncat.1
index 45eddb438..81020c2c9 100644
--- a/ncat/docs/ncat.1
+++ b/ncat/docs/ncat.1
@@ -2,12 +2,12 @@
 .\"     Title: Ncat
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 04/23/2024
+.\"      Date: 05/07/2025
 .\"    Manual: Ncat Reference Guide
 .\"    Source: Ncat
 .\"  Language: English
 .\"
-.TH "NCAT" "1" "04/23/2024" "Ncat" "Ncat Reference Guide"
+.TH "NCAT" "1" "05/07/2025" "Ncat" "Ncat Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -43,7 +43,7 @@ Among Ncat\*(Aqs vast number of features there is the ability to chain Ncats tog
 .RS 4
 .\}
 .nf
-Ncat 7\&.95SVN ( https://nmap\&.org/ncat )
+Ncat 7\&.96SVN ( https://nmap\&.org/ncat )
 Usage: ncat [options] [hostname] [port]
 
 Options taking a time assume seconds\&. Append \*(Aqms\*(Aq for milliseconds,
@@ -79,6 +79,7 @@ Options taking a time assume seconds\&. Append \*(Aqms\*(Aq for milliseconds,
       \-\-send\-only            Only send data, ignoring received; quit on EOF
       \-\-recv\-only            Only receive data, never send anything
       \-\-no\-shutdown          Continue half\-duplex when receiving EOF on stdin
+  \-q <time>                  After EOF on stdin, wait <time> then quit\&.
       \-\-allow                Allow only given hosts to connect to Ncat
       \-\-allowfile            A file of hosts allowed to connect to Ncat
       \-\-deny                 Deny given hosts from connecting to Ncat
@@ -213,10 +214,14 @@ Listen for connections rather than connecting to a remote machine
 The maximum number of simultaneous connections accepted by an Ncat instance\&. 100 is the default (60 on Windows)\&.
 .RE
 .PP
-\fB\-k\fR, \fB\-\-keep\-open\fR (Accept multiple connections)
+\fB\-k\fR, \fB\-\-keep\-open\fR (Accept multiple connections, do not quit on socket EOF)
 .RS 4
 Normally a listening server accepts only one connection and then quits when the connection is closed\&. This option makes it accept multiple simultaneous connections and wait for more connections after they have all been closed\&. It must be combined with
 \fB\-\-listen\fR\&. In this mode there is no way for Ncat to know when its network input is finished, so it will keep running until interrupted\&. This also means that it will never close its output stream, so any program reading from Ncat and looking for end\-of\-file will also hang\&.
+.sp
+In connect mode, the
+\fB\-k\fR
+option has a different meaning: when the remote end of a TCP connection shuts down its side of the connection, Ncat will keep running and sending any available data\&. This was the default behavior in Ncat 7\&.95 and earlier, but it was changed to better align with existing netcat implementations\&. TCP is the only transport that supports this option in connect mode\&.
 .RE
 .PP
 \fB\-\-broker\fR (Connection brokering)
@@ -460,6 +465,13 @@ options\&.
 Set a fixed timeout for idle connections\&. If the idle timeout is reached, the connection is terminated\&.
 .RE
 .PP
+\fB\-q \fR\fB\fItime\fR\fR (Delay quit after EOF on stdin)
+.RS 4
+After EOF on stdin, wait the specified amount of time, then quit\&. If
+\fItime\fR
+is negative, wait forever\&. Ncat may still quit based on idle timeout or EOF on the socket\&.
+.RE
+.PP
 \fB\-w \fR\fB\fItime\fR\fR, \fB\-\-wait \fR\fB\fItime\fR\fR (Specify connect timeout)
 .RS 4
 Set a fixed timeout for connection attempts\&.
diff --git a/ndiff/docs/ndiff.1 b/ndiff/docs/ndiff.1
index ab7cc37b1..b4e7717d7 100644
--- a/ndiff/docs/ndiff.1
+++ b/ndiff/docs/ndiff.1
@@ -2,12 +2,12 @@
 .\"     Title: ndiff
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 04/23/2024
+.\"      Date: 05/07/2025
 .\"    Manual: User Commands
 .\"    Source: Ndiff
 .\"  Language: English
 .\"
-.TH "NDIFF" "1" "04/23/2024" "Ndiff" "User Commands"
+.TH "NDIFF" "1" "05/07/2025" "Ndiff" "User Commands"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
diff --git a/nping/docs/nping.1 b/nping/docs/nping.1
index 284b39339..b7531cf96 100644
--- a/nping/docs/nping.1
+++ b/nping/docs/nping.1
@@ -2,12 +2,12 @@
 .\"     Title: nping
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: 04/23/2024
+.\"      Date: 05/07/2025
 .\"    Manual: Nping Reference Guide
 .\"    Source: Nping
 .\"  Language: English
 .\"
-.TH "NPING" "1" "04/23/2024" "Nping" "Nping Reference Guide"
+.TH "NPING" "1" "05/07/2025" "Nping" "Nping Reference Guide"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -82,9 +82,7 @@ Nping done: 2 IP addresses pinged in 4\&.01 seconds
 The newest version of Nping can be obtained with Nmap at
 \m[blue]\fB\%https://nmap.org\fR\m[]\&. The newest version of this man page is available at
 \m[blue]\fB\%https://nmap.org/book/nping-man.html\fR\m[]\&.
-
-\-\->
-  .SH "OPTIONS SUMMARY"
+.SH "OPTIONS SUMMARY"
 .PP
 This options summary is printed when Nping is run with no arguments\&. It helps people remember the most common options, but is no substitute for the in\-depth documentation in the rest of this manual\&. Some obscure options aren\*(Aqt even included here\&.
 .sp