This is well on its way. A few points of feedback:

1. -z also works for SCTP and even Unix sockets, so it's not true that it "only works for TCP."
2. Traditional netcat has a workaround for UDP that involves sending a single null byte ('\0') and treating a ECONNREFUSED as the false condition and everything else as true. It's ok if you don't implement this right away, but we should open a subsequent issue documenting the deficiency.
3. We don't need another long option (--zero), just add it as a short option.
4. We should suppress the "Ncat: Connection refused" message when using -z because it's usually used with scripting and the extra output will probably be objected to by someone. Netcat does not produce any output with -z.
5. There's not a real better way to blacklist, but some of these probably don't matter. We want to blacklist ones that change the behavior, not the timing. Here's my list:
   • Any of the exec options: -c, -e, --lua-exec
   • -l, but don't explicitly check for things that only have meaning when -l is given, like -k, --chat, etc.

@bonsaiviking Thanks for review, I have pushed correction for this. I am little doubtful over the implementation of UDP scan, here are few reasons why -

1. Netcat reports all those UDP ports as open which do not reply with ECONNREFUSED. Implication - Link to paste
2. What should be the time-limit to wait for ECONNREFUSED, I am thinking to implement it by setting up the value of o.idletimeout internally.

I also think that connect_report() shouldn't be called here if o.proto==IPPROTO_UDP.

This is the LINK to capture performed for Netcat. First five frames correspond to command nc -zuv google.com 21 while next four correspond to nc -zuv google.com 80. Payload sent by them is 58(Hex) that is equivalent to "X", any particular reason for it ?

Looks great! @tremblerz commit this as soon as you fix the missing die statement on line 3149.