扫描神器--nmap
BASIC SCANNING TECHNIQUES
Goal | command | example |
Scan a Single Target | nmap [target] | nmap 192.168.0.1 |
Scan Multiple Targets | nmap [target1, target2, etc] | nmap 192.168.0.1 192.168.0.2 |
Scan a List of Targets | nmap -iL [list.txt] | nmap -iL targets.txt |
Scan a Range of Hosts | nmap [range of ip addresses] | nmap 192.168.0.1-10 |
Scan an Entire Subnet | nmap [ip address/cdir] | nmap 192.168.0.1/24 |
Scan Random Hosts | nmap -iR [number] | nmap -iR 0 |
Excluding Targets from a Scan | nmap [targets] –exclude [targets] | nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.200 |
Excluding Targets Using a List | nmap [targets] –excludefile [list.txt] | nmap 192.168.0.1/24 –excludefile notargets.txt |
Perform an Aggressive Scan | nmap -A [target] | nmap -A 192.168.0.1 |
Scan an IPv6 Target | nmap -6 [target] | nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2afe |
DISCOVERY OPTIONS
Goal | command | example |
Perform a Ping Only Scan | nmap -sP [target] | nmap -sP 192.168.0.1 |
Don’t Ping | nmap -PN [target] | nmap -PN 192.168.0.1 |
TCP SYN Ping | nmap -PS [target] | nmap -PS 192.168.0.1 |
TCP ACK Ping | nmap -PA [target] | nmap -PA 192.168.0.1 |
UDP Ping | nmap -PU [target] | nmap -PU 192.168.0.1 |
SCTP INIT Ping | nmap -PY [target] | nmap -PY 192.168.0.1 |
ICMP Echo Ping | nmap -PE [target] | nmap -PE 192.168.0.1 |
ICMP Timestamp Ping | nmap -PP [target] | nmap -PP 192.168.0.1 |
ICMP Address Mask Ping | nmap -PM [target] | nmap -PM 192.168.0.1 |
IP Protocol Ping | nmap -PO [target] | nmap -PO 192.168.0.1 |
ARP Ping | nmap -PR [target] | nmap -PR 192.168.0.1 |
Traceroute | nmap –traceroute [target] | nmap –traceroute 192.168.0.1 |
Force Reverse DNS Resolution | nmap -R [target] | nmap -R 192.168.0.1 |
Disable Reverse DNS Resolution | nmap -n [target] | nmap -n 192.168.0.1 |
Alternative DNS Lookup | nmap –system-dns [target] | nmap –system-dns 192.168.0.1 |
Manually Specify DNS Server(s) | nmap –dns-servers [servers] [target] | nmap –dns-servers 201.56.212.54 192.168.0.1 |
Create a Host List | nmap -sL [targets] | nmap -sL 192.168.0.1/24 |
ADVANCED SCANNING OPTIONS
Goal | command | example |
TCP SYN Scan | nmap -sS [target] | nmap -sS 192.168.0.1 |
TCP Connect Scan | nmap -sT [target] | nmap -sT 192.168.0.1 |
UDP Scan | nmap -sU [target] | nmap -sU 192.168.0.1 |
TCP NULL Scan | nmap -sN [target] | nmap -sN 192.168.0.1 |
TCP FIN Scan | nmap -sF [target] | nmap -sF 192.168.0.1 |
Xmas Scan | nmap -sX [target] | nmap -sX 192.168.0.1 |
TCP ACK Scan | nmap -sA [target] | nmap -sA 192.168.0.1 |
Custom TCP Scan | nmap –scanflags [flags] [target] | nmap –scanflags SYNFIN 192.168.0.1 |
IP Protocol Scan | nmap -sO [target] | nmap -sO 192.168.0.1 |
Send Raw Ethernet Packets | nmap –send-eth [target] | nmap –send-eth 192.168.0.1 |
Send IP Packets | nmap –send-ip [target] | nmap –send-ip 192.168.0.1 |
PORT SCANNING OPTIONS
Goal | command | example |
Perform a Fast Scan | nmap -F [target] | nmap -F 192.168.0.1 |
Scan Specific Ports | nmap -p [port(s)] [target] | nmap -p 21-25,80,139,8080 192.168.1.1 |
Scan Ports by Name | nmap -p [port name(s)] [target] | nmap -p ftp,http* 192.168.0.1 |
Scan Ports by Protocol | nmap -sU -sT -p U:[ports],T:[ports] [target] | nmap -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.0.1 |
Scan All Ports | nmap -p ‘*’ [target] | nmap -p ‘*’ 192.168.0.1 |
Scan Top Ports | nmap –top-ports [number] [target] | nmap –top-ports 10 192.168.0.1 |
Perform a Sequential Port Scan | nmap -r [target] | nmap -r 192.168.0.1 |
VERSION DETECTION
Goal | command | example |
Operating System Detection | nmap -O [target] | nmap -O 192.168.0.1 |
Submit TCP/IP Fingerprints | www.nmap.org/submit/ | |
Attempt to Guess an Unknown OS | nmap -O –osscan-guess [target] | nmap -O –osscan-guess 192.168.0.1 |
Service Version Detection | nmap -sV [target] | nmap -sV 192.168.0.1 |
Troubleshooting Version Scans | nmap -sV –version-trace [target] | nmap -sV –version-trace 192.168.0.1 |
Perform a RPC Scan | nmap -sR [target] | nmap -sR 192.168.0.1 |
TIMING OPTIONS
Goal | command | example |
Timing Templates | nmap -T[0-5] [target] | nmap -T3 192.168.0.1 |
Set the Packet TTL | nmap –ttl [time] [target] | nmap –ttl 64 192.168.0.1 |
Minimum # of Parallel Operations | nmap –min-parallelism [number] [target] | nmap –min-parallelism 10 192.168.0.1 |
Maximum # of Parallel Operations | nmap –max-parallelism [number] [target] | nmap –max-parallelism 1 192.168.0.1 |
Minimum Host Group Size | nmap –min-hostgroup [number] [targets] | nmap –min-hostgroup 50 192.168.0.1 |
Maximum Host Group Size | nmap –max-hostgroup [number] [targets] | nmap –max-hostgroup 1 192.168.0.1 |
Maximum RTT Timeout | nmap –initial-rtt-timeout [time] [target] | nmap –initial-rtt-timeout 100ms 192.168.0.1 |
Initial RTT Timeout | nmap –max-rtt-timeout [TTL] [target] | nmap –max-rtt-timeout 100ms 192.168.0.1 |
Maximum Retries | nmap –max-retries [number] [target] | nmap –max-retries 10 192.168.0.1 |
Host Timeout | nmap –host-timeout [time] [target] | nmap –host-timeout 30m 192.168.0.1 |
Minimum Scan Delay | nmap –scan-delay [time] [target] | nmap –scan-delay 1s 192.168.0.1 |
Maximum Scan Delay | nmap –max-scan-delay [time] [target] | nmap –max-scan-delay 10s 192.168.0.1 |
Minimum Packet Rate | nmap –min-rate [number] [target] | nmap –min-rate 50 192.168.0.1 |
Maximum Packet Rate | nmap –max-rate [number] [target] | nmap –max-rate 100 192.168.0.1 |
Defeat Reset Rate Limits | nmap –defeat-rst-ratelimit [target] | nmap –defeat-rst-ratelimit 192.168.0.1 |
FIREWALL EVASION TECHNIQUES
Goal | command | example |
Fragment Packets | nmap -f [target] | nmap -f 192.168.0.1 |
Specify a Specific MTU | nmap –mtu [MTU] [target] | nmap –mtu 32 192.168.0.1 |
Use a Decoy | nmap -D RND:[number] [target] | nmap -D RND:10 192.168.0.1 |
Idle Zombie Scan | nmap -sI [zombie] [target] | nmap -sI 192.168.0.38 192.168.0.1 |
Manually Specify a Source Port | nmap –source-port [port] [target] | nmap –source-port 1025 192.168.0.1 |
Append Random Data | nmap –data-length [size] [target] | nmap –data-length 20 192.168.0.1 |
Randomize Target Scan Order | nmap –randomize-hosts [target] | nmap –randomize-hosts 192.168.0.1-20 |
Spoof MAC Address | nmap –spoof-mac [MAC|0|vendor] [target] | nmap –spoof-mac Cisco 192.168.0.1 |
Send Bad Checksums | nmap –badsum [target] | nmap –badsum 192.168.0.1 |
OUTPUT OPTIONS
Goal | command | example |
Save Output to a Text File | nmap -oN [scan.txt] [target] | nmap -oN scan.txt 192.168.0.1 |
Save Output to a XML File | nmap -oX [scan.xml] [target] | nmap -oX scan.xml 192.168.0.1 |
Grepable Output | nmap -oG [scan.txt] [targets] | nmap -oG scan.txt 192.168.0.1 |
Output All Supported File Types | nmap -oA [path/filename] [target] | nmap -oA ./scan 192.168.0.1 |
Periodically Display Statistics | nmap –stats-every [time] [target] | nmap –stats-every 10s 192.168.0.1 |
133t Output | nmap -oS [scan.txt] [target] | nmap -oS scan.txt 192.168.0.1 |
TROUBLESHOOTING AND DEBUGGING
Goal | command | example |
Getting Help | nmap -h | nmap -h |
Display Nmap Version | nmap -V | nmap -V |
Verbose Output | nmap -v [target] | nmap -v 192.168.0.1 |
Debugging | nmap -d [target] | nmap -d 192.168.0.1 |
Display Port State Reason | nmap –reason [target] | nmap –reason 192.168.0.1 |
Only Display Open Ports | nmap –open [target] | nmap –open 192.168.0.1 |
Trace Packets | nmap –packet-trace [target] | nmap –packet-trace 192.168.0.1 |
Display Host Networking | nmap –iflist | nmap –iflist |
Specify a Network Interface | nmap -e [interface] [target] | nmap -e eth0 192.168.0.1 |
NMAP SCRIPTING ENGINE
Goal | command | example |
Execute Individual Scripts | nmap –script [script.nse] [target] | nmap –script banner.nse 192.168.0.1 |
Execute Multiple Scripts | nmap –script [expression] [target] | nmap –script ‘http-*’ 192.168.0.1 |
Script Categories | all, auth, default, discovery, external, intrusive, malware, safe, vuln | |
Execute Scripts by Category | nmap –script [category] [target] | nmap –script ‘not intrusive’ 192.168.0.1 |
Execute Multiple Script Categories | nmap –script [category1,category2,etc] | nmap –script ‘default or safe’ 192.168.0.1 |
Troubleshoot Scripts | nmap –script [script] –script-trace [target] | nmap –script banner.nse –script-trace 192.168.0.1 |
Update the Script Database | nmap –script-updatedb | nmap –script-updatedb |
扫描神器--nmap的更多相关文章
- 扫描神器nmap使用教程
总结 nmap -v 详细信息输出nmap -p 指定端口nmap -iL 扫描文件中的ipnmap -exclude 不扫描某些ipnmap -Pn 使用ping扫描,显式地关闭端口扫描,用于主机发 ...
- 扫描工具nmap介绍
NMap,也就是Network Mapper,最早是Linux下的网络扫描和嗅探工具包. 简介 nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端.确定哪些服务运行在哪些连接端,并且推 ...
- Nikto主动扫描神器!!!
Perl语言开发的开源web安全扫描器 Nikto只支持主动扫描:可扫描web服务器类型是不是最新版本(分析先版本与新版相比有哪些漏洞) 针对:1.软件版本.2.搜索存在安全隐患的文件.3.服务器配置 ...
- 网络扫描工具nmap
nmap一般就用来扫描主机是否在线(特别是扫描局域网内存活的机器).开放了哪些端口.其他的功能用的比较少,做渗透的人可能要了解的多些. 1.1 选项说明 nmap需要自行安装. shell> y ...
- 扫描工具——Nmap用法详解
Nmap使用 Nmap是主机扫描工具,他的图形化界面是Zenmap,分布式框架为Dnamp. Nmap可以完成以下任务: 主机探测 端口扫描 版本检测 系统检测 支持探测脚本的编写 Nmap在实际中应 ...
- [na]tcp&udp扫描原理(nmap常用10条命令)
nmap软件使用思路及常见用法 Nmap高级用法与典型场景 namp -sn 4种包 使用nmap -sn 查询网段中关注主机或者整个网段的IP存活状态 nmap -sn nmap针对局域网和广域网( ...
- 端口扫描工具nmap
nmap 使用介绍 nmap是目前为止最广为使用的国外端口扫描工具之一.我们可以从[url]http://www.insecure.org/[/url]进行下载,可以很容易的安装到Windows和un ...
- Linux常用网络工具:批量主机服务扫描之nmap
Linux下有很多强大网络扫描工具,网络扫描工具可以分为:主机扫描.主机服务扫描.路由扫描等. 之前已经写过常用的主机扫描和路由扫描工具,nmap支持批量主机扫描和主机服务扫描. nmap的安装直接使 ...
- 端口扫描程序nmap使用手册
其实还是建议看英文的man,对以后学习其他东西很有帮助的:) 摘要 nmap是一个网络探测和安全扫描程序,系统管理者和个人可以使用这个软件扫描大型的网络,获取那台主机正在运行以及提供什么服务等 ...
随机推荐
- 【JS点滴】substring和substr以及slice和splice的用法和区别。
那么就由一道笔试题引入吧,已知有字符串a=”get-element-by-id”,写一个function将其转化成驼峰表示法”getElementById”: var a = "get-el ...
- 网络安全事件频发,全站HTTPS势在必行
报告显示,2015年互联网应急中心发现网络安全事件超过12万起,同比增长125.9%.消息一出震惊国人. 网络安全事件频发,全站HTTPS势在必行 正如习主席所讲:“互联网给人们的生产生活带来巨大变化 ...
- Mybatis插件使用-统计sql执行时间
背景介绍:最近由于产品数据量较大,sql执行十分低效,正在做数据库优化,所以想在日志中看到每个sql执行的时间,以方便针对性的优化. 查找相关资料,了解到Mybatis有一款插件,是基于interce ...
- Quartz2D绘制路径
// 在画线的时候,方法的内部默认创建一个path.它把路径都放到了path里面去. // 1.创建路径 cgmutablepathref 调用该方法相当于创建了一个路径,这个路径用来保存绘图信息. ...
- Go语言封装Http协议GET和POST请求
本文几乎没有文字叙述: /* 有关Http协议GET和POST请求的封装 */ package net import ( "net/http" "io" &qu ...
- C#常见几道面试题
首先碰到的是这样的一首题目:计算数组{1,1,2,3,5,8.......} 第30位值,不用递归,我写出了以下这样的代码: static void Main(string[] args) { ]; ...
- c# 对文件的各种操作
C# 获取文件名及扩展名 string aFirstName = aFile.Substring(aFile.LastIndexOf("\\") + 1, (aFile.LastI ...
- Dubbox分布式框架
一:简介:前身是阿里巴巴的一个开源的项目,后来停止维护,由当当网继续维护,它致力于rpc远程的调度方案.是一个服务框架 二:执行原理图: 节点角色说明: · Provider: 暴露服务的服务提供方. ...
- ActiveMQ demo
Maven 配置文件 <dependency> <groupId>org.apache.activemq</groupId> <artifactId>a ...
- pycharm 光标快速移动到括号外或行尾
coupon = models.ForeignKey("Coupon", on_delete=models.CASCADE) pycharm中编写程序, 需要将光标快速移动到“” ...