nmap简单使用
探测同网段ip的存活及开放端口很方便-nmap,行千里者半九十,在于恒心!
Nmap 7.40 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/, 192.168.0.1; 10.0.-255.1-
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from filHOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan //探测主机在线
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-; -p U:,,,T:-,,,,S:
--exclude-ports <port ranges>: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports consecutively - don't randomize
--top-ports <number>: Scan <number> most common ports
--port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity <level>: Set from (light) to (try all probes)
--version-light: Limit to most likely probes (intensity )
--version-all: Try every single probe (intensity )
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma-separated list of script-files or
script-categories.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<->: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate <number>: Send packets no slower than <number> per second
--max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
--data <hex string>: Append a custom payload to sent packets
--data-string <string>: Append a custom ASCII string to sent packets
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-oA <basename>: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume <filename>: Resume an aborted scan
--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir <dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.
EXAMPLES:
nmap -v -A scanme.nmap.org
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80
nmap -sn 192.168.0.0/24
nmap -sS 192.168.0.0/24
nmap -sS -p 1-65535 192.168.0.0/24
nmap -sS -p 1-1000 -sV 192.168.0.0/24
nmap简单使用的更多相关文章
- [推荐] 网络侦查工具 NMAP 简单入门
[推荐] 网络侦查工具 NMAP 简单入门 # 前言 作为一只运维开发,总是避不开要和网络打交道的.尤其是当自身能力到达瓶颈,开始从事云计算以求突破.会有搭建多台虚拟机的需要,这时候如果在手工的查询 ...
- nmap简单使用方法
1.作用扫描整个网络的主机服务状态和存活优点,快速,准确,效率高2.nmap 选项 Usage: nmap [Scan Type(s)] [Options] {target specification ...
- Nmap简单的漏扫
转载至 https://www.4hou.com/technology/10481.html 导语:Nmap本身内置有丰富的NSE脚本,可以非常方便的利用起来,当然也可以使用定制化的脚本完成个人的 ...
- Nmap简单扫描
Nmap所识别的6个端口状态. open(开放的) 应用程序正在该端口接收TCP 连接或者UDP报文.发现这一点常常是端口扫描 的主要目标.安全意识强的人们知道每个开放的端口 都是攻击的入口.攻击者或 ...
- Nmap 简单功能介绍/TCP Header/常见端口
Nmap:Network Mapper,网络扫描和嗅探的工具包 基本功能有3个: 1.扫描主机端口,嗅探所提供的网络服务 2.探测一组主机是否在线 3.推断主机所用的操作系统,到达主机经过的路由,系统 ...
- NMAP 基本用法
Nmap 用途: 1.通过对设备或者防火墙的探测来审计它的安全性. 2.探测目标主机所开放的端口. 3.网络存储,网络映射,维护和资产管理.(这个有待深入) 4.通过识别新的服务器审计网络的安全性. ...
- NMAP 基础教程
原文地址: http://drops.wooyun.org/tips/2002 0x00 nmap 介绍 Nmap (网络映射器)是由 Gordon Lyon设计,用来探测计算机网络上的主机和服务的 ...
- nmap 高级扫描用法
nmap提供了四项基本功能(主机发现.端口扫描.服务与版本侦测.OS侦测)及丰富的脚本库.Nmap既能应用于简单的网络信息扫描,也能用在高级.复杂.特定的环境中:例如扫描互联网上大量的主机:绕开防火墙 ...
- Nmap在实战中的高级用法
Nmap提供了四项基本功能(主机发现.端口扫描.服务与版本侦测.OS侦测)及丰富的脚本库.Nmap既能应用于简单的网络信息扫描,也能用在高级.复杂.特定的环境中:例如扫描互联网上大量的主机:绕开防火墙 ...
随机推荐
- js遍历Object所有属性
在js中经常需要知道Object中的所有属性及值,然而若是直接弹出Object,则是直接显示一个对象,它的属性和值没有显示出来, 不是我们想要的结果,从而需要遍历Object的所有属性. var ob ...
- js时间戳怎么转成日期格式
原文地址:http://www.sufeinet.com/thread-1500-1-1.html js时间戳怎么转成日期格式这个在主群里有朋友§☆釺哖蟲...o问js时间戳怎么转成日期格式 ,他的问 ...
- Ios开发之多线程编程——NSThread
IOS程序在运行的时候是通过主线程来进行UI视图的更新和响应屏幕触摸事件,但是,在视图更新的时候,会有一些非常耗时的工作,这样我们会出现系统出现卡顿的现象,这是因为主线程堵塞造成的,这样会使用户体验非 ...
- 谁为你的app捡肥皂
2048奇迹,是大多数个人开发者的梦寐以求的期望.而做出flappy bird这样跨时代的游戏,则能够让我们赚的盆满钵满.那么我们怎么样使我们app与众不同,脱颖而出了. 我们这些凡夫俗子程序员们,对 ...
- 解剖android中的闹钟app 一
首先,看一看android市场上有哪些主流的闹钟app了,我们来进行一个简单的评测: 一.正点闹钟 这是一款源自金山技术的闹钟app,其主力创始团队都是来自于金山,其装机量,下载量都是排名第一.老样子 ...
- Kafka:ZK+Kafka+Spark Streaming集群环境搭建(二十四)Structured Streaming:Encoder
一般情况下我们在使用Dataset<Row>进行groupByKey时,你会发现这个方法最后一个参数需要一个encoder,那么这些encoder如何定义呢? 一般数据类型 static ...
- 深入理解FFM原理与实践
原文:http://tech.meituan.com/deep-understanding-of-ffm-principles-and-practices.html 深入理解FFM原理与实践 del2 ...
- JqueryValidate表单相同Name不校验问题解决
在使用Jquery validate中遇到一个问题,当表单元素有name相同字段时,validate只校验表单元素name第一个值是否通过校验,比如 <input type="text ...
- rabbitMQ在linux上安装
语言环境安装 一.编译安装方式 1.依赖环境的安装-如果需要用编译安装erlang语言环境,需要安装C++编译. yum -y install make gcc gcc-c++ kernel-deve ...
- [Spring Boot] @Component, @AutoWired and @Primary
Spring boot is really good for Dependencies injection by using Autowiring. Each class instancse in s ...