扫描神器--nmap
BASIC SCANNING TECHNIQUES
Goal | command | example |
Scan a Single Target | nmap [target] | nmap 192.168.0.1 |
Scan Multiple Targets | nmap [target1, target2, etc] | nmap 192.168.0.1 192.168.0.2 |
Scan a List of Targets | nmap -iL [list.txt] | nmap -iL targets.txt |
Scan a Range of Hosts | nmap [range of ip addresses] | nmap 192.168.0.1-10 |
Scan an Entire Subnet | nmap [ip address/cdir] | nmap 192.168.0.1/24 |
Scan Random Hosts | nmap -iR [number] | nmap -iR 0 |
Excluding Targets from a Scan | nmap [targets] –exclude [targets] | nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.200 |
Excluding Targets Using a List | nmap [targets] –excludefile [list.txt] | nmap 192.168.0.1/24 –excludefile notargets.txt |
Perform an Aggressive Scan | nmap -A [target] | nmap -A 192.168.0.1 |
Scan an IPv6 Target | nmap -6 [target] | nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2afe |
DISCOVERY OPTIONS
Goal | command | example |
Perform a Ping Only Scan | nmap -sP [target] | nmap -sP 192.168.0.1 |
Don’t Ping | nmap -PN [target] | nmap -PN 192.168.0.1 |
TCP SYN Ping | nmap -PS [target] | nmap -PS 192.168.0.1 |
TCP ACK Ping | nmap -PA [target] | nmap -PA 192.168.0.1 |
UDP Ping | nmap -PU [target] | nmap -PU 192.168.0.1 |
SCTP INIT Ping | nmap -PY [target] | nmap -PY 192.168.0.1 |
ICMP Echo Ping | nmap -PE [target] | nmap -PE 192.168.0.1 |
ICMP Timestamp Ping | nmap -PP [target] | nmap -PP 192.168.0.1 |
ICMP Address Mask Ping | nmap -PM [target] | nmap -PM 192.168.0.1 |
IP Protocol Ping | nmap -PO [target] | nmap -PO 192.168.0.1 |
ARP Ping | nmap -PR [target] | nmap -PR 192.168.0.1 |
Traceroute | nmap –traceroute [target] | nmap –traceroute 192.168.0.1 |
Force Reverse DNS Resolution | nmap -R [target] | nmap -R 192.168.0.1 |
Disable Reverse DNS Resolution | nmap -n [target] | nmap -n 192.168.0.1 |
Alternative DNS Lookup | nmap –system-dns [target] | nmap –system-dns 192.168.0.1 |
Manually Specify DNS Server(s) | nmap –dns-servers [servers] [target] | nmap –dns-servers 201.56.212.54 192.168.0.1 |
Create a Host List | nmap -sL [targets] | nmap -sL 192.168.0.1/24 |
ADVANCED SCANNING OPTIONS
Goal | command | example |
TCP SYN Scan | nmap -sS [target] | nmap -sS 192.168.0.1 |
TCP Connect Scan | nmap -sT [target] | nmap -sT 192.168.0.1 |
UDP Scan | nmap -sU [target] | nmap -sU 192.168.0.1 |
TCP NULL Scan | nmap -sN [target] | nmap -sN 192.168.0.1 |
TCP FIN Scan | nmap -sF [target] | nmap -sF 192.168.0.1 |
Xmas Scan | nmap -sX [target] | nmap -sX 192.168.0.1 |
TCP ACK Scan | nmap -sA [target] | nmap -sA 192.168.0.1 |
Custom TCP Scan | nmap –scanflags [flags] [target] | nmap –scanflags SYNFIN 192.168.0.1 |
IP Protocol Scan | nmap -sO [target] | nmap -sO 192.168.0.1 |
Send Raw Ethernet Packets | nmap –send-eth [target] | nmap –send-eth 192.168.0.1 |
Send IP Packets | nmap –send-ip [target] | nmap –send-ip 192.168.0.1 |
PORT SCANNING OPTIONS
Goal | command | example |
Perform a Fast Scan | nmap -F [target] | nmap -F 192.168.0.1 |
Scan Specific Ports | nmap -p [port(s)] [target] | nmap -p 21-25,80,139,8080 192.168.1.1 |
Scan Ports by Name | nmap -p [port name(s)] [target] | nmap -p ftp,http* 192.168.0.1 |
Scan Ports by Protocol | nmap -sU -sT -p U:[ports],T:[ports] [target] | nmap -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.0.1 |
Scan All Ports | nmap -p ‘*’ [target] | nmap -p ‘*’ 192.168.0.1 |
Scan Top Ports | nmap –top-ports [number] [target] | nmap –top-ports 10 192.168.0.1 |
Perform a Sequential Port Scan | nmap -r [target] | nmap -r 192.168.0.1 |
VERSION DETECTION
Goal | command | example |
Operating System Detection | nmap -O [target] | nmap -O 192.168.0.1 |
Submit TCP/IP Fingerprints | www.nmap.org/submit/ | |
Attempt to Guess an Unknown OS | nmap -O –osscan-guess [target] | nmap -O –osscan-guess 192.168.0.1 |
Service Version Detection | nmap -sV [target] | nmap -sV 192.168.0.1 |
Troubleshooting Version Scans | nmap -sV –version-trace [target] | nmap -sV –version-trace 192.168.0.1 |
Perform a RPC Scan | nmap -sR [target] | nmap -sR 192.168.0.1 |
TIMING OPTIONS
Goal | command | example |
Timing Templates | nmap -T[0-5] [target] | nmap -T3 192.168.0.1 |
Set the Packet TTL | nmap –ttl [time] [target] | nmap –ttl 64 192.168.0.1 |
Minimum # of Parallel Operations | nmap –min-parallelism [number] [target] | nmap –min-parallelism 10 192.168.0.1 |
Maximum # of Parallel Operations | nmap –max-parallelism [number] [target] | nmap –max-parallelism 1 192.168.0.1 |
Minimum Host Group Size | nmap –min-hostgroup [number] [targets] | nmap –min-hostgroup 50 192.168.0.1 |
Maximum Host Group Size | nmap –max-hostgroup [number] [targets] | nmap –max-hostgroup 1 192.168.0.1 |
Maximum RTT Timeout | nmap –initial-rtt-timeout [time] [target] | nmap –initial-rtt-timeout 100ms 192.168.0.1 |
Initial RTT Timeout | nmap –max-rtt-timeout [TTL] [target] | nmap –max-rtt-timeout 100ms 192.168.0.1 |
Maximum Retries | nmap –max-retries [number] [target] | nmap –max-retries 10 192.168.0.1 |
Host Timeout | nmap –host-timeout [time] [target] | nmap –host-timeout 30m 192.168.0.1 |
Minimum Scan Delay | nmap –scan-delay [time] [target] | nmap –scan-delay 1s 192.168.0.1 |
Maximum Scan Delay | nmap –max-scan-delay [time] [target] | nmap –max-scan-delay 10s 192.168.0.1 |
Minimum Packet Rate | nmap –min-rate [number] [target] | nmap –min-rate 50 192.168.0.1 |
Maximum Packet Rate | nmap –max-rate [number] [target] | nmap –max-rate 100 192.168.0.1 |
Defeat Reset Rate Limits | nmap –defeat-rst-ratelimit [target] | nmap –defeat-rst-ratelimit 192.168.0.1 |
FIREWALL EVASION TECHNIQUES
Goal | command | example |
Fragment Packets | nmap -f [target] | nmap -f 192.168.0.1 |
Specify a Specific MTU | nmap –mtu [MTU] [target] | nmap –mtu 32 192.168.0.1 |
Use a Decoy | nmap -D RND:[number] [target] | nmap -D RND:10 192.168.0.1 |
Idle Zombie Scan | nmap -sI [zombie] [target] | nmap -sI 192.168.0.38 192.168.0.1 |
Manually Specify a Source Port | nmap –source-port [port] [target] | nmap –source-port 1025 192.168.0.1 |
Append Random Data | nmap –data-length [size] [target] | nmap –data-length 20 192.168.0.1 |
Randomize Target Scan Order | nmap –randomize-hosts [target] | nmap –randomize-hosts 192.168.0.1-20 |
Spoof MAC Address | nmap –spoof-mac [MAC|0|vendor] [target] | nmap –spoof-mac Cisco 192.168.0.1 |
Send Bad Checksums | nmap –badsum [target] | nmap –badsum 192.168.0.1 |
OUTPUT OPTIONS
Goal | command | example |
Save Output to a Text File | nmap -oN [scan.txt] [target] | nmap -oN scan.txt 192.168.0.1 |
Save Output to a XML File | nmap -oX [scan.xml] [target] | nmap -oX scan.xml 192.168.0.1 |
Grepable Output | nmap -oG [scan.txt] [targets] | nmap -oG scan.txt 192.168.0.1 |
Output All Supported File Types | nmap -oA [path/filename] [target] | nmap -oA ./scan 192.168.0.1 |
Periodically Display Statistics | nmap –stats-every [time] [target] | nmap –stats-every 10s 192.168.0.1 |
133t Output | nmap -oS [scan.txt] [target] | nmap -oS scan.txt 192.168.0.1 |
TROUBLESHOOTING AND DEBUGGING
Goal | command | example |
Getting Help | nmap -h | nmap -h |
Display Nmap Version | nmap -V | nmap -V |
Verbose Output | nmap -v [target] | nmap -v 192.168.0.1 |
Debugging | nmap -d [target] | nmap -d 192.168.0.1 |
Display Port State Reason | nmap –reason [target] | nmap –reason 192.168.0.1 |
Only Display Open Ports | nmap –open [target] | nmap –open 192.168.0.1 |
Trace Packets | nmap –packet-trace [target] | nmap –packet-trace 192.168.0.1 |
Display Host Networking | nmap –iflist | nmap –iflist |
Specify a Network Interface | nmap -e [interface] [target] | nmap -e eth0 192.168.0.1 |
NMAP SCRIPTING ENGINE
Goal | command | example |
Execute Individual Scripts | nmap –script [script.nse] [target] | nmap –script banner.nse 192.168.0.1 |
Execute Multiple Scripts | nmap –script [expression] [target] | nmap –script ‘http-*’ 192.168.0.1 |
Script Categories | all, auth, default, discovery, external, intrusive, malware, safe, vuln | |
Execute Scripts by Category | nmap –script [category] [target] | nmap –script ‘not intrusive’ 192.168.0.1 |
Execute Multiple Script Categories | nmap –script [category1,category2,etc] | nmap –script ‘default or safe’ 192.168.0.1 |
Troubleshoot Scripts | nmap –script [script] –script-trace [target] | nmap –script banner.nse –script-trace 192.168.0.1 |
Update the Script Database | nmap –script-updatedb | nmap –script-updatedb |
扫描神器--nmap的更多相关文章
- 扫描神器nmap使用教程
总结 nmap -v 详细信息输出nmap -p 指定端口nmap -iL 扫描文件中的ipnmap -exclude 不扫描某些ipnmap -Pn 使用ping扫描,显式地关闭端口扫描,用于主机发 ...
- 扫描工具nmap介绍
NMap,也就是Network Mapper,最早是Linux下的网络扫描和嗅探工具包. 简介 nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端.确定哪些服务运行在哪些连接端,并且推 ...
- Nikto主动扫描神器!!!
Perl语言开发的开源web安全扫描器 Nikto只支持主动扫描:可扫描web服务器类型是不是最新版本(分析先版本与新版相比有哪些漏洞) 针对:1.软件版本.2.搜索存在安全隐患的文件.3.服务器配置 ...
- 网络扫描工具nmap
nmap一般就用来扫描主机是否在线(特别是扫描局域网内存活的机器).开放了哪些端口.其他的功能用的比较少,做渗透的人可能要了解的多些. 1.1 选项说明 nmap需要自行安装. shell> y ...
- 扫描工具——Nmap用法详解
Nmap使用 Nmap是主机扫描工具,他的图形化界面是Zenmap,分布式框架为Dnamp. Nmap可以完成以下任务: 主机探测 端口扫描 版本检测 系统检测 支持探测脚本的编写 Nmap在实际中应 ...
- [na]tcp&udp扫描原理(nmap常用10条命令)
nmap软件使用思路及常见用法 Nmap高级用法与典型场景 namp -sn 4种包 使用nmap -sn 查询网段中关注主机或者整个网段的IP存活状态 nmap -sn nmap针对局域网和广域网( ...
- 端口扫描工具nmap
nmap 使用介绍 nmap是目前为止最广为使用的国外端口扫描工具之一.我们可以从[url]http://www.insecure.org/[/url]进行下载,可以很容易的安装到Windows和un ...
- Linux常用网络工具:批量主机服务扫描之nmap
Linux下有很多强大网络扫描工具,网络扫描工具可以分为:主机扫描.主机服务扫描.路由扫描等. 之前已经写过常用的主机扫描和路由扫描工具,nmap支持批量主机扫描和主机服务扫描. nmap的安装直接使 ...
- 端口扫描程序nmap使用手册
其实还是建议看英文的man,对以后学习其他东西很有帮助的:) 摘要 nmap是一个网络探测和安全扫描程序,系统管理者和个人可以使用这个软件扫描大型的网络,获取那台主机正在运行以及提供什么服务等 ...
随机推荐
- APP---发布动态、朋友圈类似,多张图片动响应式正方形展示布局 vue.js,aui.css,apiclouv
环境:vue.js,aui.css,apicloud 1.没做控制之前.图片真实长度宽度. 2.下面用js控制高度 js部分 //js 部分 //先动态的获取属性宽度 var box4_col3 = ...
- angular项目使用Swiper组件Loop时 ng-click点击事件失效处理方法
在Angular项目中,使用swiper组件进行轮播展示时,存在将swper的loop设置为true时,部分页面的ng-click失效. 原因:将swiper中的looper设置为true时,为了视觉 ...
- .NET世界的包管理器——Nuget
NugetServer 使用指南 为什么要使用Nuget 在我们的项目, 存在着一些公共Dll, 这些Dll被大量的项目所引用.同时这些公共dll也同时在进行版本升级, 由于缺乏版本管理,这些Dll会 ...
- find the most comfortable road(hdu1598)不错的并查集
find the most comfortable road Time Limit: 1000/1000 MS (Java/Others) Memory Limit: 32768/32768 K ...
- 数据定义语句(DDL语句)
建立表 create table 表名( 字段名1 类型, 字段名2 类型, ........ 字段名n 类型): 类型有: char(n) 是一个类型,叫定长字符串,数据不够就补空格 v ...
- node.js(express)连接mongoDB入门指导
一.写在前面 人人都想成为全栈码农,作为一个web前端开发人员,通往全栈的简洁之路,貌似就是node.js了.前段时间学习了node.js,来谈谈新手如何快速的搭建自己的web服务,开启全栈之路. 二 ...
- js-ES6学习笔记-Class(5)
1.原生构造函数会忽略apply方法传入的this,也就是说,原生构造函数的this无法绑定,导致拿不到内部属性.比如,Array构造函数有一个内部属性[[DefineOwnProperty]],用来 ...
- CentOS7下安装caffe(包括ffmpeg\boost\opencv)
因为有项目想采用深度学习,而caffe是深度学习框架中比较理想的一款,并且跨平台,以及可以采用python/matlab的方式进行调用等优势,所以想在服务器上安装,下面就开始了血泪史... 服务器是阿 ...
- profile,bashrc,.bash_profile,.bash_login,.profile,.bashrc,.bash_logout浅析 Part 2
profile,bashrc,.bash_profile,.bash_login,.profile,.bashrc,.bash_logout浅析 Part 2 by:授客 QQ:103355312 ...
- Android--解决EditText放到popupWindow中,原有复制、粘贴、全选、选择功能失效问题
1.原来是将EditView放到了popupwindow,发现EditView原有的复制.粘贴.全选.选择功能失效了,所以便用DialogFragment代替了popupWindow 直接上代码 ①. ...