(1) obtain the system type and open port of the remote host
NMAP-SS-P0-SV-O <target>
<Target> can be a single IP address, host name, domain name, or subnet.
-Ss tcp syn scan (also known as semi-open or stealth scan)
-P0 allows you to Disable ICMP pings.
-SV: Enable System Version Detection
-O attempts to identify remote operating systems
Other options:
-A: Enable the operating system fingerprint and version detection at the same time.
-V: Output Scan details.
NMAP-SS-P0-a-v <target>
(2) list hosts with specified ports Enabled
NMAP-St-P 80-og-192.168.1. * | grep open
(3) Search for all online hosts on the network
NMAP-SP 192.168.0 .*
You can also use the following command:
NMAP-SP 192.168.0.0/24
Specify Subnet
(4) ping the IP address within the specified range
NMAP-SP 192.168.1.100-254
(5) Search for unused IP addresses on a subnetwork
NMAP-T4-SP 192.168.2.0/24 & egrep "00: 00: 00: 00: 00: 00"/proc/NET/ARP
(6) scan for the Conficker worm on the LAN
NMAP-PN-T4-p139, 445-n-V -- script = SMB-check-vulns -- script-ARGs safe = 1 192.168.0.1-254
(7) scan the malicious access point (ROGUE APs) on the network ).
NMAP-a-p1-85, 113,443,808 0-8100-T4 -- Min-hostgroup 50 -- Max-RTT-Timeout 2000 -- Initial-RTT-Timeout 300 -- Max-retries 3 -- Host-Timeout 20 m -- Max-Scan -Delay 1000-oa wapscan 10.0.0.0/8
(8) scan host ports using bait scanning methods
Sudo NMAP-SS 192.168.0.10-D 192.168.0.2
(9) List reverse DNS records for a subnet
NMAP-r-Sl 209.85.229.99/27 | awk {if ($3 = "not") print "(" $2 ") No PTR "; else Print $3 "is" $2} | grep (
(10) How many Linux and win devices are displayed on the network?
sudo NMAP-f-o 192.168.0.1-255 | grep "running:">/tmp/OS; echo "$ (CAT/tmp/OS | grep Linux | WC-l) Linux device (s )"; echo "$ (CAT/tmp/OS | grep windows | WC-l) window (s) device"