Nmap, also known as Network Mapper,nmap, is a powerful scanner that is often used in cybersecurity penetration testing, which is powerful and self-evident. Here are some of its scanning commands. Specifically, we have to rely on everyone to learn, because it is too strong .
1) Get the system type and open port of the remote host
Nmap-ss-p0-sv-o <target>
Here the < target > can be a single IP, or hostname, or domain name, or subnet
-ss TCP SYN Scan (also known as semi-open, or stealth scan)
-P0 allows you to turn off ICMP pings.
-SV Open System version detection
-O attempt to identify the remote operating system
Other options:
-a simultaneously turns on operating system fingerprint and version detection
-v Verbose output scan condition.
2) List of hosts that have opened the specified port
Nmap-st-p 80-og–192.168.1.* | grep Open
3) Find all online hosts on the web
NMAP-SP 192.168.0.*
Or you can also use the following command:
NMAP-SP 192.168.0.0/24
Specify subnet
4) Ping The IP address within the specified range
NMAP-SP 192.168.1.100-254
5) Find an unoccupied IP on a satin web
NMAP-T4-SP 192.168.2.0/24 && egrep "00:00:00:00:00:00″/proc/net/arp
6) Scan for Conficker worm on LAN
Nmap-pn-t4-p139,445-n-v–script=smb-check-vulns–script-args safe=1 192.168.0.1-254
7) Scan the rogue access point (Rogue APs) on the network.
Nmap-a-p1-85,113,443,8080-8100-t4–min-hostgroup 50–max-rtt-timeout2000–initial-rtt-timeout 300–max-retries 3–host -timeout 20m–max-scan-delay 1000-oa Wapscan 10.0.0.0/8
8) Use the Decoy scan method to scan the host port
sudo nmap-ss 192.168.0.10-d 192.168.0.2
9) List the reverse DNS records for a single subnet
Nmap-r-SL 209.85.229.99/27 | awk ' {if ($3== "not") print "(" $2″) no PTR "; Else Print$3″is" | grep ' ('
10) How many Linux and Win devices are there on the network?
sudo nmap-f-o 192.168.0.1-255 | grep "Running:" >/tmp/os; echo "$ (Cat/tmp/os | grep Linux | WC-L) Linux device (s) "; echo "$ (Cat/tmp/os | grep Windows | wc-l) window (s) device "
10 Common scan commands for Nmap