About Nmap all the parameters _kali

In Kali, you can directly enter Nmap to view the corresponding parameter information. The explanations for each parameter are directly below.

Target Specification Goal Description:

-il <inputfilename>: Specifies a file containing multiple host IP addresses

-ir <num hosts>: Randomly select the IP address, you need to enter the appropriate number of hosts

--exclude

--excludefile <EXCLUDE_FILE>: Excluding host IP in scanned files



Host Discovery hosts Discovery:

-SL: Simply list the target of the scan

-SN: Do not do port scan, only host discovery

-PN: All hosts are default to online, skip host discovery

-ps/pa/pu/py[portlist]: Use TCP, Syn/ack, UDP, or SCTP to discover ports

-PE/PP/PM: Discovery of probes using ICMP response (ECHO), timestamp, or subnet mask requests

-po[protocol List]: Ping using IP protocol

-N: Do not do DNS resolution

-R: Always do DNS reverse parsing

--dns-servers <serv1[,serv2],...: Specifying a custom DNS server

--system-dns: Using the operating system's DNS

--traceroute: Track each host's Jump path



SCAN Techniques Scanning Technology:

-SS/ST/SA/SW/SM: Scan using TCP SYN, fully connected connect (), ACK, Window, Maimon

-SU:UDP Scan

-SN/SF/SX: Using TCP Null, FIN, Xmas (including Fin, Push, Urgent) scans

--scanflags <flags>: Flags for custom TCP scans

-si <zombie host[:p robeport]>: Zombie Machine Scan

-sy/sz: Init/cookie-echo Scan using the SCTP protocol

-SO: IP protocol scanning

-B <ftp relay HOST>: Specifying FTP Rebound scan for FTP relay host





Port specification and SCAN Order ports description and Scan rules:

-P <port ranges>: Scan only specified ports

--exclude-ports <port Ranges>: Excluding the specified port and not scanning it

-F: Fast mode, scanning ports with fewer ports than the default number

-R: Scan ports in an orderly manner instead of randomly scanning

--top-ports <number>: Scan the most commonly used ports of the first few digits specified

--port-ratio <ratio>: Scans more commonly used ports than the input proportions



Service/version detection Services, version probes:

-SV: Probe open ports for service, version information

--version-intensity <level>: Set the strength of the probe service, version information

--version-light: Intensity of 2 detection intensity

--version-all: Intensity of 9 detection intensity

--version-trace: Displays the specific process of the scan



Script Scan Scan:

-SC: Equal to--script=default

--script=<lua scripts>: Specify to scan using Lua scripts

--script-args=<n1=v1,[n2=v2,...] Specify the parameters of the script

--script-args-file=filename: Specifies the file that provides script parameters

--script-trace: Display all sent and received data

--script-updatedb: Database for updating scripts

--script-help=<lua Scripts>: Displaying information about scripts



OS Detection System Probes:

-O: Conducting system probes

--osscan-limit: Limits the target of system probing, such as only to detect Linux system

--osscan-guess: More aggressive guessing system



TIMING and performance timing and performance:

-t<0-5>: Set the time series module, the higher the faster

--min-hostgroup/max-hostgroup <size>: Specifies the minimum and maximum parallel host scan Group size

--min-parallelism/max-parallelism <numprobes>: Specify minimum and maximum number of parallel probes

--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specify the minimum and maximum scan round trip time

--max-retries <tries>: Specifies the maximum number of rescan packets

--host-timeout <time>: Specifying timeout time

--scan-delay/--max-scan-delay <time>: Specifies how long each probe delay, that is, how much time interval between two probes

--min-rate <NUMBER>: Minimum contract rate

--max-rate <NUMBER>: Maximum contract rate



Firewall/ids evasion and spoofing firewalls, IDS bypassing and spoofing:

-F; --MTU <val>: Set MTU Maximum transmission unit

-D <decoy1,decoy2[,me],...: Fake multiple IP addresses and source addresses to send packets together, hiding in a number of IP addresses and not easily found

-S <ip_address>: Forge Source Address

-e <iface>: Using the specified interface

-g/--source-port <portnum>: Using the specified source port

--proxies <url1,[url2],...: Specify proxy server for scanning

--data

--data-string <string>: Appending a custom ASCII string to the data field of the sending package

--data-length <num>: Append random data to the data field of the packet sent

--ip-options <options>: Sending a package with the specified IP option

--ttl <val>: setting TTL value

--spoof-mac <mac Address/prefix/vendor name>: Forge Source MAC Address

--badsum: Sending spoofed TCP/UDP/SCTP checksum checksum packets



Output outputs:

-on/-ox/-os/-og <file>: Output Normal, XML, S|<ript kIddi3, grepable format scan results to the specified file

-oa <basename>: One-time output in three formats

-V: Increased level of detail (using VV more detail)

-D: Improve debug level (use DD higher)

--reason: Shows why the port is in a specific state

--open: Only open (or possibly open) ports are displayed

--packet-trace: Displays all packets sent and received

--iflist: Output host interfaces and routes (for debugging)

--append-output: Append to the specified output file, not garbled

--resume <filename>: Resuming a terminated scan from a specified file

--stylesheet <path/url>: Converts the XSL style sheet of the URL of the specified path to XML output to HTML format

--webxml: Get more convenient XML reference styles

--no-stylesheet: Prevents the w/xml output of an XSL style sheet



Misc Miscellaneous:

-6: Scan IPV6 's address

-A: One scan contains system probes, version probes, script scans, and trace scans

--datadir <dirname>: Specifying a custom nmap data file location

--SEND-ETH/--SEND-IP: Send using original Ethernet frame or IP packet

--privileged: Assume that the user has full permissions

--unprivileged: Assuming the user lacks original socket permissions

-V: Output version number

-H: Output Help information