Nmap A network detection tool and security/port scanning tools
1,namp parameters Use the document, there may be a lot of English, this time, we can use Google Docs translation, so we look easy to understand, here are some of the parameters I summed up
-sp:ping Scan, nmap in the scan port, will be used to ping scanning the surviving host-SU:UDP scan, unreliable-st:tcp scan, will record a large number of connection request data-SA: ACK scanning this advanced scanning method is typically used to penetrate the firewall's ruleset-SV: Probe Port Service operating system version-SF: Secret fin packet Scan, only set TCP fin flag bit-sn:null scan, do not set any label bit-SX: Set FIN,PSH, Urg flag bit-ss:syn semi-open scan, most do not log, the default is also the most popular one, not easy to note-p0: Scanning does not need to ping, can bypass the firewall-ir: Randomly select host Scan-V: Display information throughout the process, as well as the results-t4: speed up the execution of-on: Nmap.txt the scan results into a file-ox:nmap.txt the scan results into an XML file--iflist: Enumerate interfaces and routes-p-: Also scan all ports-F: Fast scan, limited port-r: Do not scan ports in random order-O : Operating system Detection--osscan-limit: Detection of a specific operating system--osscan-guess;--fuzzy: Speculate on operating system detection results
The six port states of the 2,nmap Open (open) receive TCP and UDP messages closed (off) receive NMAP detection messages and respond to filtered (filtered) filtering messages unreachable ports, possibly professional firewall devices, etc. The usual procedure is to discard unfiltered (unfiltered) Nmap is not sure whether open, using SYN or fin can determine whether the open port open|filtered (open or filtered) closed| Filtered (closed or filtered) if the ICMP Port unreachable error (Type 3, code 3) is returned during the scan, the port is closed (off). Other ICMP unreachable errors (Type 3, code,9, 10, or 13) indicates that the port is filtered (filtered)
3,nmap understanding of some case cases one nmap-ss-p 1-65535-v IP scan all port information for this IP case two nmap-sp Www.baidu.com/ip/24-oN Nmap.txt Specify IP segment to scan, write Nmap.txt case three nmap-p 80,1433 www.baidu.com/ip specify port to scan case four Nmap-o IP probing operating system, default also scanned port case five Nmap-a IP Full scan case six nmap-pn-a IP-PN penetration firewall full scan case seven nmap-a-t4 WWW.BAIDU.COM/IP case Eightnmap-ir-v 10000-p0-p 80 Randomly select 10000 host, avoid arson please, guess whether open 80 port, show out
4, the following is the use of Nmap script under Windows can go to http://nmap.org/nsedoc/to see the specific introduction of the script Nmap directory, the script directory, the following is the information of scripts Nmap is one of the best features of Nmap, Includes vulnerability scan, service scan, etc.
Nmap www.biadu.com--script-Script-v Display information-* scan use all scripts-http-* scan all scripts using HTTP Nmap all www.baidu.com All scripts can be loaded Nmap uses scripts to switch directories in Kali cd/usr/local/sharecd NMAPCD script we can see all the scripts nmap-p 3306--script =mysql-info.use 1.1.1.250 (We can find the script type) view version information NMAP-SV IP View what service is above Nmap IP--script=smb-psexec.nse ... We can check to see if there are any parameters in the script to prevent errors when running. Nmap-s 1.1.1.5-e eth0 1.1.1.100 hide their IP address, false out a 1.1.1.5 sent to 1.1.1.100 packet IP address spoofing We can use Wireshark Grab package view
From for notes (Wiz)
Use of Nmap 2
