Introduction to nmap

Source: Internet
Author: User
Tags ftp transfer
Target Specification: the host name, IP address, network, and other examples can be used: scanme.nmap.org, region, (0 is not limited...

 

Target specification:

You can use host names, IP addresses, and networks.

Example: scanme.nmap.org, dream4.org/24, 192.168.0.1; 10.0.0-255.1-254

-IL : Obtain the host or network from a specified file

-IR : Select a host randomly (0 does not limit the number of scan hosts)

-- Exclude : Exclude the specified host or network

-- Excludefile : Obtain excluded hosts or networks from a specified file

 

Host discovery:

-SL: list scan-a simple list of targets to be scanned (no packets are sent to the target host)

-SP: Ping scan-only ping scan is performed to find the target host. No other operations are performed.

-PN: set all hosts to online status -- skip host status detection

-PS/PA/PU [portlist]: specify SYN (tcp syn Ping)/ACK (tcp ack Ping)/UPD (UDP Ping) to scan the specified port

-PE/PP/PM: detects ICMP echo, time mark, and network mask

-PO [protocol list]: detects network protocols supported by hosts.

-N/-R: DNS resolution is never performed. [default: sometimes]

-- Dns-servers : Custom DNS server

-- System-dns: Operating system DNS resolution

 

Port scanning technology:

-SS/sT/sA/sW/sM: tcp syn/Connect ()/ACK/Window/Maimon scan

-SU: UDP scan

-SN/sF/sX: TCP null does not set any flag bit (tcp flag header is 0), FIN (only tcp fin flag bit), Xmas (set FIN, PSH, and URG flag) scan

-- Scanflags : Custom scan flag

-SI : Idle scan

-SO: IP protocol scan to determine which IP protocols (TCP, ICMP, IGMP, etc.) are supported by the target machine)

-B : FTP transfer scan

-- Traceroute: route tracing to track the jump address of each host

-- Reason: displays the specific status of each port.

 

Port description and scan instance:

-P : Scan only the specified port

Example:-p22;-p1-65535;-p U: 53,111,137, T: 21-25, 80

-F: quick mode-scan common ports

-R: ports are not scanned randomly.

-- Top-ports : Scan <数量> The most common port

-- Port-ratio : Scan the most common port <比率>

 

Service/Version detection:

-SV: detects service/version information from open ports

-- Version-intensity : Set scan intensity 0 (high) to 9 (try all probes)

-- Version-light: enable lightweight mode (intensity 2)

-- Version-all: ensure that all test methods are attempted on each port.

-- Version-trace: displays debugging information about a scanning task.

 

Script scan:

-SC: equivalent to using the default script -- script = default

-- Script = : Use commas to separate the list, directory list, script file, or script class

-- Script-args = : Provide script parameters

-- Script-trace: displays all sent and received data.

-- Script-updatedb: updates the script database.

 

Operating system detection:

-O: enable OS detection

-- Osscan-limit: detects the specified target operating system.

-- Osscan-guess: the OS that best matches the prediction

 

Time and performance:

The option is in milliseconds, unless you append 's' (seconds), 'M' (minutes), or 'H' (hours)

-T [0-5]: Set the time template (the faster the process)

-- Min-hostgroup/max-hostgroup : Adjust the parallel scan group size

-- Min-parallelism/max-parallelism: Adjust the concurrency of the test packets.

-- Min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout: Specify the probe timeout.

-- Max-retries : Specify the maximum number of retries

-- Host-timeout: Give up if the target does not respond within the specified time

-- Scan-delay/-- max-scan-delay: Adjust the detection latency

-- Min-rate : The number of sent data packets is not lower Per second

-- Max-rate : The number of sent data packets is no higher Per second

 

Firewall/IDS avoidance and spoofing:

-F; -- mtu : Packet segmentation (using the specified MTU)

-D : Use bait for hidden scanning

-S : Source address spoofing

-E : Use the specified interface

-G/-- source-port : Source port spoofing

-- Data-length : Random packet attachment and send

-- Ip-options : Send data packets with the specified IP option

-- Ttl : Set the IP time-to-live domain

-- Spoof-mac : MAC address spoofing

-- Badsum: send forged TCP/UDP packets

 

Output:

-ON/-oX/-OS/-oG : Standard output of scan reports, XML output, s |

-OA : Output to all formats

-V: improves the details of output information.

-D [level]: raise or set the debugging level (9 is recommended)

-- Open: only open ports are displayed.

-- Packet-trace: displays all sent and received packets.

-- Iflist: lists interfaces and routes (debugging)

-- Log-errors: saves Error Records/warnings to specified files.

-- Append-output: append to the specified output file.

-- Resume : Continue to suspend scanning

-- Stylesheet : Set the XSL style sheet and convert the XML output

-- Webxml: See the WEBXML style sheet provided by Nmap. Org.

-- No-stylesheet: ignore the XSL style sheet declared in XML

 

Miscellaneous:

-6: enable IPv6 scanning

-A: High-intensity scan mode options

-- Datadir : Specifies the Nmap data file location.

-- Send-eth/-- send-ip: use the original Ethernet frame or the original IP address to send data packets.

-- Privileged: assume that the user has all permissions.

-- Unprivileged: assume that the user does not have the original socket privilege.

-V: displays the version number.

-H: output help information

 

Instance:

Nmap-v-A scanme.dream4.org

Nmap-v-sP 192.168.0.0/16 10.0.0.0/8

Nmap-v-iR 10000-PN-p 80

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.