Target Specification: the host name, IP address, network, and other examples can be used: scanme.nmap.org, region, (0 is not limited...
Target specification:
You can use host names, IP addresses, and networks.
Example: scanme.nmap.org, dream4.org/24, 192.168.0.1; 10.0.0-255.1-254
-IL : Obtain the host or network from a specified file
-IR : Select a host randomly (0 does not limit the number of scan hosts)
-- Exclude : Exclude the specified host or network
-- Excludefile : Obtain excluded hosts or networks from a specified file
Host discovery:
-SL: list scan-a simple list of targets to be scanned (no packets are sent to the target host)
-SP: Ping scan-only ping scan is performed to find the target host. No other operations are performed.
-PN: set all hosts to online status -- skip host status detection
-PS/PA/PU [portlist]: specify SYN (tcp syn Ping)/ACK (tcp ack Ping)/UPD (UDP Ping) to scan the specified port
-PE/PP/PM: detects ICMP echo, time mark, and network mask
-PO [protocol list]: detects network protocols supported by hosts.
-N/-R: DNS resolution is never performed. [default: sometimes]
-- Dns-servers : Custom DNS server
-- System-dns: Operating system DNS resolution
Port scanning technology:
-SS/sT/sA/sW/sM: tcp syn/Connect ()/ACK/Window/Maimon scan
-SU: UDP scan
-SN/sF/sX: TCP null does not set any flag bit (tcp flag header is 0), FIN (only tcp fin flag bit), Xmas (set FIN, PSH, and URG flag) scan
-- Scanflags : Custom scan flag
-SI : Idle scan
-SO: IP protocol scan to determine which IP protocols (TCP, ICMP, IGMP, etc.) are supported by the target machine)
-B : FTP transfer scan
-- Traceroute: route tracing to track the jump address of each host
-- Reason: displays the specific status of each port.
Port description and scan instance:
-P : Scan only the specified port
Example:-p22;-p1-65535;-p U: 53,111,137, T: 21-25, 80
-F: quick mode-scan common ports
-R: ports are not scanned randomly.
-- Top-ports : Scan <数量> The most common port
-- Port-ratio : Scan the most common port <比率>
Service/Version detection:
-SV: detects service/version information from open ports
-- Version-intensity : Set scan intensity 0 (high) to 9 (try all probes)
-- Version-light: enable lightweight mode (intensity 2)
-- Version-all: ensure that all test methods are attempted on each port.
-- Version-trace: displays debugging information about a scanning task.
Script scan:
-SC: equivalent to using the default script -- script = default
-- Script = : Use commas to separate the list, directory list, script file, or script class
-- Script-args = : Provide script parameters
-- Script-trace: displays all sent and received data.
-- Script-updatedb: updates the script database.
Operating system detection:
-O: enable OS detection
-- Osscan-limit: detects the specified target operating system.
-- Osscan-guess: the OS that best matches the prediction
Time and performance:
The option is in milliseconds, unless you append 's' (seconds), 'M' (minutes), or 'H' (hours)
-T [0-5]: Set the time template (the faster the process)
-- Min-hostgroup/max-hostgroup : Adjust the parallel scan group size
-- Min-parallelism/max-parallelism: Adjust the concurrency of the test packets.
-- Min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout: Specify the probe timeout.
-- Max-retries : Specify the maximum number of retries
-- Host-timeout: Give up if the target does not respond within the specified time
-- Scan-delay/-- max-scan-delay: Adjust the detection latency
-- Min-rate : The number of sent data packets is not lower Per second
-- Max-rate : The number of sent data packets is no higher Per second
Firewall/IDS avoidance and spoofing:
-F; -- mtu : Packet segmentation (using the specified MTU)
-D : Use bait for hidden scanning
-S : Source address spoofing
-E : Use the specified interface
-G/-- source-port : Source port spoofing
-- Data-length : Random packet attachment and send
-- Ip-options : Send data packets with the specified IP option
-- Ttl : Set the IP time-to-live domain
-- Spoof-mac : MAC address spoofing
-- Badsum: send forged TCP/UDP packets
Output:
-ON/-oX/-OS/-oG : Standard output of scan reports, XML output, s |
-OA : Output to all formats
-V: improves the details of output information.
-D [level]: raise or set the debugging level (9 is recommended)
-- Open: only open ports are displayed.
-- Packet-trace: displays all sent and received packets.
-- Iflist: lists interfaces and routes (debugging)
-- Log-errors: saves Error Records/warnings to specified files.
-- Append-output: append to the specified output file.
-- Resume : Continue to suspend scanning
-- Stylesheet : Set the XSL style sheet and convert the XML output
-- Webxml: See the WEBXML style sheet provided by Nmap. Org.
-- No-stylesheet: ignore the XSL style sheet declared in XML
Miscellaneous:
-6: enable IPv6 scanning
-A: High-intensity scan mode options
-- Datadir : Specifies the Nmap data file location.
-- Send-eth/-- send-ip: use the original Ethernet frame or the original IP address to send data packets.
-- Privileged: assume that the user has all permissions.
-- Unprivileged: assume that the user does not have the original socket privilege.
-V: displays the version number.
-H: output help information
Instance:
Nmap-v-A scanme.dream4.org
Nmap-v-sP 192.168.0.0/16 10.0.0.0/8
Nmap-v-iR 10000-PN-p 80