Introduction to Nmap programs under Linux __linux

1. Introduction

Nmap is a network security tool for Network Discovery (network Discovery) and security audits (secure auditing), which is free software. The software name Nmap is the abbreviation of Network Mapper. Typically, Nmap is used to:
Enumerate Network hosts list
Manage service Upgrade Scheduling
Monitor Host
Service Health
Nmap can detect whether the target machine is online, the port is open, the service type and version information of the detection operation, the detection operating system and device type, etc. It is one of the necessary software for network administrators to evaluate network system security.
Just as most tools are used for network security, Nmap is also a tool that many hackers and crackers (also called script kids) love. The system administrator can use NMAP to detect unused servers in the work environment, but hackers use Nmap to gather the target computer's network settings to plan the attack.
Nmap is typically used in the information collection phase (information gathering phase) to collect basic state information for the target host. The scan results can be entered as a vulnerability scan (vulnerability scanning), exploit (vulnerablity exploit), elevation of Privilege (privilege escalation), and so on. For example, the industry-Popular Vulnerability scanning Tool, nesssus, and the exploit tool Metasploit both support the import of NMAP XML format results, while the Metasploit framework also integrates NMAP tools (support Metasploit direct scan).
Nmap can be used not only to scan a single host, but also to scan a large computer network (for example, scan tens of thousands of computers on the Internet to find out which hosts and services are of interest). Of course, scanning large-scale network, need to pay attention to optimize the nmap of various timing and contract parameters, parameters can greatly improve the scanning performance.

2, Function

1 mainframe Discovery (host Discovery)
Used to discover whether the target host is active (active).
Nmap provides a variety of detection mechanisms that can be used to identify hosts more effectively. For example, it can be used to enumerate which hosts on the target network are turned on, similar to the ping command function.
2) port scan (ports scanning)
Used to scan the port status on the host.
Nmap can recognize ports as open, closed (Closed), filtered (filtered), unfiltered (unfiltered), open | filter (open| Filtered), close | filtration (closed| Filtered). By default, NMAP scans 1000 commonly used ports to cover most basic applications.
3) version detection (edition detection)
Used to identify the application and program versions running on the port.
Nmap currently can identify thousands of applications of the signature (signatures), detect hundreds of kinds of application protocols. In the case of an unrecognized application, Nmap will print the applied fingerprint (fingerprint) by default, and if used to identify the application, users can submit the information to the Community and contribute to the community.
4 Operating system detection (OS detection)
Used to identify the operating system type, version number, and device type of the target machine.
Nmap currently provides a fingerprint database of thousands of operating systems or devices, identifying common PC systems, routers, switches, and other types of devices.
5) Firewall/ids evasion (firewall/ids evasion)
Nmap provides a variety of mechanisms to circumvent firewalls, IDS shielding and inspection, to facilitate the secret detection of the status of the target machine.
Basic circumvention methods include: Fragmentation (Fragment)/IP decoy (decoys)/IP Camouflage (spoofing)/mac address camouflage (MAC spoofing), and so on.
6 NSE scripting Engine (Nmap scripting Engine)
NSE is one of the most powerful and flexible features of nmap, which can be used to enhance host discovery, port scanning, version detection, operating system detection, and other features such as Web scans, vulnerability discovery, vulnerability exploits, and more. Nmap uses the Lua language as the NSE scripting language, and the current Nmap script library already supports more than 350 scripts.

3. Common Command Options

⑴TCP Connect () port scan (-st parameter).

Nmap-st 192.168.1.0/24
⑵tcp Synchronous (SYN) port scan (-ss parameter).

Nmap-ss 192.168.1.0/24

⑶UDP port scan (-su parameter).

NMAP-SP 192.168.1.0/24
⑷ping Scan (-sp parameters).

NMAP-SP 192.168.1.0/24

(5) Probe the target host's operating system:
Nmap-o 192.168.1.19
Nmap-a 192.168.1.19

A reference to a document; Wikipedia.