Kali Linux information collection commonly used in several software commands

Nmap

Nmap + IP Address scan host open port

Nmap-p 1-x + IP address scans specific host ports

Nmap-v-A-SV +IP address detailed scan host

Nmap-p Port +IP address 192.168.1.* specific IP in cluster

Nmap-o System Testing

NMAP-SV ports running on the +IP service

Znmap graphical

POF fingerprint

Tool can scan the capture file

Recon-ng reconnaissance using reconnaissance/HOST/enumeration/HTTP/network/xssed)

Target domain

Use many modules

Netdiscover can check all the hosts on the LAN

is a set of Nmap, Nikto, Hydra and other tools, using the various

The combination of excellent tools makes penetration testing more convenient. Capable of blasting

, and the use of dictionary fingerprinting

Ike-scan VPN Vulnerability Test Platform fingerprint scan

Dnmap (Distributed Nmap) is a distributed scanning tool based on Nmap

, it can use one cluster to scan another large cluster network.

The DNMAP uses a client/server architecture that is primarily used to

and rollup scan status, the client is primarily used to perform scan tasks and records

Its own scanning state. This tool is mainly used for you want a large cluster network for

Scan, you own a cluster (broiler) resource or your little partner wants to

Help you with the situation.

Dnmap_client usage Examples

echo "Nmap-f 192.168.1.0/24-v-n-oa sub1" >> dnmap.txt

echo "Nmap-f 192.168.0.0/24-v-n-oa sub0" >> dnmap.txt

Dnmap_server-f Dnmap.txt

Dnmap_server usage Examples

Dnmap_client-s 192.168.1.15-a Dnmap-client1

Ike-scan

Usage: ike-scan [options] [hosts ...]

The target host must be specified on the command line unless the--file option is

Given, in this case, the target is read from the specified file.

The destination host can be specified as an IP address or host name. You can also

Specify the target as ipnetwork/bits (for example, 192.168.1.0/24) to specify all hosts

On a given network (including network and broadcast addresses) or

Ipstart-ipend (e.g. 192.168.1.3-192.168.1.27) to specify all hosts

Include range, or ipnetwork:netmask (e.g. 192.168.1.0:255.255.255.0)

Specifies all hosts and masks in a given network.

These different options for specifying a target host can be used simultaneously

command line, and in the file specified by the--file option.

In the following options, the letters or words in angle brackets, such as <f>, indicate a

The value or string that should be supplied. The corresponding text should

Represents the meaning of this value or string. When providing value or

string, not including angle brackets. The text in square brackets, such as [<f>]

means that the attached text is optional. This is used to take the option

An optional parameter.

Options:

--help or-H displays this usage message and exits.

--file = <fn> or-f <fn> reads the host name or address from the specified file

Instead of from the command line. A name or IP

Each line address uses "-" as the standard input.

--sport = <p> or-s <p> sets the UDP source port to <p>,default = 500,0 = Random.

Some IKE implementations require the client to use

UDP Source Port 500, no calls to other ports.

Please note that superuser privileges are usually required

Use a non-0 source port below 1024

A process on the system can be bound to a given source port

Use the--NAT-T option at any one time to change

Default source port is 4500

--dport = <p> or-D <p> sets the UDP destination port to <p>,default = 500.

UDP port 500 is the assigned port number of the ISAKMP

This is the port used by most (if not all) IKE

Realize. Use the--NAT-T option to change

The default destination port is 4500

--retry = <n> or-r <n> sets the total number of attempts per host to <n>

Default = 3.

--timeout = <n> or-t <n> sets the initial value for each host timeout to <n> ms, default = 500.

This timeout is the first packet that is sent to each host.

The subsequent timeout multiplied by the fallback

The coefficient is set to--backoff.

--bandwidth = <n> or-B <n> set the desired outbound bandwidth to <n> default = 56000

The default value is the number of bits per second. If you

Append "K" to the value, the unit is thousand bits

Per second, if you attach an "M" value,

Units are megabits per second.

The "K" and "M" suffixes represent decimal, not

Binary, multiple. So 64K is 64000, not 65536.

--interval = <n> or-I <n> sets the minimum packet interval to <n> Ms.

The grouping interval will be no less than this number.

The specified interval defaults to milliseconds.

If "U" is attached to this value, then the interval

Within microseconds, if "s" is attached

The interval is in seconds.

If you want to use a given bandwidth, that's

Easier to use the--bandwidth option.

You cannot specify both--interval and--bandwidth

Because they're just different ways of changing

The same underlying variable.

--backoff = <b> or-b <b> sets the timeout backoff factor to <b> default = 1.50.

Timeout per host multiplied by this factor

After each timeout, if the number of retries

is 3, the initial timeout for each host is 500ms and

The return factor is 1.5, so the first timeout is

500MS, second 750ms and third 1125ms.

--verbose or-V displays detailed progress messages.

Use multiple times to achieve greater results:

1-show when each pass is completed

You receive a packet that contains an invalid cookie.

2-Shows each packet sent and received and when

The host is removed from the list.

3-display host, Vendor ID and return list

Before the scan begins.

--quiet or-Q does not decode the returned packets.

This prints out less protocol information.

The output line is shorter.

-Multiline or-m decodes the excess line decomposition payload.

With this option, the decoding of each payload is

Printed on a separate line, starting with tab.

This option makes the output easier to read, especially

When there are many payloads.

This article from "Big Plum" blog, reproduced please contact the author!

Kali Linux information collection commonly used in several software commands