Nmap
Nmap + IP Address scan host open port
Nmap-p 1-x + IP address scans specific host ports
Nmap-v-A-SV +IP address detailed scan host
Nmap-p Port +IP address 192.168.1.* specific IP in cluster
Nmap-o System Testing
NMAP-SV ports running on the +IP service
Znmap graphical
POF fingerprint
Tool can scan the capture file
Recon-ng reconnaissance using reconnaissance/HOST/enumeration/HTTP/network/xssed)
Target domain
Use many modules
Netdiscover can check all the hosts on the LAN
is a set of Nmap, Nikto, Hydra and other tools, using the various
The combination of excellent tools makes penetration testing more convenient. Capable of blasting
, and the use of dictionary fingerprinting
Ike-scan VPN Vulnerability Test Platform fingerprint scan
Dnmap (Distributed Nmap) is a distributed scanning tool based on Nmap
, it can use one cluster to scan another large cluster network.
The DNMAP uses a client/server architecture that is primarily used to
and rollup scan status, the client is primarily used to perform scan tasks and records
Its own scanning state. This tool is mainly used for you want a large cluster network for
Scan, you own a cluster (broiler) resource or your little partner wants to
Help you with the situation.
Dnmap_client usage Examples
echo "Nmap-f 192.168.1.0/24-v-n-oa sub1" >> dnmap.txt
echo "Nmap-f 192.168.0.0/24-v-n-oa sub0" >> dnmap.txt
Dnmap_server-f Dnmap.txt
Dnmap_server usage Examples
Dnmap_client-s 192.168.1.15-a Dnmap-client1
Ike-scan
Usage: ike-scan [options] [hosts ...]
The target host must be specified on the command line unless the--file option is
Given, in this case, the target is read from the specified file.
The destination host can be specified as an IP address or host name. You can also
Specify the target as ipnetwork/bits (for example, 192.168.1.0/24) to specify all hosts
On a given network (including network and broadcast addresses) or
Ipstart-ipend (e.g. 192.168.1.3-192.168.1.27) to specify all hosts
Include range, or ipnetwork:netmask (e.g. 192.168.1.0:255.255.255.0)
Specifies all hosts and masks in a given network.
These different options for specifying a target host can be used simultaneously
command line, and in the file specified by the--file option.
In the following options, the letters or words in angle brackets, such as <f>, indicate a
The value or string that should be supplied. The corresponding text should
Represents the meaning of this value or string. When providing value or
string, not including angle brackets. The text in square brackets, such as [<f>]
means that the attached text is optional. This is used to take the option
An optional parameter.
Options:
--help or-H displays this usage message and exits.
--file = <fn> or-f <fn> reads the host name or address from the specified file
Instead of from the command line. A name or IP
Each line address uses "-" as the standard input.
--sport = <p> or-s <p> sets the UDP source port to <p>,default = 500,0 = Random.
Some IKE implementations require the client to use
UDP Source Port 500, no calls to other ports.
Please note that superuser privileges are usually required
Use a non-0 source port below 1024
A process on the system can be bound to a given source port
Use the--NAT-T option at any one time to change
Default source port is 4500
--dport = <p> or-D <p> sets the UDP destination port to <p>,default = 500.
UDP port 500 is the assigned port number of the ISAKMP
This is the port used by most (if not all) IKE
Realize. Use the--NAT-T option to change
The default destination port is 4500
--retry = <n> or-r <n> sets the total number of attempts per host to <n>
Default = 3.
--timeout = <n> or-t <n> sets the initial value for each host timeout to <n> ms, default = 500.
This timeout is the first packet that is sent to each host.
The subsequent timeout multiplied by the fallback
The coefficient is set to--backoff.
--bandwidth = <n> or-B <n> set the desired outbound bandwidth to <n> default = 56000
The default value is the number of bits per second. If you
Append "K" to the value, the unit is thousand bits
Per second, if you attach an "M" value,
Units are megabits per second.
The "K" and "M" suffixes represent decimal, not
Binary, multiple. So 64K is 64000, not 65536.
--interval = <n> or-I <n> sets the minimum packet interval to <n> Ms.
The grouping interval will be no less than this number.
The specified interval defaults to milliseconds.
If "U" is attached to this value, then the interval
Within microseconds, if "s" is attached
The interval is in seconds.
If you want to use a given bandwidth, that's
Easier to use the--bandwidth option.
You cannot specify both--interval and--bandwidth
Because they're just different ways of changing
The same underlying variable.
--backoff = <b> or-b <b> sets the timeout backoff factor to <b> default = 1.50.
Timeout per host multiplied by this factor
After each timeout, if the number of retries
is 3, the initial timeout for each host is 500ms and
The return factor is 1.5, so the first timeout is
500MS, second 750ms and third 1125ms.
--verbose or-V displays detailed progress messages.
Use multiple times to achieve greater results:
1-show when each pass is completed
You receive a packet that contains an invalid cookie.
2-Shows each packet sent and received and when
The host is removed from the list.
3-display host, Vendor ID and return list
Before the scan begins.
--quiet or-Q does not decode the returned packets.
This prints out less protocol information.
The output line is shorter.
-Multiline or-m decodes the excess line decomposition payload.
With this option, the decoding of each payload is
Printed on a separate line, starting with tab.
This option makes the output easier to read, especially
When there are many payloads.
This article from "Big Plum" blog, reproduced please contact the author!
Kali Linux information collection commonly used in several software commands