Kali Study (iv)

Source: Internet
Author: User

NMAP Scan Command format

Nmap [Scan Type (s)] [Options] {target specification}



Host Scan

-SL (list scan),-SP (ping Scan),-p0 (no ping),-ps [portlist] (TCP SYN ping),-pa [portlist] (TCP ACK ping),-pu [portlist] (UDP ping),

-pe; -PP; -PM (ICMP ping Types),-PR (ARP ping),

Parameters:-N (without domain name resolution),-R (resolves the domain name for all targets),

Multiple scan modes can be specified at the same time



Port scan

-ss/st/sa/sw/sm:tcp Syn/connect ()/ack/window/maimon Scans

-SU:UDP Scan

-sn/sf/sx:tcp Null, FIN, and Xmas scans

--scanflags <flags>: Customize TCP Scan Flags

-si <zombie host[:p robeport]>: Idle scan

-SY/SZ:SCTP Init/cookie-echo Scans

-SO:IP Protocol Scan

-B <ftp relay Host>: FTP Bounce Scan


NMAP-SL ***.10.87.1-255

Nmap-pe ***.10.87.1-255

NMAP-PS80 ***.10.87.1-255

NMAP-PR 192.168.1.1-255

NMAP-PN ***.10.87.1-255 (does not use ping scan, more suitable for the Internet)

Nmap-sp ***.10.87.1-255 (Fast ping Scan)


-SN parameter, only detects the surviving host, does not scan other information

NMAP-PN-SN ***.10.87.1-255



nmap-Port Scan

1. Single Host scan

2. Multi-host scan

3. Multi-port scanning

Nmap–ss ***.10.87.148 (default of 1000 ports)

Nmap–ss ***.10.87.1-255

Nmap–st ***.10.87.1-255

Nmap–su ***.10.87.1-255

Nmap–su–p 80,445 ***.10.87.1-255

Nmap–st-v ***.10.87.1-255 (Enable detail mode)

Nmap–su–p ***.10.87.1-255 (Scan all ports)



nmap-Operating System Detection

-O? (Enable OS detection)

--osscan-limit? (Operating system detection for the specified target)

--osscan-guess; --fuzzy (presumably OS test results)


Nmap–st-o ***.10.87.148

Nmap–st-p 3390-o--osscan-limit ***.10.87.148

Nmap–sa-o ***.10.87.148



nmap-Service Program Detection

-sv

NMAP–SV ***.10.87.148

Nmap-sv-p 22,53,110,143,4564 ***.10.87.1-255



Nmap---Some advanced options

Nmap--iflist (view local routes and interfaces)

NMAP-E 08:00:27:47:63:e6 ***.10.87.148 (Specify Mac and IP address)

Nmap-t4-f-n-pn-d192.168.1.100,192.168.1.101,192.168.1.102,me 192.168.1.*** (address decoy)


NMAP–SV--spoof-mac 08:00:27:47:63:e6 ***.10.87.148 (fake MAC address)

NMAP–SV--source-port ***.10.87.148--source-port (Specify Source port)


nmap-p1-25,80,512-515,2001,4001,6001,9001 10.20.0.1/16 (scan Cisco routers)

NMAP-SU-P69-NVV 192.168.1.253 (TFTP protocol for scanning routers)

Nmap-o-f-n ***.10.87.148 (-F Quick Scan)


Nmap-ir 100000-ss-ps80-p 445-og nmap.txt (randomly generates 100,000 IP addresses and scans its 445 ports. Prints the scan results to the Nmap.txt file in greppable (available grep command extraction) format.

You can use the grep command to extract the details of care from the output file)



Nmap---script use

Nmap--script=brute ***.10.87.148 (brute force hack)

Resources:

http://drops.wooyun.org/tips/2188



This article from the "Clear" blog, reproduced please contact the author!

Kali Study (iv)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.