Usage: nmap[scan type [options] {target specification}
Target specification:
Can be through the host name, IP address, network, etc.
For example: scanme.nmap.org, MICROSOFT.COM/24, 192.168.0.1; 10.0.0-255.1-254
-il < input file name: input from host/network in list
-ir: Select Random index
–exclude: Excluding hosts/networks
–excludefile: excluding from files
Host Discovery:
-SL: List Scan – List scan – simply list targets to scan
-sn:ping Scan-Close port scan
-PN: Treat all online hosts-skip host discovery
-ps/pa/pu/py[portlist]: TCP syn/ack,udp or SCTP explore the specified port
-pe/pp/pm:icmp Echo, timestamp and network mask request detection
-po[protocol list]: IP protocol Ping
-n/-r: Do not do DNS resolution/always resolve [default: sometimes]
–dns-servers: Specifying a custom DNS server
–SYSTEM-DNS: DNS resolution using the operating system
–traceroute: Track jumps to each host's path
Scanning technology:
-ss/st/sa/sw/sm:tcp syn/connect ()/ack/window/scan
-SU:UDP Scan
-sn/sf/sx:tcp empty Scan, FIN, and Xmas scan
–scanflags < logo: Custom TCP scan Flags
-si < Zombie host [: Probe port]>: Idle scan
-SY/SZ:SCTP Init/cookie Echo Scan
-SO:IP Protocol Scan
-B:FTP Bounce Scan
Port description and Scan order:
-P < port range: Scan only specified ports
For example:-P22; -p1-65535; -P U:53,111,137,t:21-25,80,139,8080,s:9
-F: Quick mode-scans fewer ports than the default scan
-r: Continuous scan Port-not random
–top-ports: Scans the most common ports
–port-ratio: Scanning more common
Service/Version detection:
-SV: Probing open ports to determine server/version information
–version-intensity: Set from 0 to 9 (try all probes)
–version-light: Limit to the most probable detection (Strength 2)
–version-all: Try every probe (strength 9)
–version-trace: Show detailed version scan activity (DEBUG)
Script Scan:
-SC: Equivalent to –script=default
–script=: is a comma-delimited list of directories
Script-files or Script-categories
–script-args=: script that provides parameters
–script-trace: Display all data sent and received
–script-updatedb: Update the script database.
–script-help=: Displays help on scripting.
is a comma-delimited list, script file, or script class.
Operating System Detection:
-O: Enable OS detection
–osscan-limit: Limit operating system detection of promising targets
–osscan-guess: More aggressively probing the operating system
Timing and performance:
The option to take is within a few seconds, or append "MS" (MS),
"S" (seconds), "M" (minutes), or "H" (hour) value (for example, 30 seconds).
-T<0-5>: Set timer template (higher and faster)
–min-hostgroup/max-hostgroup: Size of the parallel host Scan Group
–min-parallelism/max-parallelism: Probing parallelism
–min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout: Specifies the round trip time of the probe.
–max-retries
: The maximum number of port scans to detect retransmission.
–host-timeout: Timeout to abort host
–scan-delay/–max-scan-delay: Adjust the detection between delays
–min-rate: Send packets no more than per second slow
–max-rate: Faster than sending packets per second
Firewall/IDs evasion and spoofing:
-F; –MTU: Fragmented Package (optional w/given MTU)
-D: Cloak and decoy scans
-S: Source Address spoofing
-e: Using the specified interface
-g/–source-port: Using the specified port number
–data-length: Packets sent with additional random data
–ip-options
: Sends a packet of the specified IP option
–ttl: Set IP Live Time field
–spoof-mac: Cheating on your MAC address
–badsum: Send a forged TCP/UDP/SCTP checksum package
Output:
-on/-ox/-os/-og: In normal output scan, xml,s| -oa: Output in three primary formats at a time
-V: Improve level of detail (using-VV or more and better results)
-D: Increase the level of debugging (using-DD or more and better results)
–reason: Shows why a port is in a specific state
–open: Show only open ports (or may be open)
–packet-trace: Show all packets sent and received
–iflist: Print host interface and route (for debugging)
–log-errors: Error/warning output file in normal format
–append-output: Append, rather than frequent use of the specified output file
–resume: Restore aborted scan
–stylesheet:xsl style sheet transforms XML output?? For HTML
–webxml: A more portable XML reference style sheet from nmap.org
–no-stylesheet: Prevent XSL style sheet W/xml Output Association
Miscellaneous
-6: Enable IPV6 scan
-A: Enable OS detection, version detection, script scanning, route tracking
–datadir: Specifies the location of the custom Nmap data file
–SEND-ETH/–SEND-IP: Using the original Ethernet frame or IP packet to send
–privileged: Assuming full user permissions
–unprivileged: Assuming the user does not have the original socket permission
-V: Print version number
-H: Print this Help summary page.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
