Shulou(Shulou.com)06/01 Report--

Chinese parameter descriptions of common security tools under Kali (160pieces)

Nc Switzerland × ×

[v1.10-41]

Format: nc [- parameter] hostname port [s] [port]...

Listen inbound: nc-l-p port [- parameter] [hostname] [port]

Parameter options:

-c shell commands as `- eBay; use / bin/sh to exec [dangerousling!]

-e filename program to exec after connect [dangerous!]

-b whether broadcasting is allowed

-g gateway source route hop [s], up to 8

-G num source routing pointer: 4, 8, 12, …

-h this cruft

-I secs line delay interval, port scan

-k set keepalive option on socket

-l monitoring mode, inbound link

-n uses only IP addresses and does not resolve through DNS

-o file uses hexadecimal

-p port local port number

-r follow local and port

-q secs quit after EOF on stdin and delay of secs

-s addr local source address

-T tos set Type Of Service

-t connect using telnet

-u UDP mode

-v verbose [use twice to be more verbose]

-w secs connection target network timeout

-C Send CRLF as line-ending

-z zero-I/O mode [used for scanning]

The port number can be a lo-hi or a segment: Port [inclusive]

You must use a backslash (e.g. 'ftp\-data') at the port name.

Nmap scanning tool

Nmap 7.30 (https://nmap.org)

Usage: nmap [scan Type (s)] [option] {Target description}

Target description:

By host name, IP address, network segment, etc.

Protocols: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254

-iL: enter the host or network segment

-iR: randomly select targets

-exclude: excluded IP or network segment

-excludefile: exclude from the file

Host discovery:

-sL: List Scan-simply list targets for scanning

-sn: Ping Scan-disable port scanning

-Pn: Treat all hosts as online-do not use host discovery

-PS/PA/PU/PY [portlist]: discover designated ports through TCP SYN/ACK, UDP or SCTP and other protocols

-PE/PP/PM: request discovery probe using ICMP protocol response, timestamp, and subnet mask

-PO [protocol list]: using the ip protocol

-nMoMoMoR: Never do DNS resolution/Always resolve [default option]

-dns-servers: automatically DNS

-system-dns: use system DNS

-traceroute: tracks the path of each host

Scanning technology:

-sS/sT/sA/sW/sM: scanning protocols such as TCP SYN/Connect () / ACK/Window/Maimon

-sU: UDP scan

-sN/sF/sX: empty TCP, FIN, and Xmas scans

-scanflags: custom tcp scan

-sI: spatial scanning

-sY/sZ: SCTP initialization or cookie-echo scan

-sO: IP protocol scan

-b: FTP bounce scan

Standardize ports and scan sequences:

-p: scan only designated ports

Specification for use:-p22;-p1-65535;-p Upura 53, 111, 137, 13, 13, 25, 80, 139, 80, 139, 8080, 9.

-exclude-ports: excludes specified port scanning

-F: fast scan-scan common ports

-r: continuous port scan-not random

-top-ports: scan for common ports

-port-ratio: Scan ports more common than

Service and version testing:

-sV: explore open ports to determine service and version numbers

-version-intensity: sets all probes from 0-9

-version-light: the most likely vulnerability probe (intensity 2)

-version-all: try every vulnerability probe (intensity 9)

-version-trace: displays detailed version scan activity (debugging)

Use of scan scripts:

-sC: default script for probing

-script=: comma separated list, script directory or script category

-script-args=: provides parameters for the script

-script-args-file=filename: provide NSE scripts (custom scripts) in a file

-script-trace: displays all data sent and received

-script-updatedb: update script database

-script-help=: display script help

Is a comma-separated list of script files or script classes.

Operating system identification:

-O: use operating system probe

-osscan-limit: Limit OS detection to promising targets

-osscan-guess: Guess OS more aggressively

Timing and performance:

Used to schedule tasks in how many seconds, or to append 'milliseconds'

Seconds, minutes, or hours to set (e.g. 30m).

-T: set timing template (more convenient)

-min-hostgroup/max-hostgroup: maximum and minimum values for parallel scanning

-min-parallelism/max-parallelism: parallel scanning

-min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout: specify the scan end time

-max-retries: Caps number of port scan probe retransmissions.

-host-timeout: Give up on target after this long

-scan-delay/-max-scan-delay: adjust the delay of each scan

-min-rate: the packet sent is not less than "numeric value"

-max-rate: the packet sent does not exceed the "value"

Firewall / IDS evasion and spoofing:

-f;-mtu: fragment package (you can choose w/given MTU)

-D: Cloak a scan with decoys

-S: source address spoofing

-e: use the specified interface

-g/-source-port: use the given port number

-proxies: Relay by using the HTTP/SOCKS4 proxy

-data: attach a custom payload to send the packet

-data-string: add a custom ASCII string to send the packet

-data-length: send packets with additional random data

-ip-options: sends a packet with the specified IP option

-ttl: sets the time when ip arrives at the destination

-spoof-mac: deceives the local MAC address

-badsum: sends a fake packet TCP/UDP/SCTP for verification

Output:

-oN/-oX/-oS/-oG: output normal scan in XML format, s |

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.