Shulou(Shulou.com)06/01 Report--

This article mainly explains "the usage and parameter introduction of Nmap in Linux". The explanation content in this article is simple and clear, easy to learn and understand. Please follow the idea of Xiaobian slowly and deeply to study and learn "the usage and parameter introduction of Nmap in Linux" together!

A scanner is a program that automatically detects security vulnerabilities in a host computer. The scanner collects various information about the target host by sending specific network packets and recording the response messages of the target host. At present, there are many scanning software on the network, the more famous scanners are SSS, X-Scan, Superscan, etc., the most powerful of course is Nmap.

Nmap (Network Mapper) is an open source network detection and security audit tool.

It is used to quickly scan a network and a host for open ports, and can also detect the operating system type of a remote host using TCP/IP protocol stack characteristics. nmap supports many scanning techniques, such as UDP, TCP connect(), TCP SYN(half-open scan), ftp proxy (bounce attack), reverse flag, ICMP, FIN, ACK scan, Xmas Tree, SYN scan, and null scan. Nmap was originally a command-line application for unix systems. In 2000, the app was available as a windows version, ready to install.

The format of the Nmap command is:

Nmap [scan type… ] [general options] {scan target description}

The following describes the parameters of the Nmap command by category:

1. scan type

-sTTCP connect() scan, which is the most basic TCP scan mode. This scan can be easily detected, and a large number of connection requests and error messages will be recorded in the target host's log. - sSTCP synchronous scanning (TCP SYN), because it is not necessary to open all TCP connections, this technique is often called half-open scanning. The biggest benefit of this technique is that very few systems are able to log it. However, you need root privileges to customize SYN packets. - sF,-sX,-sN Secret FIN packet scan, Xmas Tree, Null scan mode. The rationale for these scanning methods is that closed ports need to respond to RST packets for your probe packets, while open ports must ignore problematic packets (see RFC 793, page 64). sPing scan, which uses ping to check which hosts are running on the network. ping scan is invalid when the host blocks ICMP echo request packets. nmap will ping scan in any case, and subsequent scans will only be performed if the target host is running. - sU Use this option if you want to know what UDP(User Datagram Protocol,RFC768) services are available on a host. - sAACK scanning, an advanced scanning method that can be used to get through firewalls. - SW sliding window scan, very similar to ACK scan. - sRRPC scanning, used in conjunction with different port scanning methods. - bFTP bounce attack, connecting to an FTP server behind a firewall as a proxy, followed by port scanning.

2. common options

-P0 Do not ping hosts before scanning. - Before PT scanning, use TCP ping to determine which hosts are running. - PS For root, this option causes nmap to scan the target host using SYN packets instead of ACK packets. - PI Set this option so that nmap uses a real ping(ICMP echo request) to scan for target hosts running. - PB This is the default ping scan option. It uses ACK(-PT) and ICMP(-PI) scan types in parallel. If the firewall is able to filter one of these packets, you will be able to get through the firewall using this method. - O This option enables scanning for TCP/IP fingerprinting to obtain the identity of the remote host, i.e. the operating system type. - I Turn on the reverse flag scanning function of nmap. - f Send SYN, FIN, XMAS, NULL using fragmented IP packets. Packets make it harder for packet filtering and intrusion detection systems to know what you're trying to do. - v Redundant mode. This option is highly recommended as it gives detailed information during scanning. - In some cases, nmap may not be able to determine your source address (nmap will tell you). In this case use this option to give your IP address. - g port Sets the source port of the scan. Some naive firewall and packet filter rulesets allow packets with source ports DNS(53) or FTP-DATA(20) to connect through and. Obviously, if an attacker modifies the source port to 20 or 53, he can destroy the firewall protection. - oN Redirects scan results to a readable file logfilename. - oS scan results output to standard output. - host_timeout Sets the time, in milliseconds, to scan a host. By default, there is no timeout limit. - max_rtt_timeout Sets the wait time for each probe, in milliseconds. Retransmit if this time limit is exceeded or timeout. The default value is approximately 9000 milliseconds. - min_rtt_timeout Sets nmap to wait at least the time you specify for each probe, in milliseconds. - M count Set the maximum number of sockets to be used for parallel scanning when TCP connect() scanning is performed.

3. scan target

The destination address can be an IP address, CIRD address, etc. e.g. 192.168.1.2, 222.247.54.5/24-iL filename Read the scan target from filename file. - iR lets nmap randomly pick its own hosts to scan. - p Port This option lets you select the range of port numbers to scan. For example: -p 20-30,139,60000. - exclude Excludes specified hosts. - Excludefile Excludes hosts in the specified file.

Examples:

The code is as follows:

nmap -v www.hao123.com nmap -sS -O 192.168.1.23/24

nmap -sX -p 22,53,110,143,4564 128.210.*. 1-127

nmap -v –randomize_hosts -p 80 *.*. 2.3-5

host -l company.com | cut -d -f 4 | ./ nmap -v -iL –

Thank you for reading, the above is the "Linux Nmap usage and parameter introduction" content, after the study of this article, I believe we have a deeper understanding of Linux Nmap usage and parameter introduction this issue, the specific use of the situation also needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.