Shulou(Shulou.com)06/01 Report--

Summary of Nmap parameters

I have written several articles about nmap before. Although I have written a lot of parameters, it is not convenient to check them. I will do an integration today.

(it may not be very complete. If you have any mistakes, please let me know.)

Host discovery nmap-sn [target] only host discovery, not scanning ports and other information nmap-PR [target] host discovery using ARP protocol target nmap-sn-PE [target] for the same network segment host discovery is done through ICMP protocol Equivalent to pingnmap-sn-PP [target] for host discovery by ICMP protocol timestamp nmap-sn-PM [target] through ICMP protocol address mask for host discovery nmap-sn-PS [target] TCP SYN scan nmap-sn-PA [target] TCP ACK scan nmap-sn-PU [target] uses UDP protocol for host discovery nmap-sn-PY [target] uses SCTP protocol for host discovery nmap-sn- PO [target] uses IP protocol for host discovery nmap-R [target] reverse domain name resolution nmap-n [target] cancels domain name resolution nmap-- dns-servers [server1...] [target] use the specified dns server to query the target-- packet-trace uses this option to check the details of the scanning process. Port scan nmap-sS [target] use SYN scan port nmap-sT [target] use Connect scan port nmap-sU [target] use UDP scan port nmap-sF [target] use TCP FIN scan port nmap-sN [target] use Null scan port nmap-sX [ Target] use Xmas Tree scan port nmap-F [target] scan common 100ports nmap-p [port] [target] scan designated port nmap-p [portname (s)] [target] use port name to specify scan port nmap-p U: [UDP ports] T: [TCP ports] [target] use the protocol designated scan port nmap-p "*" [target] to scan all ports nmap-- top-ports [number] [target] scan common ports-- scanflags

Customized TCP scan-b

FTP bounce scan operating system and service detection nmap-O [target] scan the system by port scan nmap-sV-F-- fuzzy-- osscan-guess [target] scan the operating system fingerprint-- osscan-guess guesses the operating system closest to the target-- osscan-limit only detects the operating system that meets the condition of "having both open and closed ports"-- max-retries only performs system detection attempts on the operator. Default 5version-intensity

Set version scan intensity, strength value 1-9, default 7version-all attempts to probe version-light lightweight mode version-trace display details for each port-sV version probe-sR RPC scan + nmap-sF-T4 [target] detect firewall state camouflage technology nmap-f [target] segments packets sent, adding difficulty to defense device detection nmap-mtu [mtubytes] [target] sets the size of mtu Mtu value should be a multiple of 8 nmap-D

[target] use bait host scan-- source-port

;-g

Source port spoofing-data-length

[target] add random data when sending a message-- ttl

[target] set the value of packet lifetime-- spoof-mac

MAC address spoofing NSE script

Script classification:

Auth: this category contains scripts responsible for handling authentication certificates (bypassing permissions) broadcast: this category includes sniffing more services on the LAN, such as DNS, SQL Server and other services brute: these are for common applications, such as HTTP, SSH, FTP and other scripts to crack passwords default: this is a script when scanning with-sC or-A parameters Provide basic scanning capability discovery: collect more information on the network, such as SMB enumeration, SNMP query, etc. Dos: script used to initiate a denial of service GJ exploit: script used to complete security vulnerabilities on the target system external: script for third-party services fuzzer: script for ambiguity testing, sending abnormal packets to the target host Detect potential vulnerabilities intrusive: scripts that may cause the target system to crash or impose a great burden on the target network, such scripts can be easily detected by firewalls or IPS malware: scripts used to detect malware safe: safe and harmless scripts version: scripts responsible for enhancing version scanning: responsible for checking target hosts for common vulnerabilities

Script this is really too long, I don't want to write, write some commonly used (want to know more about my previous blog)

Commonly used scan scripts:

Nmap-- script auth 192.168.1.1 Authentication scan / weak password Detection nmap-- script brute 192.168.1.1 password guessing nmap-- script vuln 192.168.1.1 scan for common vulnerabilities nmap-n-p 445-- script broadcast 192.168.0.0Comp24 detect the opening of private network host services

Nmap-script external baidu.com whois parsing

My integration may not be complete, but it is generally enough. Most of the articles can be found in the more detailed blogs I have written before.

I hope it's helpful to you. I'm tired of writing.

* * [target] is the meaning of the target, and what else [server] is the address of the dns server, I will not say one by one.

I have written too many nmap before, so I will not elaborate any more.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.