Shulou(Shulou.com)06/01 Report--

When it comes to scanners, we have to say that Nmap is a well-known scanner, which is available in all versions of the system. In BT series systems, this tool is also integrated. We can call it through Metasploit or use it directly. The method of use is very simple, nothing more than listing some common parameters under nmap. Of course, I use the command line version, and the UI version studies it on its own, because it's easy to see ^ _ ^.

Nmap-sT ip to view the server TCP services on the ip

Nmap-sU ip to view the UDP service of server on the ip

Nmap-sV ip to view the version information of the AP on the ip

Nmap-o ip looks at the OS version information on the IP. In fact, this is often not accurate. I don't know how it judges.

Nmap-Pn ip View LAN active hosts can use it

Nmap-PU ip check the active hosts on the internet can use this command, because sometimes TCP can not pass the firewall, for example:

Nmap-PU-sn 10.10.10.Mab 24 UDP scans the ip segment, and-sn is the port that does not scan.

Monitoring of nmap-sF ip scanning special mark bit avoidance equipment or software

Nmap-sS ip TCP SYN scanning module, similar to SYN scanning module in metasploit

Nmap-sA ip TCP ACK scanning, similar to the ACK scanning module in Metasploit

These are the only ones that are commonly used, and the others can be viewed by yourself > namp-h for help.

The auxiliary modules in Metasploit also have scanning tools, but their comprehensive features add up to a Nmap. Depending on your preferences, several are introduced as follows:

Ack: use ACK to search for Amao to detect blocked ports on the firewall.

Ftpbounce uses some principles of FTP to treat TCP services

Syn: detect open ports by sending TCP SYN flags, which is more hidden and faster to scan

Tcp: this scanning method is more accurate, but sometimes you may not be able to scan the results or expose your IP address.

Xmas: hidden scanning mode. Send FIN,PSH,URG to avoid TCP filtering. I don't understand what other people say. I say so.

Here is an example of using SYN as a scanning method

Search portsan search scan assist module

Use auxiliary/scanner/portscan/syn chooses to use modules

> set RHOSTS 10.10.10.10 sets RHOSTS

> set THREADS 20 sets the thread to 20, which depends on the individual. The default is 1. If the thread setting is appropriate, it will be faster, but I don't know how much it is appropriate. Feel better for yourself.

> show options can check whether your configuration is effective.

> run execution, and then wait for the result. I feel that the scanning speed of kali is not as fast as BT.

Generally speaking, the scan is very slow. Let's have a cup of coffee.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.