Shulou(Shulou.com)05/31 Report--

Nmap how to get started quickly, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

1. Installation

Https://nmap.org/, don't go into too much detail

two。 Target aircraft construction

In this paper, the target machine is OWASP Broken Web Applications Project.

Https://sourceforge.net/projects/owaspbwa/

Target address 1: 192.168.154.128

The address of the target plane is 192.168.3.7.

3. Command line C:\ Users\ Torjan > nmap-- helpNmap 7.80 (https://nmap.org) Usage: nmap [Scan Type (s)] [Options] {target specification} TARGET SPECIFICATION:Can pass hostnames, IP addresses, networks, etc.Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1 10.0.0-255.1-254-iL: Input from list of hosts/networks, "Import the target host or network segment from the file"-iR: Choose random targets, "randomly select the target host"-- exclude: Exclude hosts/networks, "the following host or network segment will not be in the scan range"-- excludefile: Exclude list from file, "the host or network segment in the following file will not be in the scan range HOST DISCOVERY: [" Host Discovery "]-sL:List Scan "List Scan (list scan) Only enumerate the IP of the specified target, and do not perform host discovery "- sn: Ping Scan-disable port scan," Ping Scan, only host discovery, no port scanning "- Pn: Treat all hosts as online-- skip host discovery," treat all specified hosts as enabled and skip the process of host discovery. " -PS/PA/PU/PY [portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports, "use TCP SYN/ACk or SCTP INIT/ECHO to discover." -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes, "use ICMP echo, timestamp, netmask request packets to discover hosts"-PO [protocol list]: IP Protocol Ping, "use IP protocol packets to detect whether the other host is enabled." -default Murr: Never do DNS resolution/Always resolve [default: sometimes], "- n means no DNS parsing;-R means always doing DNS parsing." -- dns-servers: Specify custom DNS servers, "specify the DNS server." -- system-dns: Use OS s DNS resolver, "specify the DNS server that uses the system." -- traceroute: Trace hop path to each host, "track each routing node. SCAN TECHNIQUES: ["scan parameters"]-sS/sT/sA/sW/sM: TCP SYN/Connect () / ACK/Window/Maimon scans, "specify the way to scan the target host using TCP SYN/Connect () / Ack/Window/Maimon scans." -sU: UDP Scan, "specifies that the UDP scan is used to determine the UDP port status of the target host." -sN/sF/sX: TCP Null, FIN, and Xmas scans, "specify the way to use TCP Null/FiN/Xmas scans secret scanning to help detect the TCP port status of the other party." -- scanflags: Customize TCP scanflags, "customize the flags of the TCP package"-- sI: Idle scan, "specify how to scan the target host using Idle scan (as long as you need to find a suitable zombie host zombie host)." -sY/sZ: SCTP INIT/COOKIE-ECHO scans, "use SCTP INIT/COOKIE-ECHO to scan the opening of SCTP protocol ports"-sO: IP protocol scan, "use IP protocol scanning to determine the types of protocols supported by the target machine." -b: FTP bounce scan, "use FTP bounce scan scanning method. PORT SPECIFICATION AND SCAN ORDER: ["Port scan parameters and order"]-p: Only scan specified ports, ": scan the specified port" Ex ("for example"):-p22;-p1-65535 -p UJL 53KONE1J 137jv 21-25JEV 80JEN 139je 80JOF: Fast mode-Scan fewer ports than the default scan, "(fast mode), scan only TOP100 ports"-r: Scan ports consecutively-dont randomize, "do not perform port random scrambling operation (without this parameter, the ports to be scanned by Nmap will be scanned in a random order. Make it difficult for Nmap scans to be detected by each other's firewall), that is, sequential scans. " -- top-ports: Scanmost common ports, "scan the number ports with the highest probability of opening. (the author of Nmap has done a large-scale Internet scan to calculate the probability that various ports on the network may be open, and arrange the list of ports that are most likely to be open. For more information, please see the nmap--services file. By default, Nmap scans for the most likely 1000 TCP ports. "--port-ratio: Scan ports more common than," scan for ports above the specified frequency. Similar to the above top-ports, probability is taken as a parameter, and ports with a probability greater than port--ratio are scanned. Obviously, the parameters must be between 0 and 1. To know the specific probability range, you can check the nmap--services file. SERVICE/VERSION DETECTION: ["version detection"]-sV: Probe open ports to determine service/version info, "specifies that Nmap does version detection." -- version-intensity: Set from 0 (light) to 9 (try all probes), "the detection intensity of the specified version (0,9) is 7 by default. The higher the value, the more accurate the service detected, but the running time will be longer." -- version-light: Limit to most likely probes (intensity2), "refers to the use of lightweight detection (intensity2)"-- version-all: Try every single probe (intensity9), "try to intensity9 using all probes." -- version-trace: Show detailed version scan activity (for debugging), "shows detailed version detection process information. SCRIPT SCAN: ["scan script"]-sC/--script=default: "scan using the default script." -- script=:is a comma separated list of, "scan with a script." Directories, script-files or script-categories--script-args=: provide arguments to scripts, "this parameter is used to pass that the parameter key in the script is the parameter name, which corresponds to the value valuel." If there are more parameters, connect with a comma. "--script-args-file=filename: provide NSE script args in a file," use a file to provide parameters for the script. "--script-trace: Show all data sent and received," if set, displays the data sent and received during the execution of the script. "--script-updatedb: Update the script database." There is a db file in the scripts directory of Nmap, which holds the scripts currently available to Nmap, similar to a small database. If we open Nmap and call this parameter, Nmap will scan the extension script in the scripts scan directory and update the database "--script-help=: Show help about scripts." View the scan script help document "is a comma-separated list of script-files orscript-categoriesOS DETECTION: [" system probe "]-O: Enable OS detection," system probe "--osscan-limit: Limit OS detection to promising targets," operating system probe only for hosts that satisfy "ports with both Open and closed status"-- osscan-guess: Guess OS more aggressively "guess the most likely system version TIMING AND PERFORMANCE: [time and performance] Options which takeare in seconds, or append 'ms' (milliseconds),' s'(seconds),'m'(minutes), or 'h' (hours) to the value (e.g. 30m)." Time unit description "- T: Set timing template (higher is faster),"time scanning level, the higher the number, the faster"-- min-hostgroup/max-hostgroup: Parallel host scan group sizes, "specify the number of hosts to scan in parallel, the maximum or minimum number of hosts to scan at a time"-- min-parallelism/max-parallelism: Probe parallelization--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout: Specifiesprobe round trip time.--max-retries: Caps number of port scan probe retransmissions. " Maximum number of probes "--host-timeout: Give up on target after this long," timeout "--scan-delay/--max-scan-delay: Adjust delay between probes," delay / interval of scan detection "--min-rate: Send packets no slower thanper second," sending packets per second not less than number "--max-rate: Send packets no faster thanper second," sending packets per second not more than numberFIREWALL/IDS EVASION AND SPOOFING: ["Firewall / IDS bypass and spoofing"]-f -- mtu: fragment packets (optionally w/given MTU), "sharding"-- D: Cloak a scan with decoys, "forge the source address, but not the real source address, but add some noise sources to confuse the target ip and increase the difficulty of analysis." -S: Spoof source address, "source address forgery"-e: Use specified interface, "use special interface"-g/--source-port: Use given port number, "use specified source port"-- proxies: Relay connections through HTTP/SOCKS4 proxies, "proxy"-- data: Append a custom payload to sent packets, "add custom data field" But the field must be hexadecimal "--data-string: Append a custom ASCII string to sent packets," add ASCII code to send data "--data-length: Append random data to sent packets,"data length"-- ip-options: Send packets with specified ip options, "Special IP options"-- ttl: Set IP time-to-live field, "set IP Live time"-- spoof-mac: Spoof your MAC address, "MAC spoofing"-- badsum: Send packets with a bogus TCP/UDP/SCTP checksumOUTPUT: "error check"-oN/-oX/-oS/-oG: Output scan in normal, XML, s |

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.