In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Nmap usage
Nmap is a host scanning tool, its graphical interface is Zenmap, and the distributed framework is Dnamp.
Nmap can accomplish the following tasks:
Host detection
Port scan
Version detection
System detection
Support the writing of probe script
The practical applications of Nmap are as follows:
Audit its security by probing the device or firewall
Probe the ports opened by the target host
Audit the security of the network by identifying new servers
Detect hosts on the network
The common ports are as follows
HTTP 80
HTTPS 443
Telnet 23
FTP 21
SSH 22
SMTP 25
POP3 110
WebLogic 7001
TOMCAT 8080
Remote login 3389
Oracle Database 1521
MS SQL* SEVER 1433
MySQL 3306
1. Nmap simple scan
Nmap 192.168.120.116
2. Nmap simply scans and returns a detailed description of the result.
Nmap-vv 192.168.120.116
3. Nmap custom port scan
Nmap-p21 443 Magi 22 192.168.120.116 (specify discontiguous ports)
Nmap-P100-200 192.168.120.116 (specify contiguous ports)
4. Nmap ping scan (it is very convenient to find out the surviving hosts of a certain network segment)
Nmap-sP 192.168.120.0 ax 24
5. Nmap route tracking
Nmap-traceroute 192.168.120.116
6. Detection of nmap operating system type
Nmap-O 192.168.120.116
7. Nmap comprehensive scan (including port scan, operating system scan, script scan, route trace, service probe)
Nmap-A 192.168.120.116
8. Nmap mixed scan
Nmap-vv-p1-200-O 192.168.120.116
9. Semi-open scanning (fast execution, high efficiency, generally used in cases with more ip)
Nmap-sS 192.168.0.0 Universe 16
10. (for use when png is prohibited by the firewall)
Nmap-P0 192.168.120.116
11 、
Parameter introduction
Nmap-e specifies the network interface
Nmap-v detail output
Nmap-p designated port
Nmap-iR network scan
Nmap-iL scans for ip in files
Nmap-exclude does not scan some ip
Nmap-PO some hosts turn off ping detection, so use this command to skip ping detection and speed up scanning.
Nmap-PS Port (SYN)
Nmap-PU Port (UDP)
Nmap-Pn uses ping scanning to explicitly turn off port scanning for host discovery
Nmap-sn uses ping scan to scan the port. Assuming that the host is up, return the host ip and mac
Nmap-sA sends an ACK packet to the port of the target host, and if you receive a RST packet, the port is not screened by a fire wall. This method can only be used to determine whether the firewall is blocking a port.
Nmap-sS uses SYN scanning and does not need to complete a three-way handshake (hidden scan)
Nmap-sT scans devices with tcp ports open, and tcp scan of the three-way handshake is required
Nmap-sU scan UDP Port
Nmap-sF FIN scan, used to detect the status of the firewall, identify whether the port is closed, easy to miss
Nmap-sV scans the port and software version of the target host
Which ip protocols are supported by the nmap-sO probe host
Nmap-sW window scan to get some port information
Nmap-sP sends ICMP messages to the hosts on the corresponding host side to query which hosts are alive
Nmap-O remote detection operating system and software
Nmap-O-osscan-guess guesses the target operating system version
Nmap-traceroute route trace
Nmap-A comprehensive scan, including 1-10000 port ping scan, operating system scan, script scan, route trace, service probe
Nmap-oN result.txt writes standard output to the specified file
Nmap-oX result.xml writes input in the form of xml
Nmap-oS result.txt writes the output in the form of special symbols, and the content is the same as-oN, except that the font has changed.
Nmap-oG result.txt writes the output in a special format
Nmap-oA will output all formats, with three .xml / .gnmap / .nmap
Nmap-T [0-5] time parameter template
-T0 is used to avoid IDS for a long time
-T1 is used to avoid IDS for a long time
-T2 reduces the scanning speed and scans the target machine with less bandwidth and target host resources
-T3 default mode, not optimized
-T4 accelerates the scanning of the target aircraft on the assumption that the user has a suitable and reliable network
-T5 assumes that users have a better network or are willing to speed up scanning at the expense of accuracy
Nmap-sC automatically invokes the default script based on the port identification service
Nmap-script
Nmap scans by script
Nmap scripts are mainly divided into the following categories, which can be set as needed when scanning-- the script= category is used for general scanning:
Auth: the script responsible for handling authentication certificates (bypassing authentication)
Broadcast: probe more services on the LAN, such as dhcp/dns/sqlserver, etc.
Brute: provides brute force cracking methods for common applications such as http/snmp
Default: default script when scanning with-sC or-An options, providing basic script scanning capabilities
Discovery: perform more information on the network, such as SMB enumeration, SNMP query, etc.
Dos: used for denial of service *
Exploit: exploit known vulnerabilities * system
External: leverage third-party databases or resources, such as whois parsing
Fuzzer: fuzzy test script that sends abnormal packets to the target machine to detect potential vulnerabilities intrusive: * scripts that may trigger the recording or blocking of each other's IDS/IPS
Malware: detect whether the target machine is infected with the virus, open the back door and other information
Safe: this class, contrary to intrusive, is a security script
Version: scripts responsible for enhancing service and version scanning (Version Detection) capabilities
Vuln: responsible for checking whether the target machine has common vulnerabilities (Vulnerability), such as MS08_067
Nmap-script=broadcast-netbios-master-browser 192.168.137.4 Discovery Gateway
Nmap-p 873-- script rsync-brute-- script-args' rsync-brute.module=www' 192.168.137.4 crack rsync
Nmap-script informix-brute-p 9088 192.168.137.4 informix database cracking
Nmap-p 5432-- script pgsql-brute 192.168.137.4 pgsql crack
Nmap-sU-- script snmp-brute 192.168.137.4 snmp crack
Nmap-sV-- script=telnet-brute 192.168.137.4 telnet crack
Nmap-- script=http-vuln-cve2010-0738-- script-args' http-vuln-cve2010-0738.paths = {/ path2/,/path3/} 'jboss autopwn
Nmap-- script=http-methods.nse 192.168.137.4 check http method
Nmap-- script http-slowloris-- max-parallelism 400 192.168.137.4 dos***, is quite good for sites with low processing capacity. 'half-HTTP' connections
Nmap-- script=samba-vuln-cve-2012-1182-p 139 192.168.137.4
Oracle sid scanning
Nmap-- script=oracle-sid-brute-p 1521-1560 192.168.137.5
Oracle weak password cracking
Nmap-- script oracle-brute-p 1521-- script-args oracle-brute.sid=ORCL,userdb=/var/passwd,passdb=/var/passwd 192.168.137.5
List all mysql users
Nmap-p3306-- script=mysql-users.nse-- script-args=mysqluser=root 192.168.137.4
Nmap-- script=mysql-* 192.168.137.4
Scan root empty password
Nmap-p3306-- script=mysql-empty-password.nse 192.168.137.4
Guess the mssql username and password
Nmap-p1433-- script=ms-sql-brute-- script-args=userdb=/var/passwd,passdb=/var/passwd 192.168.137.4
System information
Nmap-n-p445-- script=smb-os-discovery.nse-- script-args=smbuser=test,smbpass=test 192.168.137.4
View session
Nmap-n-p445-- script=smb-enum-sessions.nse-- script-args=smbuser=test,smbpass=test 192.168.137.4
View shared directory
Nmap-p 445-- script smb-ls-- script-args' share=e$,path=\, smbuser=test,smbpass=test' 192.168.137.4
Vnc scan:
Nmap-- script=realvnc-auth-bypass 192.168.137.4
Check the vnc authentication method
Nmap-- script=vnc-auth 192.168.137.4
Get vnc information
Nmap-- script=vnc-info 192.168.137.4
Smb cracking
Nmap-- script=smb-brute.nse 192.168.137.4
Smb dictionary cracking
Nmap-- script=smb-brute.nse-- script-args=userdb=/var/passwd,passdb=/var/passwd 192.168.137.4
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.