0x 01 Nmap introduction
Nmap is a security tool used for network discovery and security auditing, and is often used for port scanning.
Usage: nmap [scan type] [parameter] target IP
1. Scan Type
-sT TCP connection scan, will record a large number of link requests and error messages in the target host
-sS SYN scan, only complete the first two times of the three-way handshake, rarely log in the system, it is used by default and requires root (admin) permissions
-sP Ping scan, used by default, will continue to scan only if Ping is successful
-P0 does not need Ping before scanning, it is used to bypass the firewall and prohibit Ping function
-sA advanced scanning method, used to pass through the firewall rule set
-sV detects the port number version
-sU UDP scan, scan the UDP service opened by the host, the speed is slow, the result is unreliable
-sX -sN secret FIN packet scanning, Christmas tree (Xmas Tree) and empty mode, for Unix and Linux hosts, the system requirements follow the TCP RFC document
2. Scan parameters
-v shows the scanning process, recommended
-h help documentation
-p specifies the port number, such as [1-65535], [22,135,1433,3306,] and other formats
-O start remote operating system monitoring, there is false alarm
-A comprehensive system monitoring, using script detection, scanning, etc.
-T4 prohibits dynamic scan delay for TCP ports exceeding 10ms
-iL batch scan, read the host list, such as [-iL C:\ip.txt]
0x 02 scan case
1. Scan C segment (LAN) for surviving hosts
nmap -sP www.XXX.com/24
nmap -sP 192.168.1.* (Note: "*" is a wildcard)
2. Scan the specified IP open port number
nmap -sS -p- -v 192.168.1.100
-p- is full port scan, same as [1-65535], recommended
Do not use the default 100 port numbers that Nmap considers dangerous
3. Scan the port and service version of the specified IP
nmap -sV -v 192.168.1.100
4. Detect the host operating system
nmap -O www.XXX.com
Scanning accuracy is displayed as a percentage, which may not be accurate
5. Scan through firewalls
nmap -P0 www.XXX.com
6. Comprehensive detection, -A includes OS detection, version detection, script scanning, traceroute
nmap -A www.XXX.com
7. Scan using scripts,
nmap --script="script name" www.XXX.com
Such as scanning the Conficker worm on the LAN
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 192.168.0.1-254
The script is placed in the Nmap installation directory script, and the official website can check each script function
"Transfer" Internet security blog address www.cnblogs.com/anka9080