Penetration testing tool classification
1) Information collection:
- Port scan: nmap
- Network path: tracert, ping, etc.
Nmap (kali yuanso)
- Nmap is a port scanner that can be used to scan the open ports of specified hosts on the network.
- Nmap supports scripts written in Lua language to implement automated scanning of hosts.
- By scanning the port opening status of a specified host in the network, Nmap can obtain information such as the services it provides, the device type of the host, and the operating system to find possible security risks.
- Nmap can also perform operating system and application version detection, service detection, vulnerability scanning and other functions.
- The graphical version of Nmap is Zenmap, which provides a more friendly graphical interface for user convenience. (I feel that the graphical version is not very useful)
For Nmap scanning methods and command options:
-
Scan the entire subnet: use the command:
nmap 192.168.1.1/24
-
Scan multiple targets: use command:
nmap 192.168.12 192.168.16 192.168.1.5
-
Scan a range of targets: use the command
nmap 192.168.1.11-100
-
TCP SYN scan (sS) semi-open scan: use command
nmap -sS 192.168.1.1
-
TCP connect(sTÿ