1, nmap scanning parameters used and described
-sT TCP connect () scan, in this way a large number of records and a link request message in the destination host error log
-sS scan half-open, few systems that can be recorded in the system log to
-sF -sN password FIN packet scanning, Xmas Tree, Null scan mode
-sP ping scan, nmap port scan in, using the default ping sweeps, nmap only surviving host will continue to scan
-sU UDP scanning
-sA commonly used through the firewall rule set
-sV probe port service version
-P0 not need to use the ping command before scanning
-v display scan
-h help option
-p port specify the
remote operating system detection -O enable
comprehensive monitoring system -A
-ON / - oX / -oG report written to the file
-T4 for TCP port disable dynamic scan delay of more than 10ms
-iL read the list of hosts
2, scanning open ports designated ip
nmap -p 1-65535 -sS -v 192.168.1.109
3, scan www.xxx.com C segment inventory host
-sP www.xxx.com/24 nmap
4, designated port scanning
nmap -p 80,1542,22 www.xxx.com
5, the host operating system detection
nmap -O www.xxx.com
6, a comprehensive system to detect
nmap - -v www.xxx.com a
nmap scanning default risk host port 1000, if the need for a comprehensive detection port, is necessary to add "-p 1-65535"
. 7, through the firewall to detect
nmap -Pn -A www.xxx.com
8, the scanning sensitivity WEB directory
nmap -p-enum.nse HTTP = 80 --script www.xxx.com
. 9, SQL injection vulnerability scanning
nmap -p = 80 --script injection.nse www.xxx.com SQL-
10, All scripts are scanned using
nmap --script All www.xxx.com
11, use wildcards to scan
nmap --script "http- *" www.xxx.com