nmap -v scan process
nmap -sS half-open scanning, will not be included in the scan log host, more subtle.
nmap - O Scanning System Information
nmap -sV scan for open ports and version information, MAC
nmap -A -T (0-5) System Information, TCP / IP fingerprint, system information, script detects open port, and the version information, the MAC
Representative scanning -T greater depth level (the smaller the number) scanning depth increases, the longer the time it takes the corresponding
nmap -sn see what LAN devices people use
nmap ip address -p port numbers to scan the specified port
fping -asg + network number within the active scan range IP address
nslookup + domain name query the site's ip address and server name
arping scan the target host has no online
Nmap use the Chinese version of the document
Nmap 7.80 (https://nmap.org) Usage: nmap [Scan Type] [Option]} {target specification target specifications: can pass the host name, IP address, network or the like. For example: scanme.nmap.org, Microsoft.com / 24,192.168.0.1; 10.0.0-255.1-254 -iL <input file name>: from a host / network list input -iR <host number>: selecting a random target - -exclude <host1 [, host2] [ , host3], ...>: exclude the host / network --excludefile <exclude_file>: file exclusion list from the host discovery: -sl: scan lists - lists only to be scanned target -sn: Ping scan - disable port scanning -Pn: All host as online - skip host discovery -PS / PA / PU / PY [port list]: for a given port TCP SYN / ACK, UDP or SCTP We found -PE / PP / PM: ICMP echo, timestamp, and netmask request discovery probes -PO [protocol list]: the IP protocol the Ping -n / -R & lt: never resolve DNS / always resolve [default: sometimes ] - DNS-servers <Serv1 [, serv2], ...>: specify a custom DNS server --system-dns: use the operating system DNS resolver --traceroute: tracking each host to hop path scanning technology: -sS / sT / sA / sW / sM: the SYN the TCP / Connect () / the ACK / the Window / Maimon scan -sU: UDP scanning -sN / sF / the sX: TCP empty, FIN and Xmas scanning --scanflags <flag>: custom TCP scan flag -sI <bots [: probeport]>: idle scan -sY / sZ: SCTP INIT / COOKIE -ECHO scan -sO: IP scan protocol -b <FTP relay host>: scanning the FTP return port and a scan order specification: -p <port range>: scan only a specified port , for example: -p22; -p1-65535; -p the U-: 53,111,137, T: 21-25,80,139,8080, S:. 9 --exclude-the ports <port range>: excluded from the specified port scan -F: fast mode - scanning the port is less than the default scan -R & lt: continuous scan ports - not randomized --top-ports <number>: scan <number> most common ports --port-ratio <ratio>: scan port than <rate> the more common services / release detection: -sV: probe to determine the service port opening / Version Information --version-intensity <level>: set to 0 (light) to 9 (try all probes) --version-Light: the most likely limited to probe (intensity 2) --version-All: every attempt Probe needle (intensity. 9) --version the trace-: show detailed version scan activity (for debugging) script scanning: -sC: equivalent = default --script --script = <the Lua script>: <Lua script> comma separated list of directories, script files or scripts category --script-args = <n1 = v1 , [n2 = v2, ...]>: provide a script parameter --script-args-file = filename: provides file NSE script args --script the trace-: all messages sent and received data --script-updatedb: update database script. --script-help = <Lua script>: Displays help on the script. <Lua script> is a comma-separated list of script file or script category. Operating system detection: -O: Enable OS detection --osscan-limit: The detection limit for the operating system promising targets --osscan-guess: guess more aggressively operating system time and performance: Takes <time> option in seconds, or additionally, "ms" (milliseconds), "S" (seconds), "m" (min) or "h" (h) to a value (e.g., 30m). -T <0-5>: template setting timing (the higher the sooner) --min-Hostgroup / max-Hostgroup <size>: scanning parallel host group size --min-parallelism / max-parallelism < numprobes>: Probe parallelization --min-rtt-timeout / max- rtt-timeout / initial-rtt-timeout < time>: Specifies the probe round-trip time. --max-retries <tries>: limit the number of port scan probe retransmissions. --host-timeout <time>: After a long time Abandonment --scan-delay / -max-scan- delay < time>: adjusting the delay between the probe --min-rate <number>: second packet transmission rate not less than <number> --max-rate <number>: sending data packets per second rate not exceeding <number> firewall / identification dodge and evacuation: -F; --mtu <Val>: minutes packet segment (Alternatively, given with the MTU) -D <decoy1, decoy2 [, the ME], ...> -g / -source-port <port number>: port number given --proxies <url1, [url2], ...>: via HTTP / SOCKS4 proxy relay --data <hexadecimal characters string>: custom payload attached to the data packets sent --data-string <string>: custom ASCII string attached to the data packets sent --data-length <num>: attach to the random data send packets --ip-options <option>: send packets with specified ip options --ttl <val>: set IP time to live field --spoof-mac <mac address / prefix / supplier name>: deception your MAC address --badsum: send with false TCP / UDP / SCTP checksum packets output: -ON / -oX / -os / -oG <file>: ordinary, XML, s | <rIpt kIddi3 , and Grepable format were changed to the given filename. -oA <basename> --iflist: Print host interfaces and routing (for debugging) --append-the Output: Append rather than destroy the specified output file --resume <filename>: Resume Scan suspend the --stylesheet <path / URL>: XSL stylesheets, XML output can be converted to the HTML --webxml: Nmap.Org stylesheet reference, for more portable XML --no this stylesheet-: preventing XSL stylesheets associated with XML output of the MISC: -6: enable IPv6 scanning -A: enabling the operating system detection, version detection, tracking and routing script scanning --datadir <directory name>: specify a custom Nmap data file location --send-eth / -send-ip: the original Ethernet frame, or IP packets are sent --privileged: suppose the user has full privileges --unprivileged: suppose the user lacks raw socket privileges -V: print version number -h: Print this help summary page. Examples: nmap -v -A scanme.nmap.org nmap -v -sn 192.168.0.0/16 10.0.0.0/8 nmap -v -ir 10000 -Pn -p 80 for more options and examples, please see the man page ( https://nmap.org/book/man.html)