[Reprint] nmap nmap Command Summary Command Summary

Others 2019-12-10 08:58:00 views: null

nmap command summary

  
https://www.cnblogs.com/chenqionghe/p/10657722.html

 

First, what is nmap

nmap is a network detection scanning and host very useful tool, not limited to only collect information and enumeration, and can be used as a security flaw detector or scanner. It can be applied to winodws, linux, mac and other operating systems. Nmap is a very powerful utility that can be used for:
the role of:
- the detection of life on the network host (host discovery)
- Open the detector host port (Port Discovery or enumeration)
- detected the appropriate ports (Service Discovery ) software and version
- detect the operating system, hardware address, and software version
- detection vulnerability vulnerability (nmap script)

Second, the use

NAMP [Scan Type] [scan parameters] [address range of the hosts]
options and parameters:
*** [Scan Type] ***: main scan types are the following categories:
-sT: scanning TCP packet connection established Connect ()
-sS: scanning TCP SYN packets with the data volume label
-sP: scanning in a manner ping
-sU: scanning to the UDP packet format
-sO: the IP protocol (protocol) for scanning the host
[scan parameters]: there are several main scan parameters:
-PT: using ping TCP mode to scan the inside, you can be known there are several computers exists (more common)
-PI: actual use of ping (ICMP with packet) to scan
-p: this is the port range, for example 1024, such as use 80-1023,30000-60000

[Hosts address range]: This is much more fun, there are several similar types

192.168.1.100: HOST IP direct write only, only one check
192.168.1.0/24: C Class is in the form of
192.168. .  : Is in the form of B Class, a wide scan range becomes
192.168.1.0-50,60- 100,103,200: this is a modified host range

Third, the common example

1. Use the port default parameters of the machine to scan the enabled (only scanning TCP)

➜ ~ nmap localhost
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https 631/tcp open ipp 873/tcp open rsync 8080/tcp open http-proxy ... Nmap done: 1 IP address (1 host up) scanned in 2.77 seconds

While scanning the machine 2. TCP / UDP port

➜ ~ nmap -sTU localhost
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http ... 68/udp open|filtered dhcpc 631/udp open|filtered ipp ...

3. ICMP packets through the detection, analysis, there are several host-initiated LAN

➜ ~ nmap -sP 192.168.199.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-05 00:13 CST Nmap scan report for Hiwifi.lan (192.168.199.1) Host is up (0.0036s latency). Nmap scan report for yeelink-light-lamp1_miio92822016.lan (192.168.199.103) Host is up (0.0043s latency). Nmap scan report for chenqionghe.lan (192.168.199.141) Host is up (0.0010s latency). Nmap done: 256 IP addresses (3 hosts up) scanned in 1.54 seconds

(3 hosts up) representatives of three hosts are running

4. The host of the plurality of port scan

nmap 192.168.199.0/24
nmap 192.168.1.2 192.168.1.5 nmap 192.168.1.1-100 (扫描IP地址为192.168.1.1-192.168.1.100内的所有主机)

5. Scan specific port

Use Nmap port scan remote machines have a variety of options, you can use the "-P" option to specify the ports you want to scan, nmap scan only the default TCP port.

nmap -p 80 localhost
nmap -p 80,443 localhost
nmap -p 8080-8888 localhost

Four, nmap29 a practical example

English original

1. Use the host name and IP address of the scanning system

CPU name

nmap server2.tecmint.com

IP

nmap 192.168.0.101

2. Scan using the "-v" option

You can see the following command uses the "-v" option is given more detailed information on the remote machine.

nmap -v server2.tecmint.com

3. Scan multiple hosts

After Nmap command with multiple IP addresses or host names to scan multiple hosts.

nmap 192.168.0.101 192.168.0.102 192.168.0.103

4. Scan the whole subnet

You can use the * wildcard to scan an entire subnet or a range of IP addresses

nmap 192.168.0.*

The IP address of the last byte of a multiple scan servers

Specifies the IP address of the last byte of the plurality of IP addresses to be scanned. For example, I scanned the IP address 192.168.0.103 in the implementation and 192.168.0.101,192.168.0.102 below.

nmap 192.168.0.101,102,103

6. From the list of hosts to scan a file

If you need to scan multiple hosts and all hosts information are written in a file, then you can directly read nmap scan the file to execute, let's look at how to do this.
Create a text file named "nmaptest.txt" and define all the IP address or host name of the server you want to scan.

 cat > nmaptest.txt 
localhost
server2.tecmint.com 192.168.0.101

Next run with "iL" option command nmap to scan all IP addresses listed in the file

nmap -iL nmaptest.txt

7 .. scan a range of IP addresses

nmap 192.168.0.101-110

8. exclude some remote host before scan

When performing network scanning or scan with wildcards You can use the "-exclude" option to exclude certain hosts you do not want to scan.

 nmap 192.168.0.* --exclude 192.168.0.100

9. The scanning system operating information and route tracking

Use Nmap, you can detect the operating system and the version running on the remote host. In order to enable OS and version detection, script scanning, and traceroute functions, we can use the NMAP "-A" option.

nmap -A 192.168.0.101

10. Enable OS detection feature of Nmap

Use option "-O" and "-osscan-guess" can also help detect the operating system information.

nmap -O server2.tecmint.com

11. Scan to detect host firewall

The following command will scan the remote host to detect whether the host uses the packet filter or firewall.

nmap -sA 192.168.0.101

12. The host detects if scanning firewall protection

Detecting whether the protection scan host packet filtering firewall or by software.

nmap -PN 192.168.0.101

13. identify network hosts online

Use "-sP" option, we can easily detect online network in which the host, this option skips port scans and other testing.

nmap -sP 192.168.0.*

14. Perform quick scan

You can use the "-F" option to perform a quick scan, while avoiding all other port scanning only listed in the nmap-services file port.

nmap -F 192.168.0.101

15. Review the version of Nmap

nmap -V

Sequential scanning port

Using the "-r" option would not be chosen at random port scan.

nmap -r 192.168.0.101

And a host interface 17. The print route

You can use the "-iflist" option to detect a host interface and routing information of nmap.

nmap --iflist

18. The scanning specific port

Use Nmap port scan remote machines have a variety of options, you can use the "-P" option to specify the ports you want to scan, nmap scan only the default TCP port.

nmap -p 80 server2.tecmint.com

19. TCP port scan

You can specify a particular port type and port number to make nmap scan.

 nmap -p T:8888,80 server2.tecmint.com

20. Scanning UDP port

nmap -sU 53 server2.tecmint.com

Scanning a plurality of ports 21

You can also use the option "-P" to scan multiple ports.

nmap -p 80,443 192.168.0.101

22. The ports in the specified range scan

You can use expressions to scan a range of ports.

nmap -p 80-160 192.168.0.101

23. Find Hosting version

nmap -sV 192.168.0.101

24. Use TCP ACK (PA) and TCP Syn (PS) scan a remote host

Sometimes packet filtering firewall blocks standard ICMP ping request, in which case, we can use TCP ACK TCP Syn and methods to scan the remote host.

nmap -PS 192.168.0.101

25. The use of a particular port on a remote host TCP ACK scan

 nmap -PA -p 22,80 192.168.0.101

26. The use of a specific port on TCP Syn scanning remote hosts

nmap -PS -p 22,80 192.168.0.101

27. The implementation of a covert scanning

nmap -sS 192.168.0.101

28. The use of TCP Syn scanning the most common ports

nmap -sT 192.168.0.101

29. The implementation of TCP null scan to fool the firewall

nmap -sN 192.168.0.101
 
Category:  Linux

First, what is nmap

nmap is a network detection scanning and host very useful tool, not limited to only collect information and enumeration, and can be used as a security flaw detector or scanner. It can be applied to winodws, linux, mac and other operating systems. Nmap is a very powerful utility that can be used for:
the role of:
- the detection of life on the network host (host discovery)
- Open the detector host port (Port Discovery or enumeration)
- detected the appropriate ports (Service Discovery ) software and version
- detect the operating system, hardware address, and software version
- detection vulnerability vulnerability (nmap script)

Second, the use

NAMP [Scan Type] [scan parameters] [address range of the hosts]
options and parameters:
*** [Scan Type] ***: main scan types are the following categories:
-sT: scanning TCP packet connection established Connect ()
-sS: scanning TCP SYN packets with the data volume label
-sP: scanning in a manner ping
-sU: scanning to the UDP packet format
-sO: the IP protocol (protocol) for scanning the host
[scan parameters]: there are several main scan parameters:
-PT: using ping TCP mode to scan the inside, you can be known there are several computers exists (more common)
-PI: actual use of ping (ICMP with packet) to scan
-p: this is the port range, for example 1024, such as use 80-1023,30000-60000

[Hosts address range]: This is much more fun, there are several similar types

192.168.1.100: HOST IP direct write only, only one check
192.168.1.0/24: C Class is in the form of
192.168. .  : Is in the form of B Class, a wide scan range becomes
192.168.1.0-50,60- 100,103,200: this is a modified host range

Third, the common example

1. Use the port default parameters of the machine to scan the enabled (only scanning TCP)

➜ ~ nmap localhost
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https 631/tcp open ipp 873/tcp open rsync 8080/tcp open http-proxy ... Nmap done: 1 IP address (1 host up) scanned in 2.77 seconds

While scanning the machine 2. TCP / UDP port

➜ ~ nmap -sTU localhost
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http ... 68/udp open|filtered dhcpc 631/udp open|filtered ipp ...

3. ICMP packets through the detection, analysis, there are several host-initiated LAN

➜ ~ nmap -sP 192.168.199.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-05 00:13 CST Nmap scan report for Hiwifi.lan (192.168.199.1) Host is up (0.0036s latency). Nmap scan report for yeelink-light-lamp1_miio92822016.lan (192.168.199.103) Host is up (0.0043s latency). Nmap scan report for chenqionghe.lan (192.168.199.141) Host is up (0.0010s latency). Nmap done: 256 IP addresses (3 hosts up) scanned in 1.54 seconds

(3 hosts up) representatives of three hosts are running

4. The host of the plurality of port scan

nmap 192.168.199.0/24
nmap 192.168.1.2 192.168.1.5 nmap 192.168.1.1-100 (扫描IP地址为192.168.1.1-192.168.1.100内的所有主机)

5. Scan specific port

Use Nmap port scan remote machines have a variety of options, you can use the "-P" option to specify the ports you want to scan, nmap scan only the default TCP port.

nmap -p 80 localhost
nmap -p 80,443 localhost
nmap -p 8080-8888 localhost

Four, nmap29 a practical example

English original

1. Use the host name and IP address of the scanning system

CPU name

nmap server2.tecmint.com

IP

nmap 192.168.0.101

2. Scan using the "-v" option

You can see the following command uses the "-v" option is given more detailed information on the remote machine.

nmap -v server2.tecmint.com

3. Scan multiple hosts

After Nmap command with multiple IP addresses or host names to scan multiple hosts.

nmap 192.168.0.101 192.168.0.102 192.168.0.103

4. Scan the whole subnet

You can use the * wildcard to scan an entire subnet or a range of IP addresses

nmap 192.168.0.*

The IP address of the last byte of a multiple scan servers

Specifies the IP address of the last byte of the plurality of IP addresses to be scanned. For example, I scanned the IP address 192.168.0.103 in the implementation and 192.168.0.101,192.168.0.102 below.

nmap 192.168.0.101,102,103

6. From the list of hosts to scan a file

If you need to scan multiple hosts and all hosts information are written in a file, then you can directly read nmap scan the file to execute, let's look at how to do this.
Create a text file named "nmaptest.txt" and define all the IP address or host name of the server you want to scan.

 cat > nmaptest.txt 
localhost
server2.tecmint.com 192.168.0.101

Next run with "iL" option command nmap to scan all IP addresses listed in the file

nmap -iL nmaptest.txt

7 .. scan a range of IP addresses

nmap 192.168.0.101-110

8. exclude some remote host before scan

When performing network scanning or scan with wildcards You can use the "-exclude" option to exclude certain hosts you do not want to scan.

 nmap 192.168.0.* --exclude 192.168.0.100

9. The scanning system operating information and route tracking

Use Nmap, you can detect the operating system and the version running on the remote host. In order to enable OS and version detection, script scanning, and traceroute functions, we can use the NMAP "-A" option.

nmap -A 192.168.0.101

10. Enable OS detection feature of Nmap

Use option "-O" and "-osscan-guess" can also help detect the operating system information.

nmap -O server2.tecmint.com

11. Scan to detect host firewall

The following command will scan the remote host to detect whether the host uses the packet filter or firewall.

nmap -sA 192.168.0.101

12. The host detects if scanning firewall protection

Detecting whether the protection scan host packet filtering firewall or by software.

nmap -PN 192.168.0.101

13. identify network hosts online

Use "-sP" option, we can easily detect online network in which the host, this option skips port scans and other testing.

nmap -sP 192.168.0.*

14. Perform quick scan

You can use the "-F" option to perform a quick scan, while avoiding all other port scanning only listed in the nmap-services file port.

nmap -F 192.168.0.101

15. Review the version of Nmap

nmap -V

Sequential scanning port

Using the "-r" option would not be chosen at random port scan.

nmap -r 192.168.0.101

And a host interface 17. The print route

You can use the "-iflist" option to detect a host interface and routing information of nmap.

nmap --iflist

18. The scanning specific port

Use Nmap port scan remote machines have a variety of options, you can use the "-P" option to specify the ports you want to scan, nmap scan only the default TCP port.

nmap -p 80 server2.tecmint.com

19. TCP port scan

You can specify a particular port type and port number to make nmap scan.

 nmap -p T:8888,80 server2.tecmint.com

20. Scanning UDP port

nmap -sU 53 server2.tecmint.com

Scanning a plurality of ports 21

You can also use the option "-P" to scan multiple ports.

nmap -p 80,443 192.168.0.101

22. The ports in the specified range scan

You can use expressions to scan a range of ports.

nmap -p 80-160 192.168.0.101

23. Find Hosting version

nmap -sV 192.168.0.101

24. Use TCP ACK (PA) and TCP Syn (PS) scan a remote host

Sometimes packet filtering firewall blocks standard ICMP ping request, in which case, we can use TCP ACK TCP Syn and methods to scan the remote host.

nmap -PS 192.168.0.101

25. The use of a particular port on a remote host TCP ACK scan

 nmap -PA -p 22,80 192.168.0.101

26. The use of a specific port on TCP Syn scanning remote hosts

nmap -PS -p 22,80 192.168.0.101

27. The implementation of a covert scanning

nmap -sS 192.168.0.101

28. The use of TCP Syn scanning the most common ports

nmap -sT 192.168.0.101

29. The implementation of TCP null scan to fool the firewall

nmap -sN 192.168.0.101

Guess you like

Origin www.cnblogs.com/jinanxiaolaohu/p/12004558.html
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com