nmap command summary
https://www.cnblogs.com/chenqionghe/p/10657722.html
First, what is nmap
nmap is a network detection scanning and host very useful tool, not limited to only collect information and enumeration, and can be used as a security flaw detector or scanner. It can be applied to winodws, linux, mac and other operating systems. Nmap is a very powerful utility that can be used for:
the role of:
- the detection of life on the network host (host discovery)
- Open the detector host port (Port Discovery or enumeration)
- detected the appropriate ports (Service Discovery ) software and version
- detect the operating system, hardware address, and software version
- detection vulnerability vulnerability (nmap script)
Second, the use
NAMP [Scan Type] [scan parameters] [address range of the hosts]
options and parameters:
*** [Scan Type] ***: main scan types are the following categories:
-sT: scanning TCP packet connection established Connect ()
-sS: scanning TCP SYN packets with the data volume label
-sP: scanning in a manner ping
-sU: scanning to the UDP packet format
-sO: the IP protocol (protocol) for scanning the host
[scan parameters]: there are several main scan parameters:
-PT: using ping TCP mode to scan the inside, you can be known there are several computers exists (more common)
-PI: actual use of ping (ICMP with packet) to scan
-p: this is the port range, for example 1024, such as use 80-1023,30000-60000
[Hosts address range]: This is much more fun, there are several similar types
192.168.1.100: HOST IP direct write only, only one check
192.168.1.0/24: C Class is in the form of
192.168. . : Is in the form of B Class, a wide scan range becomes
192.168.1.0-50,60- 100,103,200: this is a modified host range
Third, the common example
1. Use the port default parameters of the machine to scan the enabled (only scanning TCP)
➜ ~ nmap localhost
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https 631/tcp open ipp 873/tcp open rsync 8080/tcp open http-proxy ... Nmap done: 1 IP address (1 host up) scanned in 2.77 seconds
While scanning the machine 2. TCP / UDP port
➜ ~ nmap -sTU localhost
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http ... 68/udp open|filtered dhcpc 631/udp open|filtered ipp ...
3. ICMP packets through the detection, analysis, there are several host-initiated LAN
➜ ~ nmap -sP 192.168.199.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-05 00:13 CST Nmap scan report for Hiwifi.lan (192.168.199.1) Host is up (0.0036s latency). Nmap scan report for yeelink-light-lamp1_miio92822016.lan (192.168.199.103) Host is up (0.0043s latency). Nmap scan report for chenqionghe.lan (192.168.199.141) Host is up (0.0010s latency). Nmap done: 256 IP addresses (3 hosts up) scanned in 1.54 seconds
(3 hosts up) representatives of three hosts are running
4. The host of the plurality of port scan
nmap 192.168.199.0/24
nmap 192.168.1.2 192.168.1.5 nmap 192.168.1.1-100 (扫描IP地址为192.168.1.1-192.168.1.100内的所有主机)
5. Scan specific port
Use Nmap port scan remote machines have a variety of options, you can use the "-P" option to specify the ports you want to scan, nmap scan only the default TCP port.
nmap -p 80 localhost
nmap -p 80,443 localhost
nmap -p 8080-8888 localhost
Four, nmap29 a practical example
1. Use the host name and IP address of the scanning system
CPU name
nmap server2.tecmint.com
IP
nmap 192.168.0.101
2. Scan using the "-v" option
You can see the following command uses the "-v" option is given more detailed information on the remote machine.
nmap -v server2.tecmint.com
3. Scan multiple hosts
After Nmap command with multiple IP addresses or host names to scan multiple hosts.
nmap 192.168.0.101 192.168.0.102 192.168.0.103
4. Scan the whole subnet
You can use the * wildcard to scan an entire subnet or a range of IP addresses
nmap 192.168.0.*
The IP address of the last byte of a multiple scan servers
Specifies the IP address of the last byte of the plurality of IP addresses to be scanned. For example, I scanned the IP address 192.168.0.103 in the implementation and 192.168.0.101,192.168.0.102 below.
nmap 192.168.0.101,102,103
6. From the list of hosts to scan a file
If you need to scan multiple hosts and all hosts information are written in a file, then you can directly read nmap scan the file to execute, let's look at how to do this.
Create a text file named "nmaptest.txt" and define all the IP address or host name of the server you want to scan.
cat > nmaptest.txt
localhost
server2.tecmint.com 192.168.0.101
Next run with "iL" option command nmap to scan all IP addresses listed in the file
nmap -iL nmaptest.txt
7 .. scan a range of IP addresses
nmap 192.168.0.101-110
8. exclude some remote host before scan
When performing network scanning or scan with wildcards You can use the "-exclude" option to exclude certain hosts you do not want to scan.
nmap 192.168.0.* --exclude 192.168.0.100
9. The scanning system operating information and route tracking
Use Nmap, you can detect the operating system and the version running on the remote host. In order to enable OS and version detection, script scanning, and traceroute functions, we can use the NMAP "-A" option.
nmap -A 192.168.0.101
10. Enable OS detection feature of Nmap
Use option "-O" and "-osscan-guess" can also help detect the operating system information.
nmap -O server2.tecmint.com
11. Scan to detect host firewall
The following command will scan the remote host to detect whether the host uses the packet filter or firewall.
nmap -sA 192.168.0.101
12. The host detects if scanning firewall protection
Detecting whether the protection scan host packet filtering firewall or by software.
nmap -PN 192.168.0.101
13. identify network hosts online
Use "-sP" option, we can easily detect online network in which the host, this option skips port scans and other testing.
nmap -sP 192.168.0.*
14. Perform quick scan
You can use the "-F" option to perform a quick scan, while avoiding all other port scanning only listed in the nmap-services file port.
nmap -F 192.168.0.101
15. Review the version of Nmap
nmap -V
Sequential scanning port
Using the "-r" option would not be chosen at random port scan.
nmap -r 192.168.0.101
And a host interface 17. The print route
You can use the "-iflist" option to detect a host interface and routing information of nmap.
nmap --iflist
18. The scanning specific port
Use Nmap port scan remote machines have a variety of options, you can use the "-P" option to specify the ports you want to scan, nmap scan only the default TCP port.
nmap -p 80 server2.tecmint.com
19. TCP port scan
You can specify a particular port type and port number to make nmap scan.
nmap -p T:8888,80 server2.tecmint.com
20. Scanning UDP port
nmap -sU 53 server2.tecmint.com
Scanning a plurality of ports 21
You can also use the option "-P" to scan multiple ports.
nmap -p 80,443 192.168.0.101
22. The ports in the specified range scan
You can use expressions to scan a range of ports.
nmap -p 80-160 192.168.0.101
23. Find Hosting version
nmap -sV 192.168.0.101
24. Use TCP ACK (PA) and TCP Syn (PS) scan a remote host
Sometimes packet filtering firewall blocks standard ICMP ping request, in which case, we can use TCP ACK TCP Syn and methods to scan the remote host.
nmap -PS 192.168.0.101
25. The use of a particular port on a remote host TCP ACK scan
nmap -PA -p 22,80 192.168.0.101
26. The use of a specific port on TCP Syn scanning remote hosts
nmap -PS -p 22,80 192.168.0.101
27. The implementation of a covert scanning
nmap -sS 192.168.0.101
28. The use of TCP Syn scanning the most common ports
nmap -sT 192.168.0.101
29. The implementation of TCP null scan to fool the firewall
nmap -sN 192.168.0.101
First, what is nmap
nmap is a network detection scanning and host very useful tool, not limited to only collect information and enumeration, and can be used as a security flaw detector or scanner. It can be applied to winodws, linux, mac and other operating systems. Nmap is a very powerful utility that can be used for:
the role of:
- the detection of life on the network host (host discovery)
- Open the detector host port (Port Discovery or enumeration)
- detected the appropriate ports (Service Discovery ) software and version
- detect the operating system, hardware address, and software version
- detection vulnerability vulnerability (nmap script)
Second, the use
NAMP [Scan Type] [scan parameters] [address range of the hosts]
options and parameters:
*** [Scan Type] ***: main scan types are the following categories:
-sT: scanning TCP packet connection established Connect ()
-sS: scanning TCP SYN packets with the data volume label
-sP: scanning in a manner ping
-sU: scanning to the UDP packet format
-sO: the IP protocol (protocol) for scanning the host
[scan parameters]: there are several main scan parameters:
-PT: using ping TCP mode to scan the inside, you can be known there are several computers exists (more common)
-PI: actual use of ping (ICMP with packet) to scan
-p: this is the port range, for example 1024, such as use 80-1023,30000-60000
[Hosts address range]: This is much more fun, there are several similar types
192.168.1.100: HOST IP direct write only, only one check
192.168.1.0/24: C Class is in the form of
192.168. . : Is in the form of B Class, a wide scan range becomes
192.168.1.0-50,60- 100,103,200: this is a modified host range
Third, the common example
1. Use the port default parameters of the machine to scan the enabled (only scanning TCP)
➜ ~ nmap localhost
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https 631/tcp open ipp 873/tcp open rsync 8080/tcp open http-proxy ... Nmap done: 1 IP address (1 host up) scanned in 2.77 seconds
While scanning the machine 2. TCP / UDP port
➜ ~ nmap -sTU localhost
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http ... 68/udp open|filtered dhcpc 631/udp open|filtered ipp ...
3. ICMP packets through the detection, analysis, there are several host-initiated LAN
➜ ~ nmap -sP 192.168.199.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-05 00:13 CST Nmap scan report for Hiwifi.lan (192.168.199.1) Host is up (0.0036s latency). Nmap scan report for yeelink-light-lamp1_miio92822016.lan (192.168.199.103) Host is up (0.0043s latency). Nmap scan report for chenqionghe.lan (192.168.199.141) Host is up (0.0010s latency). Nmap done: 256 IP addresses (3 hosts up) scanned in 1.54 seconds
(3 hosts up) representatives of three hosts are running
4. The host of the plurality of port scan
nmap 192.168.199.0/24
nmap 192.168.1.2 192.168.1.5 nmap 192.168.1.1-100 (扫描IP地址为192.168.1.1-192.168.1.100内的所有主机)
5. Scan specific port
Use Nmap port scan remote machines have a variety of options, you can use the "-P" option to specify the ports you want to scan, nmap scan only the default TCP port.
nmap -p 80 localhost
nmap -p 80,443 localhost
nmap -p 8080-8888 localhost
Four, nmap29 a practical example
1. Use the host name and IP address of the scanning system
CPU name
nmap server2.tecmint.com
IP
nmap 192.168.0.101
2. Scan using the "-v" option
You can see the following command uses the "-v" option is given more detailed information on the remote machine.
nmap -v server2.tecmint.com
3. Scan multiple hosts
After Nmap command with multiple IP addresses or host names to scan multiple hosts.
nmap 192.168.0.101 192.168.0.102 192.168.0.103
4. Scan the whole subnet
You can use the * wildcard to scan an entire subnet or a range of IP addresses
nmap 192.168.0.*
The IP address of the last byte of a multiple scan servers
Specifies the IP address of the last byte of the plurality of IP addresses to be scanned. For example, I scanned the IP address 192.168.0.103 in the implementation and 192.168.0.101,192.168.0.102 below.
nmap 192.168.0.101,102,103
6. From the list of hosts to scan a file
If you need to scan multiple hosts and all hosts information are written in a file, then you can directly read nmap scan the file to execute, let's look at how to do this.
Create a text file named "nmaptest.txt" and define all the IP address or host name of the server you want to scan.
cat > nmaptest.txt
localhost
server2.tecmint.com 192.168.0.101
Next run with "iL" option command nmap to scan all IP addresses listed in the file
nmap -iL nmaptest.txt
7 .. scan a range of IP addresses
nmap 192.168.0.101-110
8. exclude some remote host before scan
When performing network scanning or scan with wildcards You can use the "-exclude" option to exclude certain hosts you do not want to scan.
nmap 192.168.0.* --exclude 192.168.0.100
9. The scanning system operating information and route tracking
Use Nmap, you can detect the operating system and the version running on the remote host. In order to enable OS and version detection, script scanning, and traceroute functions, we can use the NMAP "-A" option.
nmap -A 192.168.0.101
10. Enable OS detection feature of Nmap
Use option "-O" and "-osscan-guess" can also help detect the operating system information.
nmap -O server2.tecmint.com
11. Scan to detect host firewall
The following command will scan the remote host to detect whether the host uses the packet filter or firewall.
nmap -sA 192.168.0.101
12. The host detects if scanning firewall protection
Detecting whether the protection scan host packet filtering firewall or by software.
nmap -PN 192.168.0.101
13. identify network hosts online
Use "-sP" option, we can easily detect online network in which the host, this option skips port scans and other testing.
nmap -sP 192.168.0.*
14. Perform quick scan
You can use the "-F" option to perform a quick scan, while avoiding all other port scanning only listed in the nmap-services file port.
nmap -F 192.168.0.101
15. Review the version of Nmap
nmap -V
Sequential scanning port
Using the "-r" option would not be chosen at random port scan.
nmap -r 192.168.0.101
And a host interface 17. The print route
You can use the "-iflist" option to detect a host interface and routing information of nmap.
nmap --iflist
18. The scanning specific port
Use Nmap port scan remote machines have a variety of options, you can use the "-P" option to specify the ports you want to scan, nmap scan only the default TCP port.
nmap -p 80 server2.tecmint.com
19. TCP port scan
You can specify a particular port type and port number to make nmap scan.
nmap -p T:8888,80 server2.tecmint.com
20. Scanning UDP port
nmap -sU 53 server2.tecmint.com
Scanning a plurality of ports 21
You can also use the option "-P" to scan multiple ports.
nmap -p 80,443 192.168.0.101
22. The ports in the specified range scan
You can use expressions to scan a range of ports.
nmap -p 80-160 192.168.0.101
23. Find Hosting version
nmap -sV 192.168.0.101
24. Use TCP ACK (PA) and TCP Syn (PS) scan a remote host
Sometimes packet filtering firewall blocks standard ICMP ping request, in which case, we can use TCP ACK TCP Syn and methods to scan the remote host.
nmap -PS 192.168.0.101
25. The use of a particular port on a remote host TCP ACK scan
nmap -PA -p 22,80 192.168.0.101
26. The use of a specific port on TCP Syn scanning remote hosts
nmap -PS -p 22,80 192.168.0.101
27. The implementation of a covert scanning
nmap -sS 192.168.0.101
28. The use of TCP Syn scanning the most common ports
nmap -sT 192.168.0.101
29. The implementation of TCP null scan to fool the firewall
nmap -sN 192.168.0.101