当前位置:网站首页>【Try to Hack】nmap

【Try to Hack】nmap

2022-06-22 00:27:00 Happy star

Blog home page : Happy star The blog home page of
Series column :Try to Hack
Welcome to focus on the likes collection ️ Leaving a message.
Starting time :2022 year 6 month 21 Japan
The author's level is very limited , If an error is found , Please let me know , thank !

A lot of content comes from This article , Only for your own study

Navigation assistant

nmap summary

nmap Is a free and open network scanning and sniffing toolkit , Also called network mapper .

The main function :
1、 Detect live hosts
2、 Probe the system type and open port of the remote host
3、 Scan certain ports on a particular host
4、 Comprehensive scanning of specific hosts
5、 Scan the port of a protocol separately

nmap Command format
nmap [ Scan type … ] [ General options ] { Scan target description }

Scan type

command function
-sTTCP connect() scanning , This is the most basic TCP Scanning mode . This kind of scan is easy to detect , A large number of connection requests and error messages will be recorded in the log of the target host . Default scan type
-sSTCP Synchronous scanning (TCP SYN), Because you don't have to open all of them TCP Connect , So this technique is often called half open scanning (half-open). The biggest advantage of this technology is , Very few systems can log this . however , You need root Permission to customize SYN Data packets .
-sF,-sX,-sN Secret FIN Packet scanning 、 christmas tree (Xmas Tree)、 empty (Null) Scanning mode . The theory behind these scans is : The closed port needs to respond to your probe packet RST package , The open port must ignore the problem package
-sPping scanning , use ping How to check which hosts are running on the network . When the host is blocked ICMP echo The request package is ping The scan is invalid .nmap In any case ping scanning , Only the target host is running , For subsequent scans .
-sFFIN Scan to detect the status of firewall , Used to identify whether the port is open
-sU If you want to know what's available on a host UDP( User datagram protocol ,RFC768) service , You can use this option .
-sAACK scanning , This advanced scanning method can usually be used to go through firewalls .
-sW Swipe window scan , Very similar to ACK Scan .
-sRRPC scanning , Combined with other different port scanning methods .
-bFTP Rebound attack (bounce attack), Connect to one behind the firewall FTP The server acts as an agent , Then we do a port scan .

General options

command function
-P0 Before scanning , No ping host .
-PT Before scanning , Use TCP ping Determine which hosts are running .
-PS about root user , This option makes nmap Use SYN Bag instead of ACK Package to scan the target host .
-PI Set this option , Give Way nmap Use the real ping(ICMP echo request ) To scan whether the target host is running .
-PB This is the default ping Scanning options . It USES ACK(-PT) and ICMP(-PI) The two scan types are scanned in parallel . If the firewall can filter one of the packets , Using this method , You can go through the firewall .
-O This option activates the right TCP/IP Fingerprint features (fingerprinting) Scan , Get the flag of the remote host , That's the operating system type .
-v Redundancy mode . This option is highly recommended , It gives the details of the scanning process .
-f Using fragments IP Packet sending SYN、FIN、XMAS、NULL. Packet filter is added to the packet filter 、 The difficulty of intrusion detection system , Make it impossible to know what you're trying to do .
-T Scanning speed 0~5;0 and 1 Slow scan , Can be used to avoid WAF and IDS;3 Is the default
-sV Open services and service versions of the detection range
-A Comprehensive system testing 、 Enable script detection 、 Scanning, etc , port ping scanning , Operating system scan , Script scan , Route tracking , Service detection
-SC Scan with default script

Scan target description

command function
-iL filename from filename Read the scanned target in the file .
-iR Give Way nmap I randomly select the host for scanning .
-p port This option allows you to select the range of port numbers to scan . Such as :-p 20-30,139,60000. -p- Scan all ports , Equate to -p0-65535
-exclude Exclude the specified host .
-exclude filename Exclude hosts from the specified file .
-F Quick scan port ( Scan only the most commonly used 100 Ports )
--top-ports Scan those with high openness 1000 Ports , The default option

Script scan

command function
-sC Use the default script to scan ,-A The default script scan will also be used
--script=auth Apply weak password detection to the target host
--script==brute To the database 、SMB、SNMP And so on
--script==vuln Scan for leaks , Whether there are common vulnerabilities

Detect live hosts

nmap -sP 192.168.1.1/24
/24 representative 192.168.1.1-192.168.1.255

nmap -sP 192.168.1.1/16
/16 representative 192.168.11-192.168.255.255

nmap -sP 192.168.1.1-100
Means scan 192.168.1.1 At the beginning 100 Console host

Probe the system type and open port of the remote host

nmap -sS -P0 -sV -O -A -v The goal is
nmap -sS -sV -O -p 1-65535 Japanese sign
·nmap -sS -sC -p -T4 1-65535 The goal is

-A ≈ -sV + -O

原网站

版权声明
本文为[Happy star]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/173/202206212250075981.html

边栏推荐

猜你喜欢

随机推荐