|
# nmap -a -t4 scanme nmap
|
Page | 1/3 | Date | 14.02.2022 | Size | 116 Kb. | | #58225 |
| 4.1.Port Scanning nmap - Fyodor (www.insecure.org)
- Network Mapper
- Port scanner
- OS fingerprinter
- Scans a particular target for all open ports
- Very invasive and very powerful
nmap Uses - Network exploration tool and port scanner
- Security audits
- Network inventory
- Upgrade schedules
- Monitoring host/service uptime
- # nmap -A -T4 scanme.nmap.org playground
- Starting nmap ( http://www.insecure.org/nmap/ )
- Interesting ports on scanme.nmap.org (205.217.153.62):
- (The 1663 ports scanned but not shown below are in state: filtered)
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
- 53/tcp open domain
- 70/tcp closed gopher
- 80/tcp open http Apache httpd 2.0.52 ((Fedora))
- 113/tcp closed auth
- Device type: general purpose
- Running: Linux 2.4.X|2.5.X|2.6.X
- OS details: Linux 2.4.7 - 2.6.11, Linux 2.6.0 - 2.6.11
- Uptime 33.908 days (since Thu Jul 21 03:38:03 2005)
- Interesting ports on playground.nmap.org (192.168.0.40):
- (The 1659 ports scanned but not shown below are in state: closed)
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 389/tcp open ldap?
- 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
- 1002/tcp open windows-icfw?
- 1025/tcp open msrpc Microsoft Windows RPC
- 1720/tcp open H.323/Q.931 CompTek AquaGateKeeper
- 5800/tcp open vnc-http RealVNC 4.0 (Resolution 400x250; VNC TCP port: 5900)
- 5900/tcp open vnc VNC (protocol 3.8)
- MAC Address: 00:A0:CC:63:85:4B (Lite-on Communications)
- Device type: general purpose
- Running: Microsoft Windows NT/2K/XP
- OS details: Microsoft Windows XP Pro RC1+ through final release
- Service Info: OSs: Windows, Windows XP
- Nmap finished: 2 IP addresses (2 hosts up) scanned in 88.392 seconds
- # nmap
- Usage: nmap [Scan Type(s)] [Options] {target specification}
- TARGET SPECIFICATION:
- Can pass hostnames, IP addresses, networks, etc.
- Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
- -Nmap 3.95 ( http://www.insecure.org/nmap/ )
- iL : Input from list of hosts/networks
- -iR : Choose random targets
- --exclude : Exclude hosts/networks
- --excludefile : Exclude list from file
- HOST DISCOVERY:
- -sL: List Scan - simply list targets to scan
- -sP: Ping Scan - go no further than determining if host is online
- -P0: Treat all hosts as online -- skip host discovery
- -PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports
- -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
- -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
- SCAN TECHNIQUES:
- -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
- -sN/sF/sX: TCP Null, FIN, and Xmas scans
- --scanflags : Customize TCP scan flags
- -sI : Idlescan
- -sO: IP protocol scan
- -b : FTP bounce scan
- PORT SPECIFICATION AND SCAN ORDER:
- -p
: Only scan specified ports - Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
- -F: Fast - Scan only the ports listed in the nmap-services file)
- -r: Scan ports consecutively - don't randomize
- nmap Options Summary and Syntax
- SERVICE/VERSION DETECTION:
- -sV: Probe open ports to determine service/version info
- --version_light: Limit to most likely probes for faster identification
- --version_all: Try every single probe for version detection
- --version_trace: Show detailed version scan activity (for debugging)
- OS DETECTION:
- -O: Enable OS detection
- --osscan_limit: Limit OS detection to promising targets
- --osscan_guess: Guess OS more aggressively
- TIMING AND PERFORMANCE:
- -T[0-5]: Set timing template (higher is faster)
- --min_hostgroup/max_hostgroup : Parallel host scan group sizes
- --min_parallelism/max_parallelism : Probe parallelization
- --min_rtt_timeout/max_rtt_timeout/initial_rtt_timeout : Specifies
- probe round trip time.
- --host_timeout : Give up on target after this long
- --scan_delay/--max_scan_delay : Adjust delay between probes
- FIREWALL/IDS EVASION AND SPOOFING:
- -f; --mtu : fragment packets (optionally w/given MTU)
- -D : Cloak a scan with decoys
- -S : Spoof source address
- -e : Use specified interface
- -g/--source_port
: Use given port number - --data_length : Append random data to sent packets
- --ttl : Set IP time-to-live field
- --spoof_mac : Spoof your MAC address
- OUTPUT:
- -oN/-oX/-oS/-oG : Output scan in normal, XML, s|
- and Grepable format, respectively, to the given filename.
- -oA : Output in the three major formats at once
- -v: Increase verbosity level (use twice for more effect)
- -d[level]: Set or increase debugging level (Up to 9 is meaningful)
- --packet_trace: Show all packets sent and received
- --iflist: Print host interfaces and routes (for debugging)
- --append_output: Append to rather than clobber specified output files
- --resume : Resume an aborted scan
- --stylesheet
: XSL stylesheet to transform XML output to HTML - --webxml: Reference stylesheet from Insecure.Org for more portable XML
- --no_stylesheet: Prevent associating of XSL stylesheet w/XML output
- MISC:
- -6: Enable IPv6 scanning
- -A: Enables OS detection and Version detection
- --datadir : Specify custom Nmap data file location
- --send_eth/--send_ip: Send using raw ethernet frames or IP packets
- --privileged: Assume that the user is fully privileged
- -V: Print version number
- -h: Print this help summary page.
- EXAMPLES:
- nmap -v -A scanme.nmap.org
- nmap -v -sP 192.168.0.0/16 10.0.0.0/8
- nmap -v -iR 10000 -P0 -p 80
- SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES
Share with your friends: |
The database is protected by copyright ©ininet.org 2024
send message
|
|