kali - Nmap
Nmap,也就是Network Mapper,最早是Linux下的网络扫描和工具包。nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端。确定哪些服务运行在哪些连接端,并且推断计算机运行哪个操作系统(这是亦称 fingerprinting)。它是网络管理员必用的软件之一,以及用以评估网络系统安全。
可以是探测一组主机是否在线;其次是扫描主机端口,所提供的网络服务;还可以推断主机所用的操作系统 。
官方中文文档地址:http://www.nmap.com.cn/
Nmap使用其实特别简单,只需咋需要下输入nmap +目标地址就可以执行扫描任务,
nmap -参数 ip
- sn 探测扫描主机, 不进行端口扫描
- sT是TCP扫描,但是很容易被检测到,所以目标主机会记下来你的ip哟
- sS是SYN扫描,很隐蔽。
- sU 是UDP扫描
5、 sV #系统版本检测
6、 O #操作系统识别
下面是完整的nmap的help
Nmap 7.80 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:Can pass hostnames, IP addresses, networks, etc.Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254-iL <inputfilename>: Input from list of hosts/networks-iR <num hosts>: Choose random targets--exclude <host1[,host2][,host3],...>: Exclude hosts/networks--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:-sL: List Scan - simply list targets to scan-sn: Ping Scan - disable port scan-Pn: Treat all hosts as online -- skip host discovery-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes-PO[protocol list]: IP Protocol Ping-n/-R: Never do DNS resolution/Always resolve [default: sometimes]--dns-servers <serv1[,serv2],...>: Specify custom DNS servers--system-dns: Use OS's DNS resolver--traceroute: Trace hop path to each host
SCAN TECHNIQUES:-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans-sU: UDP Scan-sN/sF/sX: TCP Null, FIN, and Xmas scans--scanflags <flags>: Customize TCP scan flags-sI <zombie host[:probeport]>: Idle scan-sY/sZ: SCTP INIT/COOKIE-ECHO scans-sO: IP protocol scan-b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:-p <port ranges>: Only scan specified portsEx: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9--exclude-ports <port ranges>: Exclude the specified ports from scanning-F: Fast mode - Scan fewer ports than the default scan-r: Scan ports consecutively - don't randomize--top-ports <number>: Scan <number> most common ports--port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:-sV: Probe open ports to determine service/version info--version-intensity <level>: Set from 0 (light) to 9 (try all probes)--version-light: Limit to most likely probes (intensity 2)--version-all: Try every single probe (intensity 9)--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:-sC: equivalent to --script=default--script=<Lua scripts>: <Lua scripts> is a comma separated list ofdirectories, script-files or script-categories--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts--script-args-file=filename: provide NSE script args in a file--script-trace: Show all data sent and received--script-updatedb: Update the script database.--script-help=<Lua scripts>: Show help about scripts.<Lua scripts> is a comma-separated list of script-files orscript-categories.
OS DETECTION:-O: Enable OS detection--osscan-limit: Limit OS detection to promising targets--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:Options which take <time> are in seconds, or append 'ms' (milliseconds),'s' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).-T<0-5>: Set timing template (higher is faster)--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes--min-parallelism/max-parallelism <numprobes>: Probe parallelization--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifiesprobe round trip time.--max-retries <tries>: Caps number of port scan probe retransmissions.--host-timeout <time>: Give up on target after this long--scan-delay/--max-scan-delay <time>: Adjust delay between probes--min-rate <number>: Send packets no slower than <number> per second--max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:-f; --mtu <val>: fragment packets (optionally w/given MTU)-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys-S <IP_Address>: Spoof source address-e <iface>: Use specified interface-g/--source-port <portnum>: Use given port number--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies--data <hex string>: Append a custom payload to sent packets--data-string <string>: Append a custom ASCII string to sent packets--data-length <num>: Append random data to sent packets--ip-options <options>: Send packets with specified ip options--ttl <val>: Set IP time-to-live field--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,and Grepable format, respectively, to the given filename.-oA <basename>: Output in the three major formats at once-v: Increase verbosity level (use -vv or more for greater effect)-d: Increase debugging level (use -dd or more for greater effect)--reason: Display the reason a port is in a particular state--open: Only show open (or possibly open) ports--packet-trace: Show all packets sent and received--iflist: Print host interfaces and routes (for debugging)--append-output: Append to rather than clobber specified output files--resume <filename>: Resume an aborted scan--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML--webxml: Reference stylesheet from Nmap.Org for more portable XML--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:-6: Enable IPv6 scanning-A: Enable OS detection, version detection, script scanning, and traceroute--datadir <dirname>: Specify custom Nmap data file location--send-eth/--send-ip: Send using raw ethernet frames or IP packets--privileged: Assume that the user is fully privileged--unprivileged: Assume the user lacks raw socket privileges-V: Print version number-h: Print this help summary page.
EXAMPLES:nmap -v -A scanme.nmap.orgnmap -v -sn 192.168.0.0/16 10.0.0.0/8nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
kali - Nmap相关推荐
- ★Kali信息收集★8.Nmap :端口扫描
Kali信息收集~ 0.Httrack 网站复制机 http://www.cnblogs.com/dunitian/p/5061954.html Kali信息收集~ 1.Google Hacking ...
- kali、nmap扫描
kali 实际上它就是一个预安装了很多安全工具的Debian Linux [root@zzgrhel8 ~]# tkali rese kali reset OK. 该虚拟机系统用户名为:kali,密码 ...
- 0904、kali、使用john破解密码、nmap扫描、抓包、安全加固、Linux加固
security 文章目录 security 一.kali nmap扫描 二.使用john破解密码 三.抓包 四.安全加固 1.nginx安全 2.拒绝某些类型的请求 3.防止缓冲区溢出 五.Linu ...
- Kail Linux渗透测试教程之网络扫描和嗅探工具Nmap
Kail Linux渗透测试教程之网络扫描和嗅探工具Nmap 网络扫描和嗅探工具--Nmap Nmap也就网络映射器(Network Mapper),是一个免费开放的网络扫描和嗅探工具.该工具可以扫描 ...
- Nmap中文手册浅析
索引目录: Nmap五大基本功能 Nmap -h(中文手册) 目标说明 主机发现 端口扫描技术 端口说明和扫描顺序 服务和版本检测 操作系统检测 时间和性能 防火墙/IDS躲避和欺骗 输出 其它选项 ...
- 端口扫描神器 - Nmap的基本使用
搜索公众号:白帽子左一,领配套练手靶场,全套安全课程及工具 一.Nmap简介 Nmap是一款网络扫描和主机检测的非常有用的工具. 可以用于收集信息和枚举,同时可以用来作为一个漏洞探测器或安全扫描器. ...
- 信息收集之基础端口扫描《诸神之眼——Nmap网络安全审计技术揭秘》总结一
端口扫描 <诸神之眼--Nmap网络安全审计技术揭秘>总结 手动端口扫描 Nmap Nmap的基本操作 活跃主机发现技术 基于ARP协议的活跃主机发现技术 基于ICMP协议的活跃主机发现技 ...
- Kali渗透测试之端口扫描1——UDP、TCP、僵尸扫描、隐蔽扫描
端口扫描 每个服务器上面都会跑很多应用,每个应用都会侦听某些端口,通过侦听端口接收来自客户端或其他用户对应用程序的访问.所以在发现目标主机存活后,我们需要知道目标主机上都开放了那些端口,应用程序的漏洞 ...
- 网络安全与渗透:kali系统,namp端口扫描(一)此生无悔入华夏,男儿何不带吴钩
中华人民共和国网络安全法 阅读本文前,请熟读并遵守中华人民共和国网络安全法: http://gkhy.jiujiang.gov.cn/zwgk_228/jc/zcwj/202006/P02020061 ...
最新文章
- keil添加hal库_使用Keil uVision5创建stm32 hal库项目过程
- Springboot中mongodb的使用
- Ubuntu虚拟机磁盘扩容+VM虚拟机开机多出1分30秒的解决方案(终极教程)
- ActiveReports报表控件教程之单元格合并
- 安装配置Collabnet_Subversion
- Java学习-设计模式-单例模式
- Excel如何将多个工作簿数据合并到一起
- ROS从入门到精通3-5:blender机器人模型定制皮肤贴图
- 批准此iphone 前往已登录iCloud的其他设备来批准这台iPhone
- 营养学和计算机交叉,营养配餐系统综述
- 【图像去噪】基于非局部均值(NLM)滤波图像去噪含Matlab源码
- 改变ros bag 中消息的frame_id 和话题名
- 前序遍历,中序遍历,后序遍历详解
- 【视频异常检测-论文阅读】Anomaly Detection in Video via Self-Supervised and Multi-Task Learning
- Svelte 实现 keypress 快捷键功能
- 如何利用本地硬盘装系统?教你快速装系统
- 【经验分享】CASS无法框选的解决方案
- 建筑工程设计总体要求
- i18n调用自己参数_i18n国际化的例子
- 回首8102,展望9102
热门文章
- h5 bootstrap 小程序模板_一道面试题小程序与H5的区别
- deepin卸载了python_Deepin-Linux下python卸载与安装(失败的折腾)
- window连接不上linux ftp_xftp怎么连linux,教你xftp怎么连linux
- css样式命名规则(仅供参考)
- bug最后汇总-2018/08/03
- 20162303 2016-2017-2 《程序设计与数据结构》第五周学习总结
- TensorFlow安装-windows系统
- jquery 判断手势滑动方向(上下左右)
- 【Java】 Thinking in Java 4.8 练习9
- UIDevice通知,键盘通知