安全测试工具Nmap使用小结
更细节的知识请看nmap的manpage,这里主要是解释nmap的一个GTK前端Zenmap中的默认几个扫描命令的选项: intense scan: nmap -T4 -A -v -T<0-5>: Set timing template (higher is faster) -A: Enable OS detection, version detection, script scanning, and traceroute -v: Increase verbosity level (use -vv or more for greater effect) intense scan plus udp: nmap -sS -sU -T4 -A -v -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sU: UDP Scan -sN/sF/sX: TCP Null, FIN, and Xmas scans Intense scan, all TCP ports: nmap -p 1-65535 -T4 -A -v -p <port ranges>: Only scan specified ports Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9 Intense scan, no ping: nmap -T4 -A -v -Pn -Pn: Treat all hosts as online -- skip host discovery Ping scan: nmap -sn 192.168.1.0/24 -sn: Ping Scan - disable port scan 注:这个用来检测一个子网内有多少机器是在线的 Quick scan: nmap -T4 -F -F: Fast mode - Scan fewer ports than the default scan 注:一般默认nmap会扫描常用的1000个端口,当使用-F后变成常用的100个端口 Quick scan plus: nmap -sV -T4 -O -F --version-light -sV: Probe open ports to determine service/version info -O: Enable OS detection --version-light: Limit to most likely probes (intensity 2) 注:probe:探针 intensity:强度 --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
