Home >Operation and Maintenance >Safety >How to use the network security audit tool Nmap
1. Software download
https://nmap.org/download.html
2. Scan IP
nmap 192.168.1.10 #Scan single IP
nmap 192.168.1.10-100 way way way way way out way out way out way out out out out out out way outole way out wayoleole way wayoleole way wayole way way way way way way out right Out out out out out out out out out out out off ’ it t ’ s ? #Scan the entire network segment
nmap -iL list.txt #Scan based on the file list
#list.txt
192.168.1.20
192.168.1.21
NMAP -IR 3#Randomly scan 3 IP
Nmap 192.168.1.10-100 -EXClude 192.168.1.20#Excluding specified IP
## NMAP 192.168.1.1/24 --excludefilelelele list. txt #Remove excluded IP from the filenmap -A 192.168.1.10 #-A integrates most useful scanning commands -o Used to identify remote operating systems -sC Used to run the default script scan-Pn #Ping No No need to ping to scan-sP #simple Ping #Simple Ping
-PS #Scan with ping
- PA # ACK Protocol
-PY #CTP Protocol
--traceroute IP #Routing process
-R #DNS reverse query
nmap --dns-servers 202.103.24.68 192.168.1.10 #Specify DNS server
nmap -sL 192.168.1/24 #Get the host list quickly
-iL
SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans --scanflags
--port-ratio
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=
directories, script-files or script-categories
--script-args=
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=
script-categories.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup
--min-parallelism/max-parallelism
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout
probe round trip time.
--max-retries
--host-timeout
--scan-delay/--max-scan-delay
--min-rate
--max-rate
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu
-D
-S
-e
-g/--source-port
--proxies
--data
--data-string
--data-length
--ip-options
--ttl
--spoof-mac
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG and Grepable format, respectively, to the given filename. -oA -v: Increase verbosity level (use -vv or more for greater effect) -d: Increase debugging level (use -dd or more for greater effect) --reason: Display the reason a port is in a particular state --open: Only show open (or possibly open) ports --packet-trace: Show all packets sent and received --iflist: Print host interfaces and routes (for debugging) --append-output: Append to rather than clobber specified output files --resume --stylesheet --webxml: Reference stylesheet from Nmap.Org for more portable XML --no-stylesheet: Prevent associating of XSL stylesheet w/XML output MISC: -6: Enable IPv6 scanning -A: Enable OS detection, version detection, script scanning, and traceroute --datadir
--send-eth/--send-ip: Send using raw ethernet frames or IP packets 隐藏IP --privileged: Assume that the user is fully privileged --unprivileged: Assume the user lacks raw socket privileges -V: Print version number -h: Print this help summary page. EXAMPLES: nmap -v -A scanme.nmap.org nmap -v -sn 192.168.0.0/16 10.0.0.0/8 nmap -v -iR 10000 -Pn -p 80 The above is the detailed content of How to use the network security audit tool Nmap. For more information, please follow other related articles on the PHP Chinese website!