понедельник, 28 мая 2012 г.

Приемчики Nmap


Как про сканировать определённый порт?

nmap -PN -p 22 192.168.0.109 - сканировать порт

Сканировать Диапазон Портов:

$ nmap -p 80-1000 192.168.1.1

Сканировать Все Порты:

$ nmap -p "*" 192.168.1.1

nmap -sP 192.168.2.1/24 - быстро сканировать подсеть

nmap -sL -n 192.168.1.0/30
-----------------------
just check network reachebility

nmap -sn 192.168.1.0/24

Here are some of the most common and important port scanning commands:

  • Default Scan: A basic nmap <target> command will scan the 1,000 most common TCP ports. This is a great starting point for most situations.

    • nmap 192.168.1.1

  • TCP SYN Scan (Stealth Scan): The -sS flag performs a "half-open" scan. It sends a SYN packet to the target, and if a SYN/ACK is received, it immediately sends a RST (reset) packet instead of completing the full three-way handshake. This is often the fastest and most popular scan type as it is less likely to be logged by the target.

    • nmap -sS <target>

  • TCP Connect Scan: The -sT flag tells Nmap to perform a full TCP three-way handshake. This is a less stealthy method, but it is reliable and is used by default if you don't have the necessary privileges (e.g., as root on a Unix-like system) to perform a SYN scan.

    • nmap -sT <target>

  • UDP Scan: The -sU flag is used to scan UDP ports. This is often slower than TCP scanning because UDP is a connectionless protocol. A port is considered "open" if a response is received, and "closed" if an "ICMP port unreachable" error is returned.

    • nmap -sU <target>

  • Scanning Specific Ports: You can specify the ports you want to scan with the -p flag.

    • Scan a single port: nmap -p 80 <target>

    • Scan a range of ports: nmap -p 1-1024 <target>

    • Scan a list of ports: nmap -p 22,80,443 <target>

    • Scan all 65,535 ports: nmap -p- <target>

  • Fast Scan: The -F flag scans the 100 most common ports, which can significantly speed up your scan.

    • nmap -F <target>

  • Aggressive Scan: The -A flag enables a suite of advanced and aggressive options, including OS detection (-O), version detection (-sV), script scanning (-sC), and traceroute. This can provide a lot of information but takes more time.

    • nmap -A <target>