Nmap参数详解

资料出处：http://blog.csdn.net/heimian/article/details/7080739

Requisites: Nmap

Step 1: Open up the console and type:
nmap
It will give you the whole commands of nmap.
But we are here to understanding the commands so we should go ahead.

Here is the cheatsheet of NMAP.

BASIC SCANNING TECHNIQUES

GoalcommandexampleScan a Single Targetnmap [target]nmap 192.168.0.1Scan Multiple Targetsnmap [target1, target2, etc]nmap 192.168.0.1 192.168.0.2Scan a List of Targetsnmap -iL [list.txt]nmap -iL targets.txtScan a Range of Hostsnmap [range of ip addresses]nmap 192.168.0.1-10Scan an Entire Subnetnmap [ip address/cdir]nmap 192.168.0.1/24Scan Random Hostsnmap -iR [number]nmap -iR 0Excluding Targets from a Scannmap [targets] –exclude [targets]nmap 192.168.0.1/24 –exclude 192.168.0.100, 192.168.0.200Excluding Targets Using a Listnmap [targets] –excludefile [list.txt]nmap 192.168.0.1/24 –excludefile notargets.txtPerform an Aggressive Scannmap -A [target]nmap -A 192.168.0.1Scan an IPv6 Targetnmap -6 [target]nmap -6 1aff:3c21:47b1:0000:0000:0000:0000:2afe

DISCOVERY OPTIONS

GoalcommandexamplePerform a Ping Only Scannmap -sP [target]nmap -sP 192.168.0.1Don’t Pingnmap -PN [target]nmap -PN 192.168.0.1TCP SYN Pingnmap -PS [target]nmap -PS 192.168.0.1TCP ACK Pingnmap -PA [target]nmap -PA 192.168.0.1UDP Pingnmap -PU [target]nmap -PU 192.168.0.1SCTP INIT Pingnmap -PY [target]nmap -PY 192.168.0.1ICMP Echo Pingnmap -PE [target]nmap -PE 192.168.0.1ICMP Timestamp Pingnmap -PP [target]nmap -PP 192.168.0.1ICMP Address Mask Pingnmap -PM [target]nmap -PM 192.168.0.1IP Protocol Pingnmap -PO [target]nmap -PO 192.168.0.1ARP Pingnmap -PR [target]nmap -PR 192.168.0.1Traceroutenmap –traceroute [target]nmap –traceroute 192.168.0.1Force Reverse DNS Resolutionnmap -R [target]nmap -R 192.168.0.1Disable Reverse DNS Resolutionnmap -n [target]nmap -n 192.168.0.1Alternative DNS Lookupnmap –system-dns [target]nmap –system-dns 192.168.0.1Manually Specify DNS Server(s)nmap –dns-servers [servers] [target]nmap –dns-servers 201.56.212.54 192.168.0.1Create a Host Listnmap -sL [targets]nmap -sL 192.168.0.1/24

ADVANCED SCANNING OPTIONS

GoalcommandexampleTCP SYN Scannmap -sS [target]nmap -sS 192.168.0.1TCP Connect Scannmap -sT [target]nmap -sT 192.168.0.1UDP Scannmap -sU [target]nmap -sU 192.168.0.1TCP NULL Scannmap -sN [target]nmap -sN 192.168.0.1TCP FIN Scannmap -sF [target]nmap -sF 192.168.0.1Xmas Scannmap -sX [target]nmap -sX 192.168.0.1TCP ACK Scannmap -sA [target]nmap -sA 192.168.0.1Custom TCP Scannmap –scanflags [flags] [target]nmap –scanflags SYNFIN 192.168.0.1IP Protocol Scannmap -sO [target]nmap -sO 192.168.0.1Send Raw Ethernet Packetsnmap –send-eth [target]nmap –send-eth 192.168.0.1Send IP Packetsnmap –send-ip [target]nmap –send-ip 192.168.0.1

PORT SCANNING OPTIONS

GoalcommandexamplePerform a Fast Scannmap -F [target]nmap -F 192.168.0.1Scan Specific Portsnmap -p [port(s)] [target]nmap -p 21-25,80,139,8080 192.168.1.1Scan Ports by Namenmap -p [port name(s)] [target]nmap -p ftp,http* 192.168.0.1Scan Ports by Protocolnmap -sU -sT -p U:[ports],T:[ports] [target]nmap -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.0.1Scan All Portsnmap -p ‘*’ [target]nmap -p ‘*’ 192.168.0.1Scan Top Portsnmap –top-ports [number] [target]nmap –top-ports 10 192.168.0.1Perform a Sequential Port Scannmap -r [target]nmap -r 192.168.0.1

VERSION DETECTION

GoalcommandexampleOperating System Detectionnmap -O [target]nmap -O 192.168.0.1Submit TCP/IP Fingerprintswww.nmap.org/submit/ Attempt to Guess an Unknown OSnmap -O –osscan-guess [target]nmap -O –osscan-guess 192.168.0.1Service Version Detectionnmap -sV [target]nmap -sV 192.168.0.1Troubleshooting Version Scansnmap -sV –version-trace [target]nmap -sV –version-trace 192.168.0.1Perform a RPC Scannmap -sR [target]nmap -sR 192.168.0.1

TIMING OPTIONS

GoalcommandexampleTiming Templatesnmap -T[0-5] [target]nmap -T3 192.168.0.1Set the Packet TTLnmap –ttl [time] [target]nmap –ttl 64 192.168.0.1Minimum # of Parallel Operationsnmap –min-parallelism [number] [target]nmap –min-parallelism 10 192.168.0.1Maximum # of Parallel Operationsnmap –max-parallelism [number] [target]nmap –max-parallelism 1 192.168.0.1Minimum Host Group Sizenmap –min-hostgroup [number] [targets]nmap –min-hostgroup 50 192.168.0.1Maximum Host Group Sizenmap –max-hostgroup [number] [targets]nmap –max-hostgroup 1 192.168.0.1Maximum RTT Timeoutnmap –initial-rtt-timeout [time] [target]nmap –initial-rtt-timeout 100ms 192.168.0.1Initial RTT Timeoutnmap –max-rtt-timeout [TTL] [target]nmap –max-rtt-timeout 100ms 192.168.0.1Maximum Retriesnmap –max-retries [number] [target]nmap –max-retries 10 192.168.0.1Host Timeoutnmap –host-timeout [time] [target]nmap –host-timeout 30m 192.168.0.1Minimum Scan Delaynmap –scan-delay [time] [target]nmap –scan-delay 1s 192.168.0.1Maximum Scan Delaynmap –max-scan-delay [time] [target]nmap –max-scan-delay 10s 192.168.0.1Minimum Packet Ratenmap –min-rate [number] [target]nmap –min-rate 50 192.168.0.1Maximum Packet Ratenmap –max-rate [number] [target]nmap –max-rate 100 192.168.0.1Defeat Reset Rate Limitsnmap –defeat-rst-ratelimit [target]nmap –defeat-rst-ratelimit 192.168.0.1

FIREWALL EVASION TECHNIQUES

GoalcommandexampleFragment Packetsnmap -f [target]nmap -f 192.168.0.1Specify a Specific MTUnmap –mtu [MTU] [target]nmap –mtu 32 192.168.0.1Use a Decoynmap -D RND:[number] [target]nmap -D RND:10 192.168.0.1Idle Zombie Scannmap -sI [zombie] [target]nmap -sI 192.168.0.38 192.168.0.1Manually Specify a Source Portnmap –source-port [port] [target]nmap –source-port 1025 192.168.0.1Append Random Datanmap –data-length [size] [target]nmap –data-length 20 192.168.0.1Randomize Target Scan Ordernmap –randomize-hosts [target]nmap –randomize-hosts 192.168.0.1-20Spoof MAC Addressnmap –spoof-mac [MAC|0|vendor] [target]nmap –spoof-mac Cisco 192.168.0.1Send Bad Checksumsnmap –badsum [target]nmap –badsum 192.168.0.1

OUTPUT OPTIONS

GoalcommandexampleSave Output to a Text Filenmap -oN [scan.txt] [target]nmap -oN scan.txt 192.168.0.1Save Output to a XML Filenmap -oX [scan.xml] [target]nmap -oX scan.xml 192.168.0.1Grepable Outputnmap -oG [scan.txt] [targets]nmap -oG scan.txt 192.168.0.1Output All Supported File Typesnmap -oA [path/filename] [target]nmap -oA ./scan 192.168.0.1Periodically Display Statisticsnmap –stats-every [time] [target]nmap –stats-every 10s 192.168.0.1133t Outputnmap -oS [scan.txt] [target]nmap -oS scan.txt 192.168.0.1

TROUBLESHOOTING AND DEBUGGING

GoalcommandexampleGetting Helpnmap -hnmap -hDisplay Nmap Versionnmap -Vnmap -VVerbose Outputnmap -v [target]nmap -v 192.168.0.1Debuggingnmap -d [target]nmap -d 192.168.0.1Display Port State Reasonnmap –reason [target]nmap –reason 192.168.0.1Only Display Open Portsnmap –open [target]nmap –open 192.168.0.1Trace Packetsnmap –packet-trace [target]nmap –packet-trace 192.168.0.1Display Host Networkingnmap –iflistnmap –iflistSpecify a Network Interfacenmap -e [interface] [target]nmap -e eth0 192.168.0.1

NMAP SCRIPTING ENGINE

GoalcommandexampleExecute Individual Scriptsnmap –script [script.nse] [target]nmap –script banner.nse 192.168.0.1Execute Multiple Scriptsnmap –script [expression] [target]nmap –script ‘http-*’ 192.168.0.1Script Categoriesall, auth, default, discovery, external, intrusive, malware, safe, vuln Execute Scripts by Categorynmap –script [category] [target]nmap –script ‘not intrusive’ 192.168.0.1Execute Multiple Script Categoriesnmap –script [category1,category2,etc]nmap –script ‘default or safe’ 192.168.0.1Troubleshoot Scriptsnmap –script [script] –script-trace [target]nmap –script banner.nse –script-trace 192.168.0.1Update the Script Databasenmap –script-updatedbnmap –script-updatedb

Thank you all for reading the post. Thanks Adi bhaiya.