在Nmap 还没有出现的日子里,用Hping 实现idel scan 那么麻烦,到了Nmap 这里一行命令就搞定了。nmap -PN -sI zombie target #Idle scan
我最常用的倒是最简单的, -sP ping only scan,找一个网段内哪些IP还能用,然后登记几个到我名下用。
-
Agreesive Scan -A
-
Don’t Ping -PN #scanning hosts that are protected by a firewall that blocks ping probes
-
Perform a Ping Only Scan -sP
-
TCP SYN Ping -PS
-
TCP ACK Ping -PA
-
UDP Ping -PU
-
SCTP INIT Ping -PY #SCTP is typically used on systems for IP based telephony
-
ICMP Echo Ping -PE
-
ICMP Timestamp Ping -PP
-
ICMP Address Mask Ping -PM
-
IP Protocol Ping -PO #with no protocols are specified,1 (ICMP), 2 (IGMP), and 4 (IP-in-IP) are used.
-
ARP Ping -PR
-
Traceroute --traceroute
-
Force Reverse DNS Resolution -R
-
Disable Reverse DNS Resolution -n
-
Alternative DNS Lookup --system-dns
-
Manually Specify DNS Server(s) --dns-servers
-
Create a Host List -sL
-
TCP SYN Scan -sS #default scan
-
TCP Connect Scan -sT
-
UDP Scan -sU
-
nmap –sU –data-length=value target
-
TCP NULL Scan -sN #Does not set any bits (TCP flag header is 0).
-
TCP FIN Scan -sF #Sets just the TCP FIN bit.
-
Xmas Scan -sX #Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.
-
TCP ACK Scan -sA #ACK scan probe packet has only the ACK flag set (unless you use –scanflags).
-
nmap -sA --scanflags=3 #
-
TCP Windows Scan -sW #
-
TCP Maimon Scan -sM #
-
Custom TCP Scan --scanflags
-
IP Protocol Scan -sO
-
Send Raw Ethernet Packets --send-eth
-
Send IP Packets --send-ip
-
Operating System Detection -O
-
Attempt to Guess an Unknown OS --osscan-guess
-
Service Version Detection -sV
-
Perform a RPC Scan --version-trace
-
Troubleshooting Version Scans -sR
阅读(1404) | 评论(0) | 转发(0) |