mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-10 05:34:12 +00:00
Updating the NMAP cheat sheet
This commit is contained in:
Omar Santos
GitHub
parent
9d52fb87b9
commit
06dbb48456
1 changed files with 41 additions and 0 deletions
|
|
@ -27,6 +27,16 @@ If no port range is specified, Nmap scans the 1,000 most popular ports.
|
|||
- Open/Filtered: This indicates that the port was filtered or open but Nmap couldn’t establish the state.
|
||||
- Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn’t establish the state.
|
||||
|
||||
## Scan Types
|
||||
|
||||
-`-sn`: Probe only (host discovery, not port scan)
|
||||
-`-sS`: SYN Scan
|
||||
-`-sT`: TCP Connect Scan
|
||||
-`-sU`: UDP Scan
|
||||
-`-sV`: Version Scan
|
||||
-`-O`: Used for OS Detection/fingerprinting
|
||||
-`--scanflags`: Sets custom list of TCP using `URG ACK PSH RST SYN FIN` in any order
|
||||
|
||||
## Probing Options
|
||||
|
||||
- `-Pn`: Don't probe (assume all hosts are up)
|
||||
|
|
@ -36,6 +46,25 @@ If no port range is specified, Nmap scans the 1,000 most popular ports.
|
|||
- `-PP`: Using ICMP Timestamp Request
|
||||
- `-PM`: Using ICMP Netmask Request
|
||||
|
||||
## Timing Options
|
||||
`-T0` (Paranoid): Very slow, used for IDS evasion
|
||||
`-T1` (Sneaky): Quite slow, used for IDS evasion
|
||||
`-T2` (Polite): Slows down to consume less bandwidth, runs ~10 times slower than default
|
||||
`-T3` (Normal): Default, a dynamic timing model based on target responsiveness
|
||||
`-T4` (Aggressive): Assumes a fast and reliable network and may overwhelm targets
|
||||
`-T5` (Insane): Very aggressive; will likely overwhelm targets or miss open ports
|
||||
|
||||
## Fine-Grained Timing Options
|
||||
|
||||
`--min-hostgroup/max-hostgroup <size> `: Parallel host scan group sizes
|
||||
`--min-parallelism/max-parallelism <numprobes>`: Probes parallelization
|
||||
`--min-rtt-timeout/max-rtttimeout/initial-rtt-timeout <time>`: Specifies probe round trip time.
|
||||
`--max-retries <tries>`: Caps number of port scan probe retransmissions.
|
||||
`--host-timeout <time>`: Gives up on target after this long
|
||||
`--scan-delay/--max-scan-delay <time>`: Adjusts delay between probes
|
||||
`--min-rate <number>`: Send packets no slower than `<number>` per second
|
||||
`--max-rate <number>`: Send packets no faster than `<number>` per second
|
||||
|
||||
## Nmap Scripting Engine
|
||||
|
||||
The full list of Nmap Scripting Engine scripts: http://nmap.org/nsedoc/
|
||||
|
|
@ -91,4 +120,16 @@ The most common Nmap scripting engine categories:
|
|||
- version: Measure the version of software or protocols on the target hosts.
|
||||
- vul: Measure whether target systems have a known vulnerability.
|
||||
|
||||
## Output Options
|
||||
|
||||
`-oN`: Standard Nmap output
|
||||
`-oG`: Greppable format
|
||||
`-oX`: XML format
|
||||
`-oA`: <basename> Generate Nmap, Greppable, and XML output files using basename for files
|
||||
|
||||
## Additional Options
|
||||
|
||||
`-n`: Disables reverse IP address lookups
|
||||
`-6`: Uses IPv6 only
|
||||
`-A`: Uses several features, including OS Detection, Version Detection, Script Scanning (default), and traceroute
|
||||
`--reason`: Displays the reason Nmap thinks that the port is open, closed, or filtered
|
||||
|
|
|
|||
Loading…
Reference in a new issue