SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan -->This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each
specified protocol on the target machine. If we receive an ICMP protocol unreachable
message, then the protocol is not in use. Otherwise we assume it is open.
-b <FTP relay host>: FTP bounce scan
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
FIREWALL/IDS EVASION AND SPOOFING: -f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
--adler32: Use deprecated Adler32 instead of CRC32C for SCTP checksums
MISC: -6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
Timing and Performance:
-T paranoid|sneaky|polite|normal|aggressive|insane (Set a timing template)
1)Scans scanme.nmap.org enabling OS detection and Version detection, Script scanning and Traceroute, also set timing template to 4
nmap -A -T4 scanme.nmap.org playground
2)Launches a stealth SYN scan against each machine that is up out of the 255 machines on "class C" network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.
nmap -sS -O scanme.nmap.org/24
3)nmap -v scanme.nmap.org
4)nmap -v -A scanme.nmap.org
5)
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan -->This method is used to determine which IP protocols are supported on a host. The technique is to send raw IP packets without any further protocol header to each
specified protocol on the target machine. If we receive an ICMP protocol unreachable
message, then the protocol is not in use. Otherwise we assume it is open.
-b <FTP relay host>: FTP bounce scan
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
FIREWALL/IDS EVASION AND SPOOFING: -f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
--adler32: Use deprecated Adler32 instead of CRC32C for SCTP checksums
MISC: -6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
Timing and Performance:
-T paranoid|sneaky|polite|normal|aggressive|insane (Set a timing template)
1)Scans scanme.nmap.org enabling OS detection and Version detection, Script scanning and Traceroute, also set timing template to 4
nmap -A -T4 scanme.nmap.org playground
2)Launches a stealth SYN scan against each machine that is up out of the 255 machines on "class C" network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.
nmap -sS -O scanme.nmap.org/24
3)nmap -v scanme.nmap.org
4)nmap -v -A scanme.nmap.org
5)
No comments:
Post a Comment