Nmap Quick Reference Guide

nmap_quick_reference_guide

nmap_quick_reference_guide

nmap_quick_reference_guide

nmap_quick_reference_guide

Hacking%20-%20NMap%20Quick%20Reference%20Guide

User Manual: Pdf

Open the PDF directly: View PDF PDF.
Page Count: 2

SCAN OPTION SUMMARY!
Scan Name!Command
Syntax!
Requires
Privileged
Access!
Identifies
TCP
Ports!
Identifies
UDP
Ports!
"#$!%&'!%()*! -sS &+%! &+%! ',!
"#$!(-**.(/01!%()*! -sT ',! &+%! ',!
23'!%/.)4/5!%()*! -sF &+%! &+%! ',!
67)8!"9..!%/.)4/5!%()*! -sX &+%! &+%! ',!
':44!%/.)4/5!%()*! -sN &+%! &+%! ',!
$;*<!%()*! -sP ',! ',! ',!
=.98;-*!>./.(/;-*! -sV ',! ',! ',!
?>$!%()*! -sU &+%! ',! &+%!
3$!$9-/-(-4!%()*! -sO &+%! ',! ',!
@#A!%()*! -sA &+%! &+%! ',!
B;*C-D!%()*! -sW &+%! &+%! ',!
E$#!%()*! -sR ',! ',! ',!
F;8/!%()*! -sL ',! ',! ',!
3C4.8()*! -sI &+%! &+%! ',!
2"$!G-:*(.!@//)(H! -b ',! &+%! ',!
PING OPTIONS!
3#I$!+(5-!E.J:.8/!$;*<! -PE, -PI
"#$!@#A!$;*<! -PA[portlist], -PT[portlist]
"#$!%&'!$;*<! -PS[portlist]
?>$!$;*<! -PU[portlist]
3#I$!";7.8/)7K!$;*<! -PP
3#I$!@CC9.88!I)8H!$;*<! -PM
>-*L/!$;*<! -P0, -PN, -PD
E.J:;9.!E.M.98.!! -R
>;8)N4.!E.M.98.!>'%! -n
%K.(;OP!>'%!%.9M.98! --dns-servers
HOST AND PORT OPTIONS!
+Q(4:C.!")9<./8! --exclude <host1 [,host2],...>
+Q(4:C.!")9<./8!;*!2;4.! --excludefile <exclude_file>
E.)C!")9<./8!O9-7!2;4.! -iL <inputfilename>
$;(H!E)*C-7!':7N.98!O-9!")9<./8! -iR <num_hosts>
E)*C-7;R.!S-8/8! --randomize_hosts, -rH
'-!E)*C-7!$-9/8! -r
%-:9(.!$-9/! --source-port <portnumber>
%K.(;OP!$9-/-(-4!-9!$-9/!':7N.98! -p <port_range>
2)8/!%()*!I-C.! -F
#9.)/.!>.(-P8! -D <decoy1 [,decoy2][,ME],...>
%-:9(.!@CC9.88! -S <IP_address>
3*/.9O)(.! -e <interface>
F;8/!3*/.9O)(.8! --iflist
LOGGING OPTIONS!
'-97)4!2-97)/! -oN <logfilename>
6IF!2-97)/! -oX <logfilename>
T9.K)N4.!2-97)/! -oG <logfilename>
@44!2-97)/8! -oA <basefilename>
%(9;K/!A;CC;.!2-97)/! -oS <logfilename>
E.8:7.!%()*! --resume <logfilename>
@KK.*C!,:/K:/! --append-output
REAL-TIME INFORMATION OPTIONS!
=.9N-8.!I-C.! --verbose, -v
=.98;-*!"9)(.! --version-trace
$)(H./!"9)(.! --packet-trace
>.N:<!I-C.! --debug, -d
3*/.9)(/;M.!I-C.! --interactive
'-*;*/.9)(/;M.!I-C.! --noninteractive
TUNING AND TIMING OPTIONS!
";7.!/-!F;M.! --ttl
?8.!29)<7.*/.C!3$!$)(H./8! -f, -ff
I)Q;7:7!"9)*87;88;-*!?*;/! --mtu <databytes>
>)/)!F.*</5! --data-length <databytes>
S-8/!";7.-:/! --host-timeout <milliseconds>
3*;/;)4!E-:*C!"9;K!";7.-:/! --initial-rtt-timeout <milliseconds>
I;*;7:7!E-:*C!"9;K!";7.-:/! --min-rtt-timeout <milliseconds>
I)Q;7:7!E-:*C!"9;K!";7.-:/! --max-rtt-timeout <milliseconds>
I)Q;7:7!$)9)44.4!S-8/8!K.9!%()*! --max-hostgroup <number>
I;*;7:7!$)9)44.4!S-8/8!K.9!%()*! --min-hostgroup <number>
I)Q;7:7!$)9)44.4!$-9/!%()*8! --max-parallelism <number>
I;*;7:7!$)9)44.4!$-9/!%()*8! --min-parallelism <number>
I;*;7:7!>.4)P!G./D..*!$9-N.8! --scan-delay <milliseconds>
I)Q;7:7!>.4)P!G./D..*!$9-N.8! --max-scan-delay
";7;*<!$-4;(;.8! --timing, -T<0|1|2|3|4|5>
MISCELLANEOUS OPTIONS!
U:;(H!E.O.9.*(.!%(9..*! --help, -h
'7)K!=.98;-*! --version, -V
>)/)!>;9.(/-9P! --datadir <directory_name>
U:)85!@9<:7.*/!=.(/-9! -q
>.O;*.!#:8/-7!%()*!24)<8! --scanflags <flagval>
0?9;.41!I);7-*!%()*! -sM
3$MV!%:KK-9/! -6
%.*C!G)C!"#$!-9!?>$!#5.(H8:7! --badsum
Copyright © 2007 Professor Messer, LLC, All Rights Reservedhttp://www.ProfessorMesser.com %'#WXYZ!
NMAP
Professor Messer+s Quick Reference Guide to
OPERATING SYSTEM FINGERPRINTING!
,%!2;*<.9K9;*/;*<! -O
F;7;/!%P8/.7!%()**;*<! --osscan-limit
I-9.!T:.88;*<!24.Q;N;4;/P! --osscan-guess, --fuzzy
@CC;/;-*)4[!@CM)*(.C[!)*C!@<<9.88;M.! -A
VERSION DETECTION
=.98;-*!%()*! -sV
>-*L/!+Q(4:C.!@*P!$-9/8! --allports
%./!=.98;-*!3*/.*8;/P! --version-intensity
+*)N4.!=.98;-*!%()**;*<!F;<5/! --version-light
+*)N4.!=.98;-*!%()*!@44! --version-all
RUN-TIME INTERACTIONS!
>;8K4)P!E:*W";7.!S.4K! ?
3*(9.)8.!\!>.(9.)8.!=.9N-8;/P! v / V
3*(9.)8.!\!>.(9.)8.!>.N:<<;*<! d / D
3*(9.)8.!\!>.(9.)8.!$)(H./!"9)(;*<! p / P
@*P!,/5.9!A.P! Print Status


Copyright © 2007 Professor Messer, LLC, All Rights Reservedhttp://www.ProfessorMesser.com SNC-201
TCP SYN SCAN (-sS)
!
Identifying Open Ports with Nmap
TCP connect() SCAN (-sT)
!
TCP FIN SCAN (-sF)
!
TCP XMAS TREE SCAN (-sX)
!
TCP NULL SCAN (-sN)
!
TCP PING SCAN (-sP)
!
VERSION DETECTION SCAN (-sV)
!
UDP SCAN (-sU)
!
TCP ACK SCAN (-sA)
!
IP PROTOCOL SCAN (-sO)
!
TCP WINDOW SCAN (-sW)
!
IDLESCAN (-sI <zombie host:[probeport]>)
!
FTP BOUNCE ATTACK (-b <ftp_relay_host>)
!!
=.98;-*!8()*!;C.*/;O;.8!-K.*!K-9/8!D;/5!)!"#$!%&'!8()*]]]!
]]])*C!/5.*!J:.9;.8!/5.!K-9/!D;/5!)!(:8/-7;R.C!8;<*)/:9.]!
Step 1: Nmap sends a SYN/ACK to the zombie workstation to
induce a RST in return. This RST frame contains the initial IPID
that nmap will remember for later.
Step 2: Nmap sends a SYN frame to the destination address,
but nmap spoofs the IP address to make it seem as if the SYN
frame was sent from the zombie workstation.
Step 3: Nmap repeats the original SYN/ACK probe of the zom-
bie station. If the IPID has incremented, then the port that was
spoofed in the original SYN frame is open on the destination
device.
A closed port will result with the FTP server informing the source station that the FTP server canMt build the connection.
An open port completes the transfer over the specified connection.
NMAP
Professor Messer+s Quick Reference Guide to



Navigation menu