Nmap
NMAP(Network Mapper)is a free and open source utility for network discovery and security auditing.
Scan Types
-sT: TCP
-sS: SYN
-sA: ACK
-sU: UDP
-sR: RPC
-sP: ICMP
-sn: Disable port scan, usually for ping scanning
|
I usually use these commands, but the bad sides are time consuming and huge amount of requests.
nmap -sS -sV -Pn -vv -p- -A -T4 -O <target>
nmap -sS -sC -sV -oA <NAME>.tcp <target> -v
nmap -sU -sS -sC -sV -oA <NAME>.udp <target> -v
|
Output
-oN <File>
-oX <XML File>
-oG <filespec>
|
Grep Reference
-T Options
-
-T0: One port at a time.
-
-T1: 15 seconds RTT.
-
-T2: 0.4 seconds between each requests. Comparing with default option, it uses less bandwidthes and makes less pressures to the servers.
-
-T3: Default options, this includes thread scanning.
-
-T4: If the server is capable, it increases the scanning speed accrodingly.
-
-T5: It sacrifies the accuracy in exchange of the maximum scanning speed.
Tips
--host-timeout: usually set to 18000--scan-delay: usually set to 1000-S: set source address for obsecurity- Output Beautify
sudo apt install xsltproc
xsltproc -o ip.htm beautiful.xsl ip.xml
|
./nmapAutomator <target> All
|
Yujian
Yujian High Speed Port Scanner (Code: czne).
ATTENTION: default threading is too high.
Features
- The fastest scanner in the worlds. It is capable to scan all the ports in 3 minutes.
- Comparing with Nmap, it is much faster. It uses asynchronous transmission and stateless scanning.
- A complete TCP connection is not established. A
RST packet will be sent once it receives a SYN/ACK packet. (Exception for --banners option)
- Nmap needs to record the status of TCP/IP, and the TCP/IP connection that OS can handle at the same time is only up to about 1500.
masscan --ping 28.41.0.0/16 --rate 1000000 # Ping scans for probing
masscan -iL tmp_scanip_list.tmp -p1-65535 -Pn -v --randomize-hosts --banners -ox result.xml --rate 100000
|
- It may encounter device interferences, so that there are too many port are open.
Advanced Options
--adapter-ip: set the source IP address--adapater-port: set the source port--adapter-mac: set the source MAC address--router-mac: set the gateway MAC address--exclude: set IP blacklists to prevent from scanning--excludefile: set IP blacklists from a file--includefile, -iL: scan specific IPs from a file--wait: set wait time after each packet sent, default 10 seconds.
Online Port Scanning
