🐧 Linux 命令
Nmap
Nmap Cheat Sheet - 快速参考指南,收录常用语法、命令与实践。
📂 分类 · Linux 命令🧭 Markdown 速查🏷️ 2 个标签
#nmap#security
向下滚动查看内容
Getting Started
Basic Usage :
BASH
滚动查看更多
# set your target in etc/hosts
# fast scan of all port of your target
nmap -p- -T5 target
# fast scan on port 80 with os detection
namp -p, 80 -T5 -O target
Basic Options :
| Options | Purpose |
|---|---|
-p- | all ports |
-p1-1023 | scan ports 1 to 1023 |
-F | 100 most common ports |
-r | scan ports in consecutive order |
-T<0-5> | -T0 being the slowest and T5 the fastest |
--max-rate 50 | rate <= 50 packets/sec |
--min-rate 15 | rate >= 15 packets/sec |
--min-parallelism 100 | at least 100 probes in parallel |
Nmap Intermediate Options
Service Detections :
| Option | Meaning |
|---|---|
--traceroute | run traceroute to target |
--script=SCRIPTS | Nmap scripts to run |
-sC or --script=default | run default scripts |
-O | OS detection |
-sV | Service version detection |
-A | equivalent to -sV -O -sC --traceroute |
Timing
| Option | Meaning |
|---|---|
-T<0-5> | Timing template – paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5) |
--min-parallelism <numprobes> and --max-parallelism <numprobes> | Minimum and maximum number of parallel probes |
--min-rate <number> and --max-rate <number> | Minimum and maximum rate (packets/second) |
--host-timeout | Maximum amount of time to wait for a target host |
Formating answers
Details & Report
| Option | Purpose |
|---|---|
--reason | explains how Nmap made its conclusion |
-v | verbose |
-vv | very verbose |
-d | debugging |
-dd | more details for debugging |
-oN <filename> | Normal output |
-oX <filename> | XML output |
-oG <filename> | grep-able output |
-oA <basename> | Output in all major formats |
Advanced Technic
Advanced Scan
| Options | Protocol | Main Function | Typical Use Case |
|---|---|---|---|
-PR -sn | ARP | Scan | Discovering devices on the local network (LAN) |
-PE -sn | ICMP | Echo Scan | Checking if hosts are reachable (pinging) |
-PP -sn | ICMP | Timestamp Scan | Gathering device time info (less common) |
-PM -sn | ICMP | Address Mask Scan | Determining subnet mask info from hosts |
-PS -sn | TCP | SYN Ping Scan | Detecting open TCP ports and live hosts |
-PA -sn | TCP | ACK Ping Scan | Identifying firewall rules and open ports |
-PU -sn | ICMP | Ping Scan | Finding hosts with open UDP services |
Investigation Exemple
Verbose Os Quick port scan
BASH
滚动查看更多
nmap -sV -O -p- -T5 target
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-11-02 15:17 CET
Nmap scan report for target (10.10.158.161)
Host is up (0.021s latency).
Not shown: 65532 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
8080/tcp open http Apache Tomcat 8.5.5
Aggressive OS guesses: Linux 3.10 - 3.13 (95%), Linux 5.4 (95%), ASUS RT-N56U WAP (Linux 3.4) (95%),
Linux 3.16 (95%), Linux 3.1 (93%), Linux 3.2 (93%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (93%),
Sony Android TV (Android 5.0) (93%), Android 5.0 - 6.0.1 (Linux 3.4) (93%), Android 5.1 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 39.94 seconds
# you can then use `nmap -A -p 22, 8009, 8080 target` on discovered ports
Do not use this tool without consent. For educational purposes, this example is coming from a Try Hack Me machine.
Also See
相关 Cheat Sheets
1v1免费职业咨询
Follow Us
We Accept
地址
Level 10b, 144 Edward Street, Brisbane CBD(Headquarter)Level 2, 171 La Trobe St, Melbourne VIC 3000四川省成都市武侯区桂溪街道天府大道中段500号D5东方希望天祥广场B座45A13号Business Hub, 155 Waymouth St, Adelaide SA 5000Disclaimer
JR Academy acknowledges Traditional Owners of Country throughout Australia and recognises the continuing connection to lands, waters and communities. We pay our respect to Aboriginal and Torres Strait Islander cultures; and to Elders past and present. Aboriginal and Torres Strait Islander peoples should be aware that this website may contain images or names of people who have since passed away.
匠人学院网站上的所有内容,包括课程材料、徽标和匠人学院网站上提供的信息,均受澳大利亚政府知识产权法的保护。严禁未经授权使用、销售、分发、复制或修改。违规行为可能会导致法律诉讼。通过访问我们的网站,您同意尊重我们的知识产权。 JR Academy Pty Ltd 保留所有权利,包括专利、商标和版权。任何侵权行为都将受到法律追究。查看用户协议
© 2017-2025 JR Academy Pty Ltd. All rights reserved.
ABN 26621887572