\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{fkbug} \pdfinfo{ /Title (nmap-zh.pdf) /Creator (Cheatography) /Author (fkbug) /Subject (nmap-zh Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{37A33F} \definecolor{LightBackground}{HTML}{F2F9F3} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{nmap-zh Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{fkbug} via \textcolor{DarkBackground}{\uline{cheatography.com/84111/cs/19877/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}fkbug \\ \uline{cheatography.com/fkbug} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Not Yet Published.\\ Updated 18th June, 2019.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{tabularx}{17.67cm}{x{3.2053 cm} x{5.9045 cm} x{7.7602 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{扫描目标}} \tn % Row 0 \SetRowColor{LightBackground} 参数 & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} & \seqsplit{扫描多个IP} & nmap 192.168.1.1 \tn % Row Count 2 (+ 1) % Row 2 \SetRowColor{LightBackground} & \seqsplit{扫描特定IP} & nmap 192.168.1.1 192.168.2.1 \tn % Row Count 4 (+ 2) % Row 3 \SetRowColor{white} & 扫描范围 & nmap 192.168.1.1-254 \tn % Row Count 6 (+ 2) % Row 4 \SetRowColor{LightBackground} & 扫描 CIDR 表示范围 & nmap 192.168.1.0/24 \tn % Row Count 8 (+ 2) % Row 5 \SetRowColor{white} & 扫描域名 & nmap scanme.nmap.org \tn % Row Count 10 (+ 2) % Row 6 \SetRowColor{LightBackground} -iL & \seqsplit{从文件中导入目标} & nmap -iL targets.txt \tn % Row Count 12 (+ 2) % Row 7 \SetRowColor{white} -iR & \seqsplit{随机选择目标} & nmap -iR 100 \tn % Row Count 14 (+ 2) % Row 8 \SetRowColor{LightBackground} -{}-exclude & \seqsplit{排除列出的目标} & nmap -{}-exclude 192.168.1.1 \tn % Row Count 16 (+ 2) % Row 9 \SetRowColor{white} -{}-excludefile & \seqsplit{排除文件中的目标} & nmap -{}-excludefile notargets.txt \tn % Row Count 18 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.5427 cm} x{6.9167 cm} x{6.4106 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{端口设置}} \tn % Row 0 \SetRowColor{LightBackground} 参数 & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} -p & 端口扫描 端口x & nmap -p 21 192.168.1.1 \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} -p & 端口扫描 端口范围 & nmap -p 21-100 192.168.1.1 \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} -p & 端口扫描 多个 TCP及UDP端口 & nmap -p U:53, T:21-25,80 192.168.1.1 \tn % Row Count 8 (+ 3) % Row 4 \SetRowColor{LightBackground} -p- & 端口扫描 所有端口 & nmap -p- 192.168.1.1 \tn % Row Count 10 (+ 2) % Row 5 \SetRowColor{white} -F & 端口扫描 \seqsplit{快速模式(仅扫描} TOP100 端口) & nmap -F 192.168.1.1 \tn % Row Count 14 (+ 4) % Row 6 \SetRowColor{LightBackground} -{}-top-ports number & 端口扫描 \seqsplit{扫描开放概率最高的} number 个端口 & nmap -{}-top-ports 2000 192.168.1.1 \tn % Row Count 18 (+ 4) % Row 7 \SetRowColor{white} -r & 端口扫描 \seqsplit{顺序扫描(nmap} \seqsplit{默认会打乱端口的扫描顺序以防止防火墙检测,开启该参数后将变为顺序扫描} & nmap -p- -r 192.168.1.1 \tn % Row Count 27 (+ 9) % Row 8 \SetRowColor{LightBackground} -{}-port-ratio \textless{}ratio\textgreater{} & 扫描指定频率以上的端口(以端口开放概率作为参数,为0\textasciitilde{}1 之间) & nmap -port-ratio 0.9 192.168.1.1 \tn % Row Count 33 (+ 6) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.8923 cm} x{5.9045 cm} x{6.0732 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{主机发现}} \tn % Row 0 \SetRowColor{LightBackground} 参数 & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} -sL & List \seqsplit{scan(没有扫描,仅列出目标)} & nmap -sL 192.168.1-3 \tn % Row Count 4 (+ 3) % Row 2 \SetRowColor{LightBackground} -sn & Ping \seqsplit{scan(只进行主机发现,禁用端口扫描)} \seqsplit{在早期版本中,也写成} -sP & nmap -sn \seqsplit{192.168.1.1/24} \tn % Row Count 11 (+ 7) % Row 3 \SetRowColor{white} -Pn & Port \seqsplit{scan(跳过主机发现,将所有主机视为已开启,直接端口扫描)} & nmap -Pn 192.168.1-5 \tn % Row Count 17 (+ 6) % Row 4 \SetRowColor{LightBackground} -PS {[}portlist{]} & 端口x 上的 TCP \seqsplit{SYN主机发现,默认端口80} & nmap -PS22-25,80 192.168.1.1-5 \tn % Row Count 21 (+ 4) % Row 5 \SetRowColor{white} -PA {[}portlist{]} & 端口x 上的 TCP \seqsplit{ACK主机发现,默认端口} 80 & nmap -PA22-25,80 192.168.1.1-5 \tn % Row Count 25 (+ 4) % Row 6 \SetRowColor{LightBackground} -PU {[}portlist{]} & 端口x 上的 UDP \seqsplit{主机发现,默认端口为} 40125 & nmap -PU53 192.168.1.1-5 \tn % Row Count 29 (+ 4) % Row 7 \SetRowColor{white} -PY {[}portlist{]} & 端口x 上的 SCTP 主机发现 & nmap -PY22-25,80 192.168.1.1-5 \tn % Row Count 32 (+ 3) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.8923 cm} x{5.9045 cm} x{6.0732 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{主机发现 (cont)}} \tn % Row 8 \SetRowColor{LightBackground} -PE & 使用 ICMP echo \seqsplit{请求包发现主机} & nmap -PE 192.168.1.1 \tn % Row Count 3 (+ 3) % Row 9 \SetRowColor{white} -PP & 使用 ICMP timestamp \seqsplit{请求包发现主机} & nmap -PP 192.168.1.1 \tn % Row Count 7 (+ 4) % Row 10 \SetRowColor{LightBackground} -PM & 使用 ICMP netmask \seqsplit{请求包发现主机} & nmap -PM 192.168.1.1 \tn % Row Count 10 (+ 3) % Row 11 \SetRowColor{white} -PO & 使用 IP \seqsplit{协议包探测目标主机是否开启} & nmap -PO 192.168.1.1 \tn % Row Count 14 (+ 4) % Row 12 \SetRowColor{LightBackground} -PR & \seqsplit{本地网络上的} ARP 发现 & nmap -PR \seqsplit{192.168.1.1/24} \tn % Row Count 17 (+ 3) % Row 13 \SetRowColor{white} -n & \seqsplit{表示不进行} dns 解析(反向 dns \seqsplit{解析会很明显的减慢} nmap \seqsplit{的扫描时间,在扫描大量主机时如果不关心其} dns \seqsplit{信息可以使用此参数加快扫描速度)} & nmap -n 192.168.1.1 \tn % Row Count 30 (+ 13) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.8923 cm} x{5.9045 cm} x{6.0732 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{主机发现 (cont)}} \tn % Row 14 \SetRowColor{LightBackground} -R & \seqsplit{表示总是进行} dns 解析 & nmap -R 192.168.1.1 \tn % Row Count 3 (+ 3) % Row 15 \SetRowColor{white} -{}-system-dns & \seqsplit{指定使用主机系统自带的的} dns \seqsplit{解析器,而不是} nmap \seqsplit{内部的方法} & nmap -{}-system-dns 192.168.1.1 \tn % Row Count 9 (+ 6) % Row 16 \SetRowColor{LightBackground} -{}-dns-servers \textless{}serv1{[},serv2{]},..\textgreater{} & \seqsplit{手动指定dns} 服务器 & nmap -{}-dns-servers dnsIP1 dnsIP2 192.168.1.1 \tn % Row Count 13 (+ 4) % Row 17 \SetRowColor{white} -{}-traceroute & \seqsplit{跟踪主机的路径(适用于除连接扫描} -sT \seqsplit{和空闲扫描} -sI \seqsplit{之外的所有扫描类型)} & nmap -{}-traceroute 192.168.1.1 \tn % Row Count 21 (+ 8) % Row 18 \SetRowColor{LightBackground} -{}-resolve-all & \seqsplit{扫描每个已解析的地址(如果主机目标解析为多个地址则扫描所有地址,默认行为是仅扫描第一个已解析的地址)} & nmap -{}-resolve-all baidu.com \tn % Row Count 32 (+ 11) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.2053 cm} x{6.9167 cm} x{6.748 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{扫描方式}} \tn % Row 0 \SetRowColor{LightBackground} 参数 & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} -sS & {\bf{TCP SYN 端口扫描(默认)}} & nmap -sS 192.168.1.1 \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} -sT & TCP \seqsplit{连接端口扫描(默认无} root 权限) & nmap -sT 192.168.1.1 \tn % Row Count 6 (+ 3) % Row 3 \SetRowColor{white} -sA & TCP ACK 端口扫描 & nmap -sA 192.168.1.1 \tn % Row Count 8 (+ 2) % Row 4 \SetRowColor{LightBackground} -sW & TCP 窗口 端口扫描 & nmap -sW 192.168.1.1 \tn % Row Count 10 (+ 2) % Row 5 \SetRowColor{white} -sM & TCP Maimon 端口扫描 & nmap -sM 192.168.1.1 \tn % Row Count 12 (+ 2) % Row 6 \SetRowColor{LightBackground} -sU & UDP 端口扫描 & nmap -sU 192.168.1.1 \tn % Row Count 14 (+ 2) % Row 7 \SetRowColor{white} -sN & TCP Null 秘密扫描 & nmap -sN 192.168.1.1 \tn % Row Count 16 (+ 2) % Row 8 \SetRowColor{LightBackground} -sF & TCP FIN 秘密扫描 & nmap -sF 192.168.1.1 \tn % Row Count 18 (+ 2) % Row 9 \SetRowColor{white} -sX & TCP Xmas 秘密扫描 & nmap -sX 192.168.1.1 \tn % Row Count 20 (+ 2) % Row 10 \SetRowColor{LightBackground} -{}-scanflags \textless{}flags\textgreater{} & TCP 包标志位 定制扫描 & nmap -{}-scanflags URGFIN 192.168.1.1 \tn % Row Count 23 (+ 3) % Row 11 \SetRowColor{white} -sI & Idle \seqsplit{扫描(没有报文是从真实IP发送到目标的)需要找到合适的} Zombie 主机) & nmap -Pn -p- -sI Zombie.com target.com \tn % Row Count 29 (+ 6) % Row 12 \SetRowColor{LightBackground} -sY & SCTP INIT 扫描(SCTP 可以看作是 TCP \seqsplit{协议的改进)这种扫描向目标发送} INIT \seqsplit{包来判断目标是否存活} & nmap -sY 192.168.1.1 \tn % Row Count 37 (+ 8) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.2053 cm} x{6.9167 cm} x{6.748 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{扫描方式 (cont)}} \tn % Row 13 \SetRowColor{LightBackground} -sZ & SCTP COOKIE\_ECHO 扫描 & nmap -sZ 192.168.1.1 \tn % Row Count 2 (+ 2) % Row 14 \SetRowColor{white} -sO & IP \seqsplit{协议扫描(确定目标支持哪些} IP 协议) \seqsplit{TCP、ICMP、IGMP等等} & nmap -sO 192.168.1.1 \tn % Row Count 7 (+ 5) % Row 15 \SetRowColor{LightBackground} -b \textless{}FTP relay host\textgreater{} & FTP \seqsplit{反弹扫描(连接到防火墙后面的一台FTP服务器做代理,接着进行端口扫描)} & nmap -Pn -b \seqsplit{ftp.microsfot.com} google.com \tn % Row Count 14 (+ 7) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.2175 cm} x{6.4106 cm} x{6.2419 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{版本侦测}} \tn % Row 0 \SetRowColor{LightBackground} 参数 & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} -sV & \seqsplit{尝试确定在端口上运行的服务的版本} & nmap -sV 192.168.1.1 \tn % Row Count 5 (+ 4) % Row 2 \SetRowColor{LightBackground} -{}-version-intensity \textless{}level\textgreater{} & \seqsplit{指定版本侦测的强度(0-9)},默认为7,数值越高,探测出的服务越准确,但运行时间也越长 & nmap -sV -{}-version-intensity 8 192.168.1.1 \tn % Row Count 13 (+ 8) % Row 3 \SetRowColor{white} -{}-version-light & \seqsplit{指定使用轻量级侦测方式(intensity=2)} & nmap -sV -{}-version-light 192.168.1.1 \tn % Row Count 17 (+ 4) % Row 4 \SetRowColor{LightBackground} -{}-version-all & \seqsplit{指定使用所有的版本侦测(intensity=9)} & nmap -sV -{}-version-all 192.168.1.1 \tn % Row Count 21 (+ 4) % Row 5 \SetRowColor{white} -{}-version-trace & \seqsplit{显示出详细的版本侦测过程信息} & nmap -sV -{}-version-trace 192.168.1.1 \tn % Row Count 24 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.2053 cm} x{7.4228 cm} x{6.2419 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{系统侦测}} \tn % Row 0 \SetRowColor{LightBackground} 参数 & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} -O & 使用 TCP/IP \seqsplit{指纹进行远程系统检测} & nmap -O 192.168.1.1 \tn % Row Count 4 (+ 3) % Row 2 \SetRowColor{LightBackground} -O -{}-osscan-limit & \seqsplit{如果一个打开或关闭的} TCP \seqsplit{端口都没找到,则不进行系统探测尝试} & nmap -O -{}-oscan-limit 192.168.1.1 \tn % Row Count 10 (+ 6) % Row 3 \SetRowColor{white} -O -{}-osscan-guess & 使 nmap \seqsplit{更积极地猜测目标系统信息} & nmap -O -{}-osscan-guess 192.168.1.1 \tn % Row Count 13 (+ 3) % Row 4 \SetRowColor{LightBackground} -O -{}-max-os-tries & \seqsplit{设置针对目标的} OS \seqsplit{检测尝试的最大次数} & nmap -O -{}-max-os-tries 1 \tn % Row Count 17 (+ 4) % Row 5 \SetRowColor{white} -A & \seqsplit{启用操作系统探测,版本检测,脚本扫描以及路由跟踪} & nmap -A 192.168.1.1 \tn % Row Count 22 (+ 5) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{5.7358 cm} x{5.7358 cm} x{5.3984 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{时间性能}} \tn % Row 0 \SetRowColor{LightBackground} 参数 & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} -T0 & 偏执的 & nmap -T0 192.168.1.1 \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} -T1 & 悄悄的 & nmap -T1 192.168.1.1 \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} -T2 & 礼貌的 & nmap -T2 192.168.1.1 \tn % Row Count 7 (+ 2) % Row 4 \SetRowColor{LightBackground} -T3 & 默认的 & nmap -T3 192.168.1.1 \tn % Row Count 9 (+ 2) % Row 5 \SetRowColor{white} -T4 & 激烈的 & nmap -T4 192.168.1.1 \tn % Row Count 11 (+ 2) % Row 6 \SetRowColor{LightBackground} -T5 & 疯狂的 & nmap -T5 192.168.1.1 \tn % Row Count 13 (+ 2) % Row 7 \SetRowColor{white} -{}-host-timeout \textless{}time\textgreater{} & time \seqsplit{时长后仍未扫描完毕则放弃} & nmap \seqsplit{-host-timeout} 30m 192.168.1.1 \tn % Row Count 17 (+ 4) % Row 8 \SetRowColor{LightBackground} -{}-min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout \textless{}time\textgreater{} & \seqsplit{指定探测包往返时间} & nmap -{}-min-rtt-timeout 2s 192.168.1.1 \tn % Row Count 22 (+ 5) % Row 9 \SetRowColor{white} -{}-scan-delay/-{}-max-scan-delay \textless{}time\textgreater{} & \seqsplit{指定探测包的延迟} & nmap -{}-scan-delay 3min 192.168.1.1 \tn % Row Count 25 (+ 3) % Row 10 \SetRowColor{LightBackground} -{}-max-retries \textless{}tries\textgreater{} & \seqsplit{指定端口扫描探测包重新传输的最大数量} & nmap -{}-max-retries 3 192.168.1.1 \tn % Row Count 30 (+ 5) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{5.7358 cm} x{5.7358 cm} x{5.3984 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{时间性能 (cont)}} \tn % Row 11 \SetRowColor{LightBackground} -{}-min-rate \textless{}number\textgreater{} & \seqsplit{指定发送的数据包不低于每秒} number 个 & nmap -{}-min-rate 100 192.168.1.1 \tn % Row Count 4 (+ 4) % Row 12 \SetRowColor{white} -{}-max-rate \textless{}number\textgreater{} & \seqsplit{指定发送的数据包不超过每秒} number 个 & nmap -{}-max-rate 100 192.168.1.1 \tn % Row Count 8 (+ 4) \hhline{>{\arrayrulecolor{DarkBackground}}---} \SetRowColor{LightBackground} \mymulticolumn{3}{x{17.67cm}}{-T 表示 nmap \seqsplit{扫描过程中使用的速度,级别越高,扫描速度越快,但也越容易被防火墙或} IDS \seqsplit{检测并屏蔽掉,在通信状况良好的情况下推荐使用} T4。nmap 一般默认为 T3,而 T2 基本就是 T3 \seqsplit{的百倍时间了,所以} T3 \seqsplit{以下都是为了规避防火墙或} IDS \seqsplit{的检测,速度越慢越不容易被检测到。}} \tn \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{2.5305 cm} x{7.0854 cm} x{7.2541 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{结果输出}} \tn % Row 0 \SetRowColor{LightBackground} \seqsplit{参数} & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} -oN & 正常输出 & nmap 192.168.1.1 -oN normal.file \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} -oX & XML 格式输出 & nmap 192.168.1.1 -oX xml.file \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} -oG & \seqsplit{可过滤的输出} & nmap 192.168.1.1 -oG grep.file \tn % Row Count 7 (+ 2) % Row 4 \SetRowColor{LightBackground} -oA & \seqsplit{一次输出三种主要格式} & nmap 192.168.1.1 -oA results \tn % Row Count 9 (+ 2) % Row 5 \SetRowColor{white} -oG - & \seqsplit{同时输出到屏幕,-oN} -, -oX - 同理 & nmap 192.168.1.1 -oG - \tn % Row Count 12 (+ 3) % Row 6 \SetRowColor{LightBackground} -{}-append & \seqsplit{将扫描结果附加到上一个扫描文件} & nmap 192.168.1.1 -oN file.file -{}-append-output \tn % Row Count 15 (+ 3) % Row 7 \SetRowColor{white} -v & \seqsplit{增加扫描过程详细程度(-vv} \seqsplit{可以增加扫描过程的详细程度)} & nmap -v 192.168.1.1 \tn % Row Count 20 (+ 5) % Row 8 \SetRowColor{LightBackground} -d & \seqsplit{增加扫描过程中的调试信息(-dd} \seqsplit{则增加更多的调试信息)} & nmap -d 192.168.1.1 \tn % Row Count 25 (+ 5) % Row 9 \SetRowColor{white} -{}-reason & \seqsplit{显示端口处于特定状态的原因等信息(等价于} -vv) & nmap -{}-reason 192.168.1.1 \tn % Row Count 29 (+ 4) % Row 10 \SetRowColor{LightBackground} -{}-open & \seqsplit{只显示为开启状态的端口的信息} & nmap -{}-open 192.168.1.1 \tn % Row Count 32 (+ 3) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{2.5305 cm} x{7.0854 cm} x{7.2541 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{结果输出 (cont)}} \tn % Row 11 \SetRowColor{LightBackground} -{}-packet-trace & \seqsplit{显示扫描过程中所有发送和接收的包} & nmap -T4 -{}-packet-trace 192.168.1.1 \tn % Row Count 3 (+ 3) % Row 12 \SetRowColor{white} -{}-iflist & \seqsplit{显示主机接口和路由信息} & nmap -{}-iflist \tn % Row Count 6 (+ 3) % Row 13 \SetRowColor{LightBackground} -{}-resume & 恢复扫描 & nmap -{}-resume result.file \tn % Row Count 8 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{8.4623 cm} x{8.8077 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{17.67cm}}{\bf\textcolor{white}{常用输出示例}} \tn % Row 0 \SetRowColor{LightBackground} 功能 & 命令 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} 扫描并过滤出 web 服务器: & nmap -p80 -sV -oG - -{}-open 192.168.1.1/24 | grep open \tn % Row Count 4 (+ 3) % Row 2 \SetRowColor{LightBackground} \seqsplit{生成存活主机列表:} & nmap -iR 10 -n -oX out.xml | grep "Nmap" | cut -d " " -f5 \textgreater{}\textgreater{} live-host.txt \tn % Row Count 8 (+ 4) % Row 3 \SetRowColor{white} \seqsplit{附加新发现的存活主机:} & nmap -iR 10 -n -oX out2.xml | grep "Nmap" | cut -d " " -f5 \textgreater{}\textgreater{} live-host.txt \tn % Row Count 12 (+ 4) % Row 4 \SetRowColor{LightBackground} 比较 nmap 的扫描结果: & ndiff scan.xml scan2.xml \tn % Row Count 14 (+ 2) % Row 5 \SetRowColor{white} 把 xml \seqsplit{的输出结果转为} html & xsltproc nmap.xml -o nmap.html \tn % Row Count 16 (+ 2) % Row 6 \SetRowColor{LightBackground} \seqsplit{按端口频率降序排列扫描结果} & grep "open" results.nmap | sed -r 's / + / / g' |sort |uniq -c |sort -rn | less \tn % Row Count 21 (+ 5) \hhline{>{\arrayrulecolor{DarkBackground}}--} \SetRowColor{LightBackground} \mymulticolumn{2}{x{17.67cm}}{grep、sed、sort、less 主要为 bash \seqsplit{命令,所以有些输出组合可能} windows 下无法使用} \tn \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{3.5427 cm} x{7.2541 cm} x{6.0732 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{杂项}} \tn % Row 0 \SetRowColor{LightBackground} 参数 & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} -6 & 开启 IPv6 扫描 & nmap -6 192.168.1.1 \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} -A & 开启 \seqsplit{系统探测、版本探测、默认脚本扫描、traceroute} & nmap -A 192.168.1.1 \tn % Row Count 7 (+ 4) % Row 3 \SetRowColor{white} -{}-data-dir \textless{}dirname\textgreater{} & 指定自定义 nmap \seqsplit{数据文件目录位置} & nmap -{}-data-dir /root/ 192.168.1.1 \tn % Row Count 10 (+ 3) % Row 4 \SetRowColor{LightBackground} -{}-send-eth/-{}-send-ip & \seqsplit{使用原始以太帧或} IP 报文 & nmap -{}-send-eth 192.168.1.1 \tn % Row Count 13 (+ 3) % Row 5 \SetRowColor{white} -{}-privileged & \seqsplit{假定用户为特权账户} & nmap -{}-privileged 192.168.1.1 \tn % Row Count 16 (+ 3) % Row 6 \SetRowColor{LightBackground} -{}-unprivileged & \seqsplit{假定用户未获得所有权限} & nmap -{}-unprivileged 192.168.1.1 \tn % Row Count 19 (+ 3) % Row 7 \SetRowColor{white} -V & 打印 nmap 版本信息 & nmap -V \tn % Row Count 21 (+ 2) % Row 8 \SetRowColor{LightBackground} -h/-{}-help & 打印 nmap 帮助文档 & nmap -h \tn % Row Count 23 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{p{5.7358 cm} p{5.5671 cm} p{5.5671 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{防火墙/IDS 绕过}} \tn % Row 0 \SetRowColor{LightBackground} 参数 & 描述 & 示例 \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} \mymulticolumn{3}{x{17.67cm}}{-f} \tn % Row Count 2 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \end{document}