mirror of
https://github.com/cheat/cheat.git
synced 2024-12-22 12:45:06 +01:00
Merge pull request #462 from santosomar/patch-1
Addition additional nmap options
This commit is contained in:
commit
087a076f74
@ -67,3 +67,38 @@ nmap -T5 --min-parallelism=50 -n --script "ssl-heartbleed" -pT:443 127.0.0.1
|
||||
|
||||
# Show all informations (debug mode)
|
||||
nmap -d ...
|
||||
|
||||
## Port Status Information
|
||||
- Open: This indicates that an application is listening for connections on this port.
|
||||
- Closed: This indicates that the probes were received but there is no application listening on this port.
|
||||
- Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by some kind of filtering.
|
||||
- Unfiltered: This indicates that the probes were received but a state could not be established.
|
||||
- Open/Filtered: This indicates that the port was filtered or open but Nmap couldn’t establish the state.
|
||||
- Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn’t establish the state.
|
||||
|
||||
## Additional Scan Types
|
||||
|
||||
nmap -sn: Probe only (host discovery, not port scan)
|
||||
nmap -sS: SYN Scan
|
||||
nmap -sT: TCP Connect Scan
|
||||
nmap -sU: UDP Scan
|
||||
nmap -sV: Version Scan
|
||||
nmap -O: Used for OS Detection/fingerprinting
|
||||
nmap --scanflags: Sets custom list of TCP using `URG ACK PSH RST SYN FIN` in any order
|
||||
|
||||
### Nmap Scripting Engine Categories
|
||||
The most common Nmap scripting engine categories:
|
||||
- auth: Utilize credentials or bypass authentication on target hosts.
|
||||
- broadcast: Discover hosts not included on command line by broadcasting on local network.
|
||||
- brute: Attempt to guess passwords on target systems, for a variety of protocols, including http, SNMP, IAX, MySQL, VNC, etc.
|
||||
- default: Scripts run automatically when -sC or -A are used.
|
||||
- discovery: Try to learn more information about target hosts through public sources of information, SNMP, directory services, and more.
|
||||
- dos: May cause denial of service conditions in target hosts.
|
||||
- exploit: Attempt to exploit target systems.
|
||||
- external: Interact with third-party systems not included in target list.
|
||||
- fuzzer: Send unexpected input in network protocol fields.
|
||||
- intrusive: May crash target, consume excessive resources, or otherwise impact target machines in a malicious fashion.
|
||||
- malware: Look for signs of malware infection on the target hosts.
|
||||
- safe: Designed not to impact target in a negative fashion.
|
||||
- version: Measure the version of software or protocols on the target hosts.
|
||||
- vul: Measure whether target systems have a known vulnerability.
|
||||
|
Loading…
Reference in New Issue
Block a user