Nmap is a security scanner developed by computer networks specialist Gordon Lyon (Fyodor). It can map the scanned network and observe the status of services running on network machines, operating systems, and port status.
By using Nmap, information such as the operating system of any computer connected to the network, the types of physical devices running, the working time, which services the software uses, the version numbers of the software, whether the computer has a firewall, and the name of the manufacturer of the network card can be learned.
Nmap is completely free GPL licensed software and source code can be downloaded from the relevant section of the site if desired. Operating systems where Nmap can be used can be listed as Linux, Windows, MacOS, Solaris, * BSD and AmigaOS, but it is more popular in Linux and then Windows.
Note: There may be some differences due to the version used, Firewall / IDSs, introduction of command parameters.
Target Spesification
-iL: Performs host or network list scan from files
-iR: Random targets are selected
--exclude Excludes specified hosts or networks
--excludefile Does not include the lists specified in the files
Host Discovery
-sL: Simply (without going into details) scans possible targets
-sN: Does not perform port scanning (disables it)
-Pn: It handles all possible, actively hosts online.
-PS/PA/PU/PY:TCP, UDP or SCTP discovery is made to given ports
-PE/PP/PM: Detects timestamp and netmask requests.
-PO Determines the activity and response by pinging the specified devices
-n/-R: Does not query DNS
--dns-servers: DNS servers are determined manually
--system-dns: Uses the operating system's DNS resolver while scanning.
--traceroute: Shows Traceroute details
Scan Techniques
-sS/sT/sA/sW/sM: Performs TCP/SYN scan / Scans all TCP ports / Detects Firewalls / Performs Window Scan / Performs Maimon Scan
-sU: Performs UDP scan
-sN/sF/sX: Performs TCP Null, FIN and Xmas scans
--scanflags: Customizes flags in TCP scans
-sI: Perform Idle scans
-sY/sZ: Performs SCTP INIT and Cookie scans (echo)
-sO: Adds supported IP Protocols to scanning (UDP, TCP vb.)
-b: Performs FTP Bounce scan
Port Spesification and Scan Order
-p: Scans only specified ports
--exclude-ports: Does not include specified ports in scanning
-F: It scans fewer ports than the default scan mode. (To increase the speed)
-r: It scans the ports sequentially.
--top-ports: Scans the specified number of most used ports
--port-ratio: Scans ports that are used more than the specified port number
Service/Version Detection
-sV: Detects services and versions of open ports
--version-intensity: Density value is determined in version, version scans
--version-light: Sets the intensity to 2
--version-all: Sets the scanning density to 9
--version-trace: Performs detailed service scan on open ports
Script Scan
-sC: Performs scanning of the specified script
--script=: Performs multiple script scans
--script-args= Adds arguments to script scans
--script-args-file=filename: Gets arguments from specified files for scripts executed
--script-trace: Shows all data traffic sent and received
--script-updatedb: Updates the script database
--script-help=: It shows the parameters for the specified script.
OS Detection
-O: Activates OS detection
--osscan-limit: Limits OS detection
--osscan-guess: It aggressives operating system detection and prediction. (detection probability increases)
Timing and Performance
-T: Sets the timing template. (increasing it, increases the scanning speed)
--min-hostgroup/max-hostgroup: Parallel host scanning determines group sizes
--min-parallelism/max-paralellism: Increases scanning speed for bad networks and devices.
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout: Determines prob timeout times in port scans
--max-retries: Determines the maximum number of transmissions given to the scanned port
--host-timeout: The target ip determines the scanning time per device, if the timeout occurs, the target stops scanning.
--scan-delay/--max-scan-delay: Determines the delay between probes
--min-rate:/--max-rate: Determines the number of probes to be sent in 1 second
Firewall/IDS Evasion and Spoofing
-f; --mtu: Applies the specified MTU settings
-D: Uses decoy in browsing
-e: Uses the specified interface
-g/--source-port: Uses the specified port number
--proxies: Transmits the connections through HTTP/SOCKS4 proxies
--data: Adds a special payload to the packets sent
--data-string: Adds ASCII values to the packets sent
--data-lenght: Adds random data to the packets sent
--ip-options: Sends packages with specified IP features
--ttl: Sets the IP validity time
--spoof-mac: Performs MAC Address spoofing
Output
-oN/-oX/-oS/-oG <file>: Performs nmap scan based on selected file output
-oA: Provides output in 3 different formats at the same time
-v: Detail sets the level of detail. So to speak, it provides many words.
-d: Sets the level of debugging
--reason: Shows whether the specified hosts are down and why open ports are open.
--open: Shows only open ports
--packet-trace: Shows all packets sent and received
--iflist: Shows host interfaces and network routes (can be used for debugging)
--append-output: Adds to specified output files
--resume: Continues a stopped scan
--stylesheet: XSL stylesheet is used to convert XML outputs to HTML outputs
--webxml: References stylesheets from the Nmap website
--no-stylesheet: Prevents the use of stylesheets
Misc (Additionally)
-6: Performs IPv6 scan
-A: Enables operating system and version detection, script scanning and route tracking
--datadir: Customizes the Nmap file d0cuments
--send-eth/--send-ip: Sends raw IP packets or ethernet frames
--privileged: Assumes user is privileged
--unprivileged: Assumes user does not have raw socket privileges
-V: Prints the Nmap version number
-h: Prints the Help Menu
Sources:
https://www.turkhackteam.org/siber-guvenlik/1936406-turkce-nmap-kilavuzu.html
https://tr.wikipedia.org/wiki/Nmap
https://nmap.org/book/man-briefoptions.html
Translator and Editor: Dolyetyus
By using Nmap, information such as the operating system of any computer connected to the network, the types of physical devices running, the working time, which services the software uses, the version numbers of the software, whether the computer has a firewall, and the name of the manufacturer of the network card can be learned.
Nmap is completely free GPL licensed software and source code can be downloaded from the relevant section of the site if desired. Operating systems where Nmap can be used can be listed as Linux, Windows, MacOS, Solaris, * BSD and AmigaOS, but it is more popular in Linux and then Windows.
Note: There may be some differences due to the version used, Firewall / IDSs, introduction of command parameters.
Target Spesification
-iL: Performs host or network list scan from files
-iR: Random targets are selected
--exclude Excludes specified hosts or networks
--excludefile Does not include the lists specified in the files
Host Discovery
-sL: Simply (without going into details) scans possible targets
-sN: Does not perform port scanning (disables it)
-Pn: It handles all possible, actively hosts online.
-PS/PA/PU/PY:TCP, UDP or SCTP discovery is made to given ports
-PE/PP/PM: Detects timestamp and netmask requests.
-PO Determines the activity and response by pinging the specified devices
-n/-R: Does not query DNS
--dns-servers: DNS servers are determined manually
--system-dns: Uses the operating system's DNS resolver while scanning.
--traceroute: Shows Traceroute details
Scan Techniques
-sS/sT/sA/sW/sM: Performs TCP/SYN scan / Scans all TCP ports / Detects Firewalls / Performs Window Scan / Performs Maimon Scan
-sU: Performs UDP scan
-sN/sF/sX: Performs TCP Null, FIN and Xmas scans
--scanflags: Customizes flags in TCP scans
-sI: Perform Idle scans
-sY/sZ: Performs SCTP INIT and Cookie scans (echo)
-sO: Adds supported IP Protocols to scanning (UDP, TCP vb.)
-b: Performs FTP Bounce scan
Port Spesification and Scan Order
-p: Scans only specified ports
--exclude-ports: Does not include specified ports in scanning
-F: It scans fewer ports than the default scan mode. (To increase the speed)
-r: It scans the ports sequentially.
--top-ports: Scans the specified number of most used ports
--port-ratio: Scans ports that are used more than the specified port number
Service/Version Detection
-sV: Detects services and versions of open ports
--version-intensity: Density value is determined in version, version scans
--version-light: Sets the intensity to 2
--version-all: Sets the scanning density to 9
--version-trace: Performs detailed service scan on open ports
Script Scan
-sC: Performs scanning of the specified script
--script=: Performs multiple script scans
--script-args= Adds arguments to script scans
--script-args-file=filename: Gets arguments from specified files for scripts executed
--script-trace: Shows all data traffic sent and received
--script-updatedb: Updates the script database
--script-help=: It shows the parameters for the specified script.
OS Detection
-O: Activates OS detection
--osscan-limit: Limits OS detection
--osscan-guess: It aggressives operating system detection and prediction. (detection probability increases)
Timing and Performance
-T: Sets the timing template. (increasing it, increases the scanning speed)
--min-hostgroup/max-hostgroup: Parallel host scanning determines group sizes
--min-parallelism/max-paralellism: Increases scanning speed for bad networks and devices.
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout: Determines prob timeout times in port scans
--max-retries: Determines the maximum number of transmissions given to the scanned port
--host-timeout: The target ip determines the scanning time per device, if the timeout occurs, the target stops scanning.
--scan-delay/--max-scan-delay: Determines the delay between probes
--min-rate:/--max-rate: Determines the number of probes to be sent in 1 second
Firewall/IDS Evasion and Spoofing
-f; --mtu: Applies the specified MTU settings
-D: Uses decoy in browsing
-e: Uses the specified interface
-g/--source-port: Uses the specified port number
--proxies: Transmits the connections through HTTP/SOCKS4 proxies
--data: Adds a special payload to the packets sent
--data-string: Adds ASCII values to the packets sent
--data-lenght: Adds random data to the packets sent
--ip-options: Sends packages with specified IP features
--ttl: Sets the IP validity time
--spoof-mac: Performs MAC Address spoofing
Output
-oN/-oX/-oS/-oG <file>: Performs nmap scan based on selected file output
-oA: Provides output in 3 different formats at the same time
-v: Detail sets the level of detail. So to speak, it provides many words.
-d: Sets the level of debugging
--reason: Shows whether the specified hosts are down and why open ports are open.
--open: Shows only open ports
--packet-trace: Shows all packets sent and received
--iflist: Shows host interfaces and network routes (can be used for debugging)
--append-output: Adds to specified output files
--resume: Continues a stopped scan
--stylesheet: XSL stylesheet is used to convert XML outputs to HTML outputs
--webxml: References stylesheets from the Nmap website
--no-stylesheet: Prevents the use of stylesheets
Misc (Additionally)
-6: Performs IPv6 scan
Kod:
nmap -6 A nmap.org
Kod:
nmap -A 192.168.1.47
Kod:
nmap 192.168.1.47 --datadir folderpath
Kod:
nmap 192.168.1.47 --send-eth/ip
Kod:
nmap 192.168.1.47 --privileged
Kod:
nmap 192.168.1.47 --unprivileged
Kod:
nmap -v
Kod:
nmap -h
Sources:
https://www.turkhackteam.org/siber-guvenlik/1936406-turkce-nmap-kilavuzu.html
https://tr.wikipedia.org/wiki/Nmap
https://nmap.org/book/man-briefoptions.html
Translator and Editor: Dolyetyus
Moderatör tarafında düzenlendi: