Nmap参数中英文对照

实验平台

  • Windows
  • Linux

参考手册

https://nmap.org/man/zh/

命令详解

终端输入nmap -h ,查看帮助文档

Nmap 7.80 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
  -sL: List Scan - simply list targets to scan
  -sn: Ping Scan - disable port scan
  -Pn: Treat all hosts as online -- skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
  --system-dns: Use OS's DNS resolver
  --traceroute: Trace hop path to each host
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags <flags>: Customize TCP scan flags
  -sI <zombie host[:probeport]>: Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p <port ranges>: Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
  --exclude-ports <port ranges>: Exclude the specified ports from scanning
  -F: Fast mode - Scan fewer ports than the default scan
  -r: Scan ports consecutively - don't randomize
  --top-ports <number>: Scan <number> most common ports
  --port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
  --version-light: Limit to most likely probes (intensity 2)
  --version-all: Try every single probe (intensity 9)
  --version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
  -sC: equivalent to --script=default
  --script=<Lua scripts>: <Lua scripts> is a comma separated list of
           directories, script-files or script-categories
  --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
  --script-args-file=filename: provide NSE script args in a file
  --script-trace: Show all data sent and received
  --script-updatedb: Update the script database.
  --script-help=<Lua scripts>: Show help about scripts.
           <Lua scripts> is a comma-separated list of script-files or
           script-categories.
OS DETECTION:
  -O: Enable OS detection
  --osscan-limit: Limit OS detection to promising targets
  --osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take <time> are in seconds, or append 'ms' (milliseconds),
  's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
  -T<0-5>: Set timing template (higher is faster)
  --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
  --min-parallelism/max-parallelism <numprobes>: Probe parallelization
  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
      probe round trip time.
  --max-retries <tries>: Caps number of port scan probe retransmissions.
  --host-timeout <time>: Give up on target after this long
  --scan-delay/--max-scan-delay <time>: Adjust delay between probes
  --min-rate <number>: Send packets no slower than <number> per second
  --max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
  -f; --mtu <val>: fragment packets (optionally w/given MTU)
  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
  -S <IP_Address>: Spoof source address
  -e <iface>: Use specified interface
  -g/--source-port <portnum>: Use given port number
  --proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
  --data <hex string>: Append a custom payload to sent packets
  --data-string <string>: Append a custom ASCII string to sent packets
  --data-length <num>: Append random data to sent packets
  --ip-options <options>: Send packets with specified ip options
  --ttl <val>: Set IP time-to-live field
  --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
  --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
     and Grepable format, respectively, to the given filename.
  -oA <basename>: Output in the three major formats at once
  -v: Increase verbosity level (use -vv or more for greater effect)
  -d: Increase debugging level (use -dd or more for greater effect)
  --reason: Display the reason a port is in a particular state
  --open: Only show open (or possibly open) ports
  --packet-trace: Show all packets sent and received
  --iflist: Print host interfaces and routes (for debugging)
  --append-output: Append to rather than clobber specified output files
  --resume <filename>: Resume an aborted scan
  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
  --webxml: Reference stylesheet from Nmap.Org for more portable XML
  --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
  -6: Enable IPv6 scanning
  -A: Enable OS detection, version detection, script scanning, and traceroute
  --datadir <dirname>: Specify custom Nmap data file location
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES

对照翻译如下

目标说明

参数英文中文
 -iL <inputfilename>Input from list of hosts/networks 从文件中读取待检测的目标
-iR <num hosts>Choose random targets随机选择目标,如果-iR指定为0,则无休止的扫描
–exclude <host1[,host2][,host3],…>Exclude hosts/networks 排除主机/网络
–excludefile <exclude_file>Exclude list from file排除文件中的列表

主机发现

参数英文中文
-sLList Scan – simply list targets to scan列表扫描,只扫描IP数目,不进行其他扫描
-snPing Scan – disable port scanPing扫描,
-PnTreat all hosts as online — skip host discovery将所有主机视为联机-跳过主机发现,不检测主机存活
-PS/PA/PU/PY[portlist]TCP SYN/ACK, UDP or SCTP discovery to given portsTCP SYN Ping / TCP ACK Ping / UDP Ping 发现
-PE/PP/PMICMP echo, timestamp, and netmask request discovery probes使用ICMP echo, timestamp and netmask 请求包发现主机
-PO[protocol list]IP Protocol Ping使用IP协议包探测对方主机是否开启
-n/-RNever do DNS resolution/Always resolve [default: sometimes]不对IP进行域名反向解析/为所有目标IP进行反向域名解析
–dns-servers <serv1[,serv2],…>Specify custom DNS servers指定自定义DNS服务器
–system-dnsUse OS’s DNS resolver使用系统域名解析器
–traceroutTrace hop path to each host跟踪到每个主机的跃点路径

扫描技术

参数英文中文
-sS/sT/sA/sW/sMTCP SYN/Connect()/ACK/
Window/Maimon scans
TCP SYN/
TCP connect()/ACK/
TCP窗口扫描/TCP Maimon扫描
-sUUDP ScanUDP扫描
-sN/sF/sXTCP Null, FIN, and Xmas scansTCP Null,FIN,and Xmas扫描
–scanflags <flags>Customize TCP scan flags定制的TCP扫描
-sI<zombie host[:probeport]>Idle scan空闲扫描
-sY/sZSCTP INIT/COOKIE-ECHO scansSCTP INIT/COOKIE-ECHO 扫描
-sOIP protocol scanIP协议扫描
-b FTP bounce scanFTP弹跳扫描

端口说明和扫描顺序

参数英文中文
-p <port ranges>Only scan specified ports只扫描指定的端口
–exclude-ports <port ranges>Exclude the specified ports from scanning从扫描中排除指定的端口
-FFast mode – Scan fewer ports than the default scan快速 (有限的端口) 扫描
-rScan ports consecutively – don’t randomize不要按随机顺序扫描端口
–top-ports <number>Scan most common ports扫描常见端口
–port-ratio<ratio>Scan ports more common than <ratio>扫描常用端口中比重较高的端口

服务和版本探测

参数英文中文
-sVProbe open ports to determine service/version info探测打开的端口以确定服务/版本信息
–version-intensity <level>Set from 0 (light) to 9 (try all probes)设置版本扫描强度
–version-lightLimit to most likely probes (intensity 2)打开轻量级模式
–version-allTry every single probe (intensity 9)尝试每个探测
–version-traceShow detailed version scan activity (for debugging)跟踪版本扫描活动

脚本扫描

参数英文中文
-sCequivalent to –script=default根据端口识别的服务,调用默认脚本,等效于–script = default
–script=<Lua scripts> <Lua scripts>is a comma separated list of directories, script-files or script-categories调用的脚本名
–script-args=<n1=v1,[n2=v2,…>provide arguments to scripts调用的脚本传递的参数
–script-args-file=filenameprovide NSE script args in a file使用文本传递参数
–script-traceShow all data sent and received显示所有发送和接收到的数据
–script-updatedbUpdate the script database更新脚本的数据库
–script-help=<Lua scripts>Show help about scripts.<Lua script> is a comma-separated list of script-files or script-categories.显示指定Lua脚本的帮助

操作系统探测

参数英文中文
-OEnable OS detection启用操作系统检测
–osscan-limitLimit OS detection to promising targets针对指定的目标进行操作系统检测
–osscan-guessGuess OS more aggressively推测操作系统检测结果

时间与性能

参数英文中文
-T<0-5>Set timing template (higher is faster)设置时间模板(越高越快)
–min-hostgroup/max-hostgroup <size>Parallel host scan group sizes调整并行扫描组的大小
–min-parallelism/max-parallelism<numprobes>Probe parallelization调整探测报文的并行度
–min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>Specifies probe round trip time调整探测报文超时
–max-retries Caps number of port scan probe retransmissions端口扫描探针重传的最大次数
–host-timeout Give up on target after this long放弃低速目标主机
–scan-delay/–max-scan-delay <time>Adjust delay between probes调整探测报文的时间间隔
–min-rate <number>Send packets no slower than per second每秒发送的数据包不低于指定数字
–max-rate <number>Send packets no faster than per second 每秒发送的数据包的速度不超过指定数字

防火墙/ IDS逃避和欺骗

参数英文中文
-f; –mtu <val>fragment packets (optionally w/given MTU)使用指定的MTU
-D <decoy1,decoy2[,ME],…>Cloak a scan with decoys使用诱饵隐蔽扫描
-S <IP_Address>Spoof source address源地址欺骗
-e <iface>Use specified interface使用指定的接口
-g/–source-port <portnum>Use given port number使用指定源端口
–proxies <url1,[url2],…>Relay connections through HTTP/SOCKS4 proxies通过HTTP / SOCKS4代理中继连接
–data <hex string>Append a custom payload to sent packets向发送的数据包附加 自定义有效载荷
–data-string <string>Append a custom ASCII string to sent packets将自定义ASCII字符串附加到已发送的数据包
–data-length <num>Append random data to sent packets发送报文时附加随机数据
–ip-options <options>Send packets with specified ip options发送具有指定IP选项的数据包
–ttl <val>Set IP time-to-live field设置IP time-to-live域
–spoof-mac <mac address/prefix/vendor name>Spoof your MAC addressMAC地址欺骗
–badsumSend packets with a bogus TCP/UDP/SCTP checksum发送带有虚假TCP / UDP / SCTP校验和的数据包

Nmap 输出

参数英文中文
-oN/-oX/-oS/-oG <file>Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename
将标准输出直接写入指定的文件/输出 xml 文件/输出改为大写/输出通过 bash 或者 perl 处理的格式
-oA <basename>Output in the three major formats at once输出至所有格式
-vIncrease verbosity level (use -vv or more for greater effect)提高输出信息的详细度
-dIncrease debugging level (use -dd or more for greater effect)提高或设置调试级别
–reasonDisplay the reason a port is in a particular state显示端口处于带确认状态的原因
–openOnly show open (or possibly open) ports只输出端口状态为open的端口
–packet-traceShow all packets sent and received跟踪发送和接收的报文
–iflistPrint host interfaces and routes (for debugging)列举接口和路由
–append-outputAppend to rather than clobber specified output files在输出文件中添加
–resume <filename>Resume an aborted scan继续中断的扫描
–stylesheet <path/URL>XSL stylesheet to transform XML output to HTML设置XSL样式表,转换XML输出
–webxmlReference stylesheet from Nmap.Org for more portable XML从namp.org得到XML的样式
–no-stylesheetPrevent associating of XSL stylesheet w/XML output忽略XML声明的XSL样式表

其它选项

参数英文中文
-6Enable IPv6 scanning启用IPv6扫描
-AEnable OS detection, version detection, script scanning, and tracerouteOS识别,版本探测,脚本扫描和traceroute
–datadir <dirname>Specify custom Nmap data file location说明用户Nmap数据文件位置
–send-eth/–send-ipSend using raw ethernet frames or IP packets使用原以太网帧发送/在原IP层发送
–privilegedAssume that the user is fully privileged假定用户具有全部权限
–unprivilegedAssume the user lacks raw socket privileges假定用户不具有全部权限
-VPrint version number打印版本信息
-hPrint this help summary page打印帮助摘要面

实例

  • nmap -v -A scanme.nmap.org
  • nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  • nmap -v -iR 10000 -Pn -p 80
暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇