书名：Kali Linux 2018：Assuring Security by Penetration Testing
作者名：Shiva V. N Parasram Alex Samm Damian Boodoo Gerard Johansen Lee Allen Tedi Heriyanto Shakeel Ali
本章字数：191字
更新时间：2021-06-24 18:19:05

The network mapper (Nmap)

Nmap is the top dog in port scanning and enumeration. Covering all options and modules of Nmap in this guide is outside the scope of this book; instead, we will cover the scans that I mostly use when testing. But first, here's some info on port states:

Open: An application on the target machine is listening for connections/packets on that port
Closed: Ports have no application listening on them, though they could open up at any time
Filtered: A firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed

The following are the Nmap options available:

O: OS detection
p: Port scan
p-: Scan all ports (1-65535)
p 80,443: Scan port 80 and 443
p 22-1024: Scan ports 22 through 1024
top-ports X: X is a number and it will scan X number of the top popular ports; I usually use 100 for a quick scan
sV: Service-detection
Tx: Set scan speed
T1: Really slow port scan
T5: Really fast port scan (really noisy)
sS: Stealth scan
sU: UDP scan
A: OS-detection, version-detection, script-scanning, and traceroute