"Fossies" - the Fresh Open Source Software Archive

Member "nmap-7.91/docs/nmap.usage.txt" (9 Oct 2020, 5936 Bytes) of package /linux/misc/nmap-7.91.tgz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "nmap.usage.txt": 7.90_vs_7.91.

    1 Nmap 7.91 ( https://nmap.org )
    2 Usage: nmap [Scan Type(s)] [Options] {target specification}
    3 TARGET SPECIFICATION:
    4   Can pass hostnames, IP addresses, networks, etc.
    5   Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
    6   -iL <inputfilename>: Input from list of hosts/networks
    7   -iR <num hosts>: Choose random targets
    8   --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
    9   --excludefile <exclude_file>: Exclude list from file
   10 HOST DISCOVERY:
   11   -sL: List Scan - simply list targets to scan
   12   -sn: Ping Scan - disable port scan
   13   -Pn: Treat all hosts as online -- skip host discovery
   14   -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
   15   -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
   16   -PO[protocol list]: IP Protocol Ping
   17   -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
   18   --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
   19   --system-dns: Use OS's DNS resolver
   20   --traceroute: Trace hop path to each host
   21 SCAN TECHNIQUES:
   22   -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
   23   -sU: UDP Scan
   24   -sN/sF/sX: TCP Null, FIN, and Xmas scans
   25   --scanflags <flags>: Customize TCP scan flags
   26   -sI <zombie host[:probeport]>: Idle scan
   27   -sY/sZ: SCTP INIT/COOKIE-ECHO scans
   28   -sO: IP protocol scan
   29   -b <FTP relay host>: FTP bounce scan
   30 PORT SPECIFICATION AND SCAN ORDER:
   31   -p <port ranges>: Only scan specified ports
   32     Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
   33   --exclude-ports <port ranges>: Exclude the specified ports from scanning
   34   -F: Fast mode - Scan fewer ports than the default scan
   35   -r: Scan ports consecutively - don't randomize
   36   --top-ports <number>: Scan <number> most common ports
   37   --port-ratio <ratio>: Scan ports more common than <ratio>
   38 SERVICE/VERSION DETECTION:
   39   -sV: Probe open ports to determine service/version info
   40   --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
   41   --version-light: Limit to most likely probes (intensity 2)
   42   --version-all: Try every single probe (intensity 9)
   43   --version-trace: Show detailed version scan activity (for debugging)
   44 SCRIPT SCAN:
   45   -sC: equivalent to --script=default
   46   --script=<Lua scripts>: <Lua scripts> is a comma separated list of
   47            directories, script-files or script-categories
   48   --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
   49   --script-args-file=filename: provide NSE script args in a file
   50   --script-trace: Show all data sent and received
   51   --script-updatedb: Update the script database.
   52   --script-help=<Lua scripts>: Show help about scripts.
   53            <Lua scripts> is a comma-separated list of script-files or
   54            script-categories.
   55 OS DETECTION:
   56   -O: Enable OS detection
   57   --osscan-limit: Limit OS detection to promising targets
   58   --osscan-guess: Guess OS more aggressively
   59 TIMING AND PERFORMANCE:
   60   Options which take <time> are in seconds, or append 'ms' (milliseconds),
   61   's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
   62   -T<0-5>: Set timing template (higher is faster)
   63   --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
   64   --min-parallelism/max-parallelism <numprobes>: Probe parallelization
   65   --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
   66       probe round trip time.
   67   --max-retries <tries>: Caps number of port scan probe retransmissions.
   68   --host-timeout <time>: Give up on target after this long
   69   --scan-delay/--max-scan-delay <time>: Adjust delay between probes
   70   --min-rate <number>: Send packets no slower than <number> per second
   71   --max-rate <number>: Send packets no faster than <number> per second
   72 FIREWALL/IDS EVASION AND SPOOFING:
   73   -f; --mtu <val>: fragment packets (optionally w/given MTU)
   74   -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
   75   -S <IP_Address>: Spoof source address
   76   -e <iface>: Use specified interface
   77   -g/--source-port <portnum>: Use given port number
   78   --proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
   79   --data <hex string>: Append a custom payload to sent packets
   80   --data-string <string>: Append a custom ASCII string to sent packets
   81   --data-length <num>: Append random data to sent packets
   82   --ip-options <options>: Send packets with specified ip options
   83   --ttl <val>: Set IP time-to-live field
   84   --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
   85   --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
   86 OUTPUT:
   87   -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
   88      and Grepable format, respectively, to the given filename.
   89   -oA <basename>: Output in the three major formats at once
   90   -v: Increase verbosity level (use -vv or more for greater effect)
   91   -d: Increase debugging level (use -dd or more for greater effect)
   92   --reason: Display the reason a port is in a particular state
   93   --open: Only show open (or possibly open) ports
   94   --packet-trace: Show all packets sent and received
   95   --iflist: Print host interfaces and routes (for debugging)
   96   --append-output: Append to rather than clobber specified output files
   97   --resume <filename>: Resume an aborted scan
   98   --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
   99   --webxml: Reference stylesheet from Nmap.Org for more portable XML
  100   --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
  101 MISC:
  102   -6: Enable IPv6 scanning
  103   -A: Enable OS detection, version detection, script scanning, and traceroute
  104   --datadir <dirname>: Specify custom Nmap data file location
  105   --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  106   --privileged: Assume that the user is fully privileged
  107   --unprivileged: Assume the user lacks raw socket privileges
  108   -V: Print version number
  109   -h: Print this help summary page.
  110 EXAMPLES:
  111   nmap -v -A scanme.nmap.org
  112   nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  113   nmap -v -iR 10000 -Pn -p 80
  114 SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES