Nmap参数中英文对照

实验平台

  • Windows
  • Linux

参考手册

https://nmap.org/man/zh/

命令详解

终端输入 nmap -h ,查看帮助文档

Nmap 7.80 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
  -sL: List Scan - simply list targets to scan
  -sn: Ping Scan - disable port scan
  -Pn: Treat all hosts as online -- skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
  --system-dns: Use OS's DNS resolver
  --traceroute: Trace hop path to each host
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags <flags>: Customize TCP scan flags
  -sI <zombie host[:probeport]>: Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p <port ranges>: Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
  --exclude-ports <port ranges>: Exclude the specified ports from scanning
  -F: Fast mode - Scan fewer ports than the default scan
  -r: Scan ports consecutively - don't randomize
  --top-ports <number>: Scan <number> most common ports
  --port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
  --version-light: Limit to most likely probes (intensity 2)
  --version-all: Try every single probe (intensity 9)
  --version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
  -sC: equivalent to --script=default
  --script=<Lua scripts>: <Lua scripts> is a comma separated list of
           directories, script-files or script-categories
  --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
  --script-args-file=filename: provide NSE script args in a file
  --script-trace: Show all data sent and received
  --script-updatedb: Update the script database.
  --script-help=<Lua scripts>: Show help about scripts.
           <Lua scripts> is a comma-separated list of script-files or
           script-categories.
OS DETECTION:
  -O: Enable OS detection
  --osscan-limit: Limit OS detection to promising targets
  --osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take <time> are in seconds, or append 'ms' (milliseconds),
  's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
  -T<0-5>: Set timing template (higher is faster)
  --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
  --min-parallelism/max-parallelism <numprobes>: Probe parallelization
  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
      probe round trip time.
  --max-retries <tries>: Caps number of port scan probe retransmissions.
  --host-timeout <time>: Give up on target after this long
  --scan-delay/--max-scan-delay <time>: Adjust delay between probes
  --min-rate <number>: Send packets no slower than <number> per second
  --max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
  -f; --mtu <val>: fragment packets (optionally w/given MTU)
  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
  -S <IP_Address>: Spoof source address
  -e <iface>: Use specified interface
  -g/--source-port <portnum>: Use given port number
  --proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
  --data <hex string>: Append a custom payload to sent packets
  --data-string <string>: Append a custom ASCII string to sent packets
  --data-length <num>: Append random data to sent packets
  --ip-options <options>: Send packets with specified ip options
  --ttl <val>: Set IP time-to-live field
  --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
  --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
     and Grepable format, respectively, to the given filename.
  -oA <basename>: Output in the three major formats at once
  -v: Increase verbosity level (use -vv or more for greater effect)
  -d: Increase debugging level (use -dd or more for greater effect)
  --reason: Display the reason a port is in a particular state
  --open: Only show open (or possibly open) ports
  --packet-trace: Show all packets sent and received
  --iflist: Print host interfaces and routes (for debugging)
  --append-output: Append to rather than clobber specified output files
  --resume <filename>: Resume an aborted scan
  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
  --webxml: Reference stylesheet from Nmap.Org for more portable XML
  --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
  -6: Enable IPv6 scanning
  -A: Enable OS detection, version detection, script scanning, and traceroute
  --datadir <dirname>: Specify custom Nmap data file location
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES

 

对照翻译如下

目标说明

参数 英文 中文
 -iL <inputfilename> Input from list of hosts/networks 从文件中读取待检测的目标
-iR <num hosts> Choose random targets 随机选择目标,如果 - iR 指定为 0, 则无休止的扫描
--exclude <host1[,host2][,host3],…> Exclude hosts/networks 排除主机 / 网络
--excludefile <exclude_file> Exclude list from file 排除文件中的列表

主机发现

参数 英文 中文
-sL List Scan - simply list targets to scan 列表扫描,只扫描 IP 数目,不进行其他扫描
-sn Ping Scan - disable port scan Ping 扫描,
-Pn Treat all hosts as online -- skip host discovery 将所有主机视为联机 - 跳过主机发现,不检测主机存活
-PS/PA/PU/PY[portlist] TCP SYN/ACK, UDP or SCTP discovery to given ports TCP SYN Ping / TCP ACK Ping / UDP Ping 发现
-PE/PP/PM ICMP echo, timestamp, and netmask request discovery probes 使用 ICMP echo, timestamp and netmask 请求包发现主机
-PO[protocol list] IP Protocol Ping 使用 IP 协议包探测对方主机是否开启
-n/-R Never do DNS resolution/Always resolve [default: sometimes] 不对 IP 进行域名反向解析 / 为所有目标 IP 进行反向域名解析
--dns-servers <serv1[,serv2],…> Specify custom DNS servers 指定自定义 DNS 服务器
--system-dns Use OS's DNS resolver 使用系统域名解析器
--tracerout Trace hop path to each host 跟踪到每个主机的跃点路径

扫描技术

参数 英文 中文
-sS/sT/sA/sW/sM TCP SYN/Connect()/ACK/
Window/Maimon scans
TCP SYN/
TCP connect()/ACK/
TCP 窗口扫描 / TCP Maimon 扫描
-sU UDP Scan UDP 扫描
-sN/sF/sX TCP Null, FIN, and Xmas scans TCP Null,FIN,and Xmas 扫描
--scanflags <flags> Customize TCP scan flags 定制的 TCP 扫描
-sI<zombie host[:probeport]> Idle scan 空闲扫描
-sY/sZ SCTP INIT/COOKIE-ECHO scans SCTP INIT/COOKIE-ECHO 扫描
-sO IP protocol scan IP 协议扫描
-b FTP bounce scan FTP 弹跳扫描

端口说明和扫描顺序

参数 英文 中文
-p <port ranges> Only scan specified ports 只扫描指定的端口
--exclude-ports <port ranges> Exclude the specified ports from scanning 从扫描中排除指定的端口
-F Fast mode - Scan fewer ports than the default scan 快速 (有限的端口) 扫描
-r Scan ports consecutively - don't randomize 不要按随机顺序扫描端口
--top-ports <number> Scan most common ports 扫描常见端口
--port-ratio<ratio> Scan ports more common than <ratio> 扫描常用端口中比重较高的端口

服务和版本探测

参数 英文 中文
-sV Probe open ports to determine service/version info 探测打开的端口以确定服务 / 版本信息
--version-intensity <level> Set from 0 (light) to 9 (try all probes) 设置版本扫描强度
--version-light Limit to most likely probes (intensity 2) 打开轻量级模式
--version-all Try every single probe (intensity 9) 尝试每个探测
--version-trace Show detailed version scan activity (for debugging) 跟踪版本扫描活动

脚本扫描

参数 英文 中文
-sC equivalent to --script=default 根据端口识别的服务,调用默认脚本,等效于 --script = default
--script=<Lua scripts> <Lua scripts>is a comma separated list of directories, script-files or script-categories 调用的脚本名
--script-args=<n1=v1,[n2=v2,…> provide arguments to scripts 调用的脚本传递的参数
--script-args-file=filename provide NSE script args in a file 使用文本传递参数
--script-trace Show all data sent and received 显示所有发送和接收到的数据
--script-updatedb Update the script database 更新脚本的数据库
--script-help=<Lua scripts> Show help about scripts.<Lua script> is a comma-separated list of script-files or script-categories. 显示指定 Lua 脚本的帮助

操作系统探测

参数 英文 中文
-O Enable OS detection 启用操作系统检测
--osscan-limit Limit OS detection to promising targets 针对指定的目标进行操作系统检测
--osscan-guess Guess OS more aggressively 推测操作系统检测结果

时间与性能

参数 英文 中文
-T<0-5> Set timing template (higher is faster) 设置时间模板 (越高越快)
--min-hostgroup/max-hostgroup <size> Parallel host scan group sizes 调整并行扫描组的大小
--min-parallelism/max-parallelism<numprobes> Probe parallelization 调整探测报文的并行度
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time> Specifies probe round trip time 调整探测报文超时
--max-retries Caps number of port scan probe retransmissions 端口扫描探针重传的最大次数
--host-timeout Give up on target after this long 放弃低速目标主机
--scan-delay/--max-scan-delay <time> Adjust delay between probes 调整探测报文的时间间隔
--min-rate <number> Send packets no slower than per second 每秒发送的数据包不低于指定数字
--max-rate <number> Send packets no faster than per second 每秒发送的数据包的速度不超过指定数字

防火墙 / IDS 逃避和欺骗

参数 英文 中文
-f; --mtu <val> fragment packets (optionally w/given MTU) 使用指定的 MTU
-D <decoy1,decoy2[,ME],…> Cloak a scan with decoys 使用诱饵隐蔽扫描
-S <IP_Address> Spoof source address 源地址欺骗
-e <iface> Use specified interface 使用指定的接口
-g/--source-port <portnum> Use given port number 使用指定源端口
--proxies <url1,[url2],…> Relay connections through HTTP/SOCKS4 proxies 通过 HTTP / SOCKS4 代理中继连接
--data <hex string> Append a custom payload to sent packets 向发送的数据包附加 自定义有效载荷
--data-string <string> Append a custom ASCII string to sent packets 将自定义 ASCII 字符串附加到已发送的数据包
--data-length <num> Append random data to sent packets 发送报文时附加随机数据
--ip-options <options> Send packets with specified ip options 发送具有指定 IP 选项的数据包
--ttl <val> Set IP time-to-live field 设置 IP time-to-live 域
--spoof-mac <mac address/prefix/vendor name> Spoof your MAC address MAC 地址欺骗
--badsum Send packets with a bogus TCP/UDP/SCTP checksum 发送带有虚假 TCP / UDP / SCTP 校验和的数据包

Nmap 输出

参数 英文 中文
-oN/-oX/-oS/-oG <file> Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename
将标准输出直接写入指定的文件 / 输出 xml 文件 / 输出改为大写 / 输出通过 bash 或者 perl 处理的格式
-oA <basename> Output in the three major formats at once 输出至所有格式
-v Increase verbosity level (use -vv or more for greater effect) 提高输出信息的详细度
-d Increase debugging level (use -dd or more for greater effect) 提高或设置调试级别
--reason Display the reason a port is in a particular state 显示端口处于带确认状态的原因
--open Only show open (or possibly open) ports 只输出端口状态为 open 的端口
--packet-trace Show all packets sent and received 跟踪发送和接收的报文
--iflist Print host interfaces and routes (for debugging) 列举接口和路由
--append-output Append to rather than clobber specified output files 在输出文件中添加
--resume <filename> Resume an aborted scan 继续中断的扫描
--stylesheet <path/URL> XSL stylesheet to transform XML output to HTML 设置 XSL 样式表,转换 XML 输出
--webxml Reference stylesheet from Nmap.Org for more portable XML 从 namp.org 得到 XML 的样式
--no-stylesheet Prevent associating of XSL stylesheet w/XML output 忽略 XML 声明的 XSL 样式表

其它选项

参数 英文 中文
-6 Enable IPv6 scanning 启用 IPv6 扫描
-A Enable OS detection, version detection, script scanning, and traceroute OS 识别,版本探测,脚本扫描和 traceroute
--datadir <dirname> Specify custom Nmap data file location 说明用户 Nmap 数据文件位置
--send-eth/--send-ip Send using raw ethernet frames or IP packets 使用原以太网帧发送 / 在原 IP 层发送
--privileged Assume that the user is fully privileged 假定用户具有全部权限
--unprivileged Assume the user lacks raw socket privileges 假定用户不具有全部权限
-V Print version number 打印版本信息
-h Print this help summary page 打印帮助摘要面

实例

  • nmap -v -A scanme.nmap.org
  • nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  • nmap -v -iR 10000 -Pn -p 80
声明 本站上的部份代码及教程来源于互联网,仅供网友学习交流,若您喜欢本文可 附上原文链接 随意转载。无意侵害您的权益,请发送邮件至 lingang#live.cn 或点击右侧 私信:自由看 反馈,我们将尽快处理。
THE END
分享
二维码
打赏
< <上一篇
下一篇>>
文章目录
关闭
目 录