https://futex.re/mediawiki/index.php?action=history&feed=atom&title=Nmap 2026-05-13T15:38:06Z Historique des versions pour cette page sur le wiki MediaWiki 1.39.17 https://futex.re/mediawiki/index.php?title=Nmap&diff=1146&oldid=prev 2012-04-24T18:30:17Z

<p></p> <p><b>Nouvelle page</b></p><div>== Découverte d&#039;un réseau ==<br /> <br /> Lister les hosts d&#039;un réseau (résolution DNS, pas de ping, donc les hosts sont peut être inactifs)<br /> nmap -sL 192.168.1.0/24<br /> <br /> Lister les hosts actifs <br /> nmap -sP 192.168.1.0/24 (scan ping, envoie une requête d&#039;echo ICMP et un paquet TCP sur le port par défaut (80))<br /> nmap -PS 192.168.1.0/24 (-PS [portlist](Ping TCP SYN))<br /> nmap -PA 192.168.1.0/24 (-PA [portlist](Ping TCP ACK))<br /> nmap -PU 192.168.1.0/24 (-PU [portlist](Ping UDP))<br /> nmap -PE 192.168.1.0/24 (-PE; -PP; -PM(Types de ping ICMP))<br /> nmap -PR 192.168.1.0/24 (-PR(Ping ARP))<br /> nmap -PO 192.168.1.0/24 -PO[protolist] (IP Protocol Ping)<br /> <br /> -n(Pas de résolution DNS) Gagne du temps<br /> <br /> <br /> ----<br /> <br /> nmap -sS -P0 -O -T5 ip -d -n -vv<br /> <br /> 82.11.28.6<br /> <br /> Nmap 4.20ALPHA4 ( http://www.insecure.org/nmap/ )<br /> Usage: nmap [Scan Type(s)] [Options] {target specification}<br /> TARGET SPECIFICATION:<br /> Can pass hostnames, IP addresses, networks, etc.<br /> Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254<br /> -iL &lt;inputfilename&gt;: Input from list of hosts/networks<br /> -iR &lt;num hosts&gt;: Choose random targets<br /> --exclude &lt;host1[,host2][,host3],...&gt;: Exclude hosts/networks<br /> --excludefile &lt;exclude_file&gt;: Exclude list from file<br /> HOST DISCOVERY:<br /> -sL: List Scan - simply list targets to scan<br /> -sP: Ping Scan - go no further than determining if host is online<br /> -P0: Treat all hosts as online -- skip host discovery<br /> -PS/PA/PU [portlist]: TCP SYN/ACK or UDP discovery to given ports<br /> -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes<br /> -n/-R: Never do DNS resolution/Always resolve [default: sometimes]<br /> --dns-servers &lt;serv1[,serv2],...&gt;: Specify custom DNS servers<br /> --system-dns: Use OS&#039;s DNS resolver<br /> SCAN TECHNIQUES:<br /> -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans<br /> -sN/sF/sX: TCP Null, FIN, and Xmas scans<br /> --scanflags &lt;flags&gt;: Customize TCP scan flags<br /> -sI &lt;zombie host[:probeport]&gt;: Idlescan<br /> -sO: IP protocol scan<br /> -b &lt;ftp relay host&gt;: FTP bounce scan<br /> PORT SPECIFICATION AND SCAN ORDER:<br /> -p &lt;port ranges&gt;: Only scan specified ports<br /> Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080<br /> -F: Fast - Scan only the ports listed in the nmap-services file)<br /> -r: Scan ports consecutively - don&#039;t randomize<br /> SERVICE/VERSION DETECTION:<br /> -sV: Probe open ports to determine service/version info<br /> --version-intensity &lt;level&gt;: Set from 0 (light) to 9 (try all probes)<br /> --version-light: Limit to most likely probes (intensity 2)<br /> --version-all: Try every single probe (intensity 9)<br /> --version-trace: Show detailed version scan activity (for debugging)<br /> OS DETECTION:<br /> -O: Enable OS detection (try 2nd generation, then 1st if that fails)<br /> -O1: Only use the old (1st generation) OS detection system<br /> -O2: Only use the new OS detection system (no fallback)<br /> --osscan-limit: Limit OS detection to promising targets<br /> --osscan-guess: Guess OS more aggressively<br /> TIMING AND PERFORMANCE:<br /> Options which take &lt;time&gt; are in milliseconds, unless you append &#039;s&#039;<br /> (seconds), &#039;m&#039; (minutes), or &#039;h&#039; (hours) to the value (e.g. 30m).<br /> -T[0-5]: Set timing template (higher is faster)<br /> --min-hostgroup/max-hostgroup &lt;size&gt;: Parallel host scan group sizes<br /> --min-parallelism/max-parallelism &lt;time&gt;: Probe parallelization<br /> --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout &lt;time&gt;: Specifies<br /> probe round trip time.<br /> --max-retries &lt;tries&gt;: Caps number of port scan probe retransmissions.<br /> --host-timeout &lt;time&gt;: Give up on target after this long<br /> --scan-delay/--max-scan-delay &lt;time&gt;: Adjust delay between probes<br /> FIREWALL/IDS EVASION AND SPOOFING:<br /> -f; --mtu &lt;val&gt;: fragment packets (optionally w/given MTU)<br /> -D &lt;decoy1,decoy2[,ME],...&gt;: Cloak a scan with decoys<br /> -S &lt;IP_Address&gt;: Spoof source address<br /> -e &lt;iface&gt;: Use specified interface<br /> -g/--source-port &lt;portnum&gt;: Use given port number<br /> --data-length &lt;num&gt;: Append random data to sent packets<br /> --ttl &lt;val&gt;: Set IP time-to-live field<br /> --spoof-mac &lt;mac address/prefix/vendor name&gt;: Spoof your MAC address<br /> --badsum: Send packets with a bogus TCP/UDP checksum<br /> OUTPUT:<br /> -oN/-oX/-oS/-oG &lt;file&gt;: Output scan in normal, XML, s|&lt;rIpt kIddi3,<br /> and Grepable format, respectively, to the given filename.<br /> -oA &lt;basename&gt;: Output in the three major formats at once<br /> -v: Increase verbosity level (use twice for more effect)<br /> -d[level]: Set or increase debugging level (Up to 9 is meaningful)<br /> --packet-trace: Show all packets sent and received<br /> --iflist: Print host interfaces and routes (for debugging)<br /> --log-errors: Log errors/warnings to the normal-format output file<br /> --append-output: Append to rather than clobber specified output files<br /> --resume &lt;filename&gt;: Resume an aborted scan<br /> --stylesheet &lt;path/URL&gt;: XSL stylesheet to transform XML output to HTML<br /> --webxml: Reference stylesheet from Insecure.Org for more portable XML<br /> --no-stylesheet: Prevent associating of XSL stylesheet w/XML output<br /> MISC:<br /> -6: Enable IPv6 scanning<br /> -A: Enables OS detection and Version detection<br /> --datadir &lt;dirname&gt;: Specify custom Nmap data file location<br /> --send-eth/--send-ip: Send using raw ethernet frames or IP packets<br /> --privileged: Assume that the user is fully privileged<br /> -V: Print version number<br /> -h: Print this help summary page.<br /> EXAMPLES:<br /> nmap -v -A scanme.nmap.org<br /> nmap -v -sP 192.168.0.0/16 10.0.0.0/8<br /> nmap -v -iR 10000 -P0 -p 80<br /> SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES<br /> <br /> Scripts nmap<br /> /usr/share/nmap/scripts/</div>

Futex