nmap全开扫描,半开扫描_nmap扫描的阶段

nmap全开扫描,半开扫描

Hello readers, hope you all doing well.

各位读者好，希望大家一切都好。

For security researchers and hackers nmap must be their breakfast to start their day with. Well, given the diverse functionality and extreme flexibility, it certainly deserves its dominance.

对于安全研究人员和黑客来说，nmap必须作为早餐开始。 好吧，鉴于其功能多样和极高的灵活性，它无疑应该占据主导地位。

Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Nmap(“网络映射器”)是一个免费的开源实用程序，用于网络发现和安全审核。 许多系统和网络管理员还发现它对于诸如网络清单，管理服务升级计划以及监视主机或服务正常运行时间之类的任务很有用。

There are a good number of blogs enumerating nmap usage, scan types and other utilities. I’ll personally list them at the end. But I didn’t find any reagrding the phases an NMAP scan goes through. This blog will just take you through nmap scan phases with its outcome on the terminal. For futher research and contribution, I recommend you to go through the official website of nmap.

有很多博客列举了nmap的用法，扫描类型和其他实用程序。 我将在结尾处亲自列出。 但是我没有发现NMAP扫描经历的任何阶段。 该博客将带您完成nmap扫描阶段，并在终端上显示结果。 为了进一步的研究和贡献，我建议您访问nmap的官方网站。

1.目标枚举 (1. Target Enumeration)

You must have been always scanning a particular IP, or single IP at a time. No offence, as 80% of the nmap users do so. But nmap is more to this. It can take combination of host DNS names, IP addresses, CIDR network notations. This is an essential step and cannot be skipped. But you make nmap’s task easy by simply providing an IP, so no further resolution is required.

您必须始终始终一次扫描特定IP或单个IP。 没有违法行为，因为80％的nmap用户这样做。 但是，nmap不仅如此。 它可以结合使用主机DNS名称，IP地址，CIDR网络符号。 这是必不可少的步骤，不能跳过。 但是，只需提供IP，您就可以使nmap的工作变得容易，因此不需要进一步的解决方案。

Here, -sL switch comes very very handy to actually identify you targets. The stealth here is : It discovers its host without sending any packets to the target system, so this scan escapes IDS.

在这里， -sL开关非常有用，可以真正识别您的目标。 这里的隐患是​​：它发现主机而不将任何数据包发送到目标系统，因此此扫描可以逃避IDS。

Supposing you need to pentest on Jharkhand government webiste(assuming you’ve all required written auth), mapping jharkhand.gov.in with -sL gives you a proper list of IPs under your jurisdiction.

假设您需要在Jharkhand政府网站上进行渗透测试(假设您都需要书面身份验证)， -sL jharkhand.gov.in与-sL映射可以为您所管辖的IP提供正确的列表。

nmap -sL jharkhand.gov.in/29

-sL is very useful for planning targets and playing safe.

-sL对于计划目标和安全使用非常有用。

From the output, it is absolutely clear that you can only test on 112.133.209.139, because only that IP comes under jharkhand.gov.in with CIDR 29 (rest IPs are under some other organisations). Stay away from the other IP addresses as it may land you a handsome civil and criminal charge.

从输出中可以很清楚地看出，您只能在112.133.209.139上进行测试，因为只有IP属于jharkhand.gov.in的CIDR 29(其余IP属于其他组织)。 远离其他IP地址，因为它可能使您遭受民事和刑事指控。

Always perform -sL with CIDR 24 as it gives complete flexibility, though it may take very long time

始终对CIDR 24执行-sL，因为它可以提供完全的灵活性，尽管可能会花费很长时间

On further