Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
158 views1 page

NMap Commands KungFu

This document provides options and parameters for an offensive counterintelligence scanning tool. It allows configuring options like spoofing source addresses, using decoys and proxies, tuning timing and performance of scans, enabling OS detection and fingerprinting, and selecting port scan types including TCP SYN scans and UDP scans. Verbosity and debugging levels can also be adjusted. The tool aims to evade firewalls and IDS systems while performing active reconnaissance scans.

Uploaded by

Janny Yoga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
158 views1 page

NMap Commands KungFu

This document provides options and parameters for an offensive counterintelligence scanning tool. It allows configuring options like spoofing source addresses, using decoys and proxies, tuning timing and performance of scans, enabling OS detection and fingerprinting, and selecting port scan types including TCP SYN scans and UDP scans. Verbosity and debugging levels can also be adjusted. The tool aims to evade firewalls and IDS systems while performing active reconnaissance scans.

Uploaded by

Janny Yoga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Offensive Counterintelligence | OffensiveCI

-f/-ff (Use Fragmented IP Packets)


--mtu <databytes>(Maximum Transmission Unit)

--ttl <value> (Time To Live)


Cloak A Scan With Decoys -D <decoy1,decoy2[,ME],...> (Create Decoys) -PE/-PI (ICMP Echo Request Ping)
Spoof Source Address -S <IP_Address> (Source Address) -PN/-PD/-P0 (Don't Ping)
Use Specified Interface -e <iface> (Interface) -PS (TCP SYN Ping)
Use Given Port Number -g/--source-port (Source Port Scan) -PU (UDP Ping)
--proxies <url1,[url2],...>(Relay Connections Through HTTP/SOCKS4 Proxies) -PY (SCTP Ping)
Append Random Data to Sent Packets --data-length <databytes> (Data Length) -PO (IP Protocol Ping)
MAC Spoofing --spoof-mac <mac address/prefix/vendor name> -PP (ICMP Timestamp Ping)
Ping Options
Send Packets With a Bogus TCP/UDP/SCTP Checksum --badsum (Bogus Packet) -PM (ICMP Address Mask Ping)
Host Timeout --host-timeout <milliseconds> -R (Require Reverse)
--initial-rtt-timeout <milliseconds> (Initial Round Trip Timeout) -n (Disable Reverse DNS)
Specifies Probe Round Trip Time --min-rtt-timeout <milliseconds> (Minimum Round Trip Timeout) Firewall/IDS Evasion and Spoofing --dns-servers (Specify DNS Servers)
--max-rtt-timeout <milliseconds> (Maximum Round Trip Timeout) Timing, Tunning & Performance Options
--max-hostgroup <number> (Maximum Parallel Hosts per Scan)
Parallel Host Scan Group Sizes -O (OS Fingerprinting)
--min-hostgroup <number> (Minimum Parallel Hosts per Scan)
-A (Aggressive, Additional & Advanced Detection) Guess OS More Aggressively
--max-parallelism <number> (Maximum Parallel Port Scans)
Probe Parallelization --osscan-limit (Limit System Scanning)
--min-parallelism <number> (Minimum Parallel Port Scans)
OS Detection --osscan-guess, --fuzzy (More Guessing Flexibility)
--scan-delay <milliseconds> (Minimum Delay Between Probes)
Delay Time Between Probes
--max-scan-delay <milliseconds> (Maximum Delay Between Probes)
Paranoid (T0)|Sneaky (T1)|Polite (T2)|Normal (T3)|Aggressive (T4)|Insane (T5) --timing/-T<0|1|2|3|4|5> (Timing Policies) -sV (Version Scan)

Send Packets No Slower Than <Number> Per Second --min-rate <number> (Minimum Slower Packet Send) --allports (Don’’t Exclude Any Ports)

Send Packets No Faster Than <Number> Per Second --max-rate <number> (Maximum Faster Packet Send) --version-intensity <Level> (Set Version Intensity) Set from 0 (light) to 9 (Try all Probes)
--version-light (Enable Version Scanning Light)
Version Detection --version-all (Enable Version Scan All)
Verbose Mode -v/--verbose/-vv (Increase Verbosity Level)
--version-trace (For Debugging) Show Detailed Version Scan Activity Version Trace
Debug Mode -d/--debug/-dd (Increase Debugging Level)
--interactive (Interactive Mode)
--noninteractive (Noninteractive Mode) -sS (TCP SYN Scan) Half Open Scan | Stealth Scan

Display The Reason a Port is in a Particular State --reason (Port Reason) -sT (TCP Connect() Scan) Vanila Scan

Only Show Open (or Possibly Open) Ports --open (Open Port) -sA (ACK Scan)

Packet Trace Show All Packets Sent and Received --packet-trace (Packet Status) -sW (Window Scan)

Print Host Interfaces and Routes (For Debugging) -iflist (List Interfaces) -sM (Uriel/Maimon Scan)

Log Errors/Warnings To The Normal-Format Output File --log-errors (Logs Status) -sU (UDP Scan)

--append-output (Append Outputs) NMap Commands KungFu -sN (Null Scan)

Resume An Aborted Scan --resume <logfilename> (Resume Scan) -sF (FIN Scan) Stealth Scan
OffensiveCI@Prawez Samani
XSL Style Sheet To Transform XML Output To HTML --stylesheet <path/URL> (Style Sheet) Run Time Interaction & Reporting Options -sX (Xmas Tree Scan)

Reference Style Sheet From Nmap.Org For More Portable XML --webxml (Reference Style Sheet) --scanflags <Flags> (Customize TCP Scan Flags)

Prevent Associating Of XSL Style Sheet w/XML Output --no-stylesheet (No Style Sheet) -sP (Ping Scan)

Output In The Three Major Formats At Once -oA (All Format) Scan Techniques -sO (IP Protocol Scan)

-oN <logfilename> (Normal Format) -sR (RPC Scan) Remote Procedure Call

-oX <logfilename> (XML Format) -sP (Ping Scan)

-oG <logfilename> (Grepable Format) -sn (Ping Scan) Disable Port Scan

-oS <logfilename> (Script Kiddie Format) -sL (List Scan) Simply List Targets To Scan
-sI (Idle Scan) Zombie Scan
-b (FTP Bounce Attack)
-sC/--script <Lua Script> (Using Script)
-sY (SCTP Init Scan)
--script-args <n1=v1,[n2=v2,...]> (Script Argument)
-sZ (Cookie-Echo Scans)
--script-args-file=filename (Script Argument Into File)

Show All Data Sent and Received --script-trace (Data Status)


--script-updatedb (Update Script Database) --exclude (Exclude Target) Exclude Hosts/Networks

--script-help <Lua Script> (Show About Script) --excludefile (Exclude Target File)

-h/--help (Quick Reference Screen) -iR (Random Target)

-V/--version (Nmap Version) --randomize_hosts/-rH (Randomize Hosts)

--datadir <directory_name> (Data Directory) Scripts & Miscellaneous Options -iL (Read Target from File) Input From List of Hosts/Networks (Manual Scanning)

-q (Quash Argument Vector) -Pn (Treat All Hosts As Online) Skip Host Discovery

-6 (IPv6 Support) --system-dns (Use OS's DNS Resolver)

--privileged (Fully Privileged) --traceroute (Trace Hop Path To Each Host)


Host & Port Options
--unprivileged (Lacks Raw Socket Privileged) -p <Port Range> (Only Scan Specified Ports)

--send-eth/--send-ip (Send Using Raw Ethernet Frames Or IP Packets) -F (Fast Scan) Scan Fewer Ports Than The Default Scan

-r (Scan Ports Consecutively) Don't Randomize


--top-ports (Scan Most Common Ports)
--port-ratio (Scan ports more common than ratio)

You might also like