= nmap =

A great tool for scanning hosts over the network


== Options ==

=== Hide yourself ===

* -D (Decoys)
  - Usage: -D {IP_ADDR,IP_ADDR,...}
  - list of hosts to send packets from. will spoof outgoing packets to appear
    as if they come from these hosts. Can help fool [[IDS]] by hiding the real
    address of the machine performing the scan
* -S (source address)
  - Usage: -S IP_ADDR
  - spoof the source address for packets for the scan. For this the -e option
    is required, as well as -Pn
* -e (interface)
  - Usage: -e INTERFACE
  - set which interface to use when sending out packets, ie eth0 or wlan0
* -Pn (all hosts online)
  - Usage: -Pn
  - Treat all hosts as online, dont bother to check if theyre up or not
* -b (bounce)
  - Usage: -b FTP.HOST.COM
  - 'Bounce' our scan through a ftp host. does this by making it appear as if
    we're requesting files, then watch how the server replies

=== Obtrusive ===

* -O (OS detection)
  - Usage: -O
  - Will attempt to see what OS the target system is running. Is pretty
    invasive so be catious when using this
* -A (OS/version detection)
  - Usage: -A
  - Will attempt to detect both OS and OS version. Very obtrusive
* -T<0-5> (Timing template)
  - Determine how fast the scan will go. higher is faster, yet more aggressive
    and obvious to [[IDS]]
* -p (Scan specific port)
 - Usage: -p<1-65535>
 - Scans specified ports only. use -p- to scan every port

[[index]]