###### tags: `hacking tools` `get informations` # Nmap ```bash= $ nmap 8.8.8.8 ``` 8.8.8.8 google DNS 服務器 ## 常用端口 掃描 ```bash= nmap <ip or domain_name> --top-ports <port 數> ``` - 可以加 options <-A> show All ## Output file ```bash= $ nmap <ip or domain_name> -oN ``` oN -> output normal files ## 腳本掃描 ```bash= nmap <ip or domainName> --script=./<file router> ``` e.g. nmap ecampus.nqu.edu.tw --script=./brupt.nse -oN ecampusDNS ![](https://i.imgur.com/5JUzsV9.png) ![](https://i.imgur.com/FaDJ4vn.png) ![](https://i.imgur.com/P6Do1gF.png) ## Fake MAC address - 了解自己 ```=bash nmap -iflist ``` ![](https://i.imgur.com/kl2klym.png) self MAC is 08:00:27:95:BD:54 ## 開掃 ![](https://i.imgur.com/qrvWc6c.png) - Take advantage of [wireshark](/7x6CArA3S-SxpATt0trA2Q) to select eht0 network card to check that wireshark capture packets ![](https://i.imgur.com/OtezjRg.png) Now, we need to fake my mac 嘿嘿 - 把MAC set 全部69 ![](https://i.imgur.com/WSLwqI6.png) - Output ![](https://i.imgur.com/nrXBOG6.png) ### 整合 (ip,port,mac) snoof ![](https://i.imgur.com/SRVBJJc.png) -Resoule ![](https://i.imgur.com/nOlewca.png) ## ICMP - internet control message protocol ```bash= ping host ``` use ICMP to know whether the target host up or down ```bash= nmap -sn ``` -sn (ping scan ## ARP - address resolution protocol ) ![](https://i.imgur.com/pis55tq.png) ## Fake the ip address and sourse port - 讓對手很迷茫 XD ![](https://i.imgur.com/iJP2ETP.png) - -F (quickly scan 100 prot - -O (OS detection - -g/--source-port - ![](https://i.imgur.com/2Es0TM2.png) - Result ![](https://i.imgur.com/3tGlK5j.png) ## Idle scan - idipseq - script for idle scan (to find out idle hosts ) https://nmap.org/nsedoc/scripts/ipidseq.html ![](https://i.imgur.com/8L17oAw.png) ![Uploading file..._ft2gx2adl]() ![](https://i.imgur.com/PJ9CJId.png) ![](https://i.imgur.com/kOf4npL.png) -Result ![](https://i.imgur.com/ALJ3zUE.png) ![](https://i.imgur.com/OQicwSN.png) ## Sample ![](https://i.imgur.com/ZGuvK7g.png) - options - -n (Never do resolution - -e (Use specified interface