nmap.cc
来自「Ubuntu packages of security software。 相」· CC 代码 · 共 1,539 行 · 第 1/5 页
CC
1,539 行
" -A: Enables OS detection and Version detection, Script scanning and Traceroute\n" " --datadir <dirname>: Specify custom Nmap data file location\n" " --send-eth/--send-ip: Send using raw ethernet frames or IP packets\n" " --privileged: Assume that the user is fully privileged\n" " --unprivileged: Assume the user lacks raw socket privileges\n" " -V: Print version number\n" " -h: Print this help summary page.\n" "EXAMPLES:\n" " nmap -v -A scanme.nmap.org\n" " nmap -v -sP 192.168.0.0/16 10.0.0.0/8\n" " nmap -v -iR 10000 -PN -p 80\n" "SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES\n", NMAP_NAME, NMAP_VERSION, NMAP_URL); exit(rc);}/** * Returns 1 if this is a reserved IP address, where "reserved" means * either a private address, non-routable address, or even a non-reserved * but unassigned address which has an extremely high probability of being * black-holed. * * We try to optimize speed when ordering the tests. This optimization * assumes that all byte values are equally likely in the input. * * Warning: This function could easily become outdated if the IANA * starts to assign some more IPv4 ranges to RIPE, etc. as they have * started doing this year (2001), for example 80.0.0.0/4 used to be * completely unassigned until they gave 80.0.0.0/7 to RIPE in April * 2001 (www.junk.org is an example of a new address in this range). * * Check <http://www.iana.org/assignments/ipv4-address-space> for * the most recent assigments and * <http://www.cymru.com/Documents/bogon-bn-nonagg.txt> for bogon * netblocks. */static int ip_is_reserved(struct in_addr *ip){ char *ipc = (char *) &(ip->s_addr); unsigned char i1 = ipc[0], i2 = ipc[1], i3 = ipc[2], i4 = ipc[3]; /* do all the /7's and /8's with a big switch statement, hopefully the * compiler will be able to optimize this a little better using a jump table * or what have you */ switch (i1) { case 0: /* 000/8 is IANA reserved */ case 1: /* 001/8 is IANA reserved */ case 2: /* 002/8 is IANA reserved */ case 5: /* 005/8 is IANA reserved */ case 6: /* USA Army ISC */ case 7: /* used for BGP protocol */ case 10: /* the infamous 10.0.0.0/8 */ case 23: /* 023/8 is IANA reserved */ case 27: /* 027/8 is IANA reserved */ case 31: /* 031/8 is IANA reserved */ case 36: /* 036/8 is IANA reserved */ case 37: /* 037/8 is IANA reserved */ case 39: /* 039/8 is IANA reserved */ case 42: /* 042/8 is IANA reserved */ case 46: /* 046/8 is IANA reserved */ case 49: /* 049/8 is IANA reserved */ case 50: /* 050/8 is IANA reserved */ case 55: /* misc. U.S.A. Armed forces */ case 127: /* 127/8 is reserved for loopback */ case 197: /* 197/8 is IANA reserved */ case 223: /* 223/8 is IANA reserved */ return 1; default: break; } /* 100-113/8 is IANA reserved */ if (i1 >= 100 && i1 <= 113) return 1; /* 172.16.0.0/12 is reserved for private nets by RFC1819 */ if (i1 == 172 && i2 >= 16 && i2 <= 31) return 1; /* 173-185/8 is IANA reserved */ if (i1 >= 173 && i1 <= 185) return 1; /* 192.168.0.0/16 is reserved for private nets by RFC1819 */ /* 192.0.2.0/24 is reserved for documentation and examples */ /* 192.88.99.0/24 is used as 6to4 Relay anycast prefix by RFC3068 */ if (i1 == 192) { if (i2 == 168) return 1; if (i2 == 0 && i3 == 2) return 1; if (i2 == 88 && i3 == 99) return 1; } /* 198.18.0.0/15 is used for benchmark tests by RFC2544 */ if (i1 == 198 && i2 == 18 && i3 >= 1 && i3 <= 64) { return 1; } /* reserved for DHCP clients seeking addresses, not routable outside LAN */ if (i1 == 169 && i2 == 254) return 1; /* believe it or not, 204.152.64.0/23 is some bizarre Sun proprietary * clustering thing */ if (i1 == 204 && i2 == 152 && (i3 == 64 || i3 == 65)) return 1; /* 224-239/8 is all multicast stuff */ /* 240-255/8 is IANA reserved */ if (i1 >= 224) return 1; /* 255.255.255.255, note we already tested for i1 in this range */ if (i2 == 255 && i3 == 255 && i4 == 255) return 1; return 0;}static char *grab_next_host_spec(FILE *inputfd, int argc, char **fakeargv) { static char host_spec[1024]; unsigned int host_spec_index; int ch; struct in_addr ip; if (o.generate_random_ips) { do { ip.s_addr = get_random_u32(); } while (ip_is_reserved(&ip)); Strncpy(host_spec, inet_ntoa(ip), sizeof(host_spec)); } else if (!inputfd) { return( (optind < argc)? fakeargv[optind++] : NULL); } else { host_spec_index = 0; while((ch = getc(inputfd)) != EOF) { if (ch == ' ' || ch == '\r' || ch == '\n' || ch == '\t' || ch == '\0') { if (host_spec_index == 0) continue; host_spec[host_spec_index] = '\0'; return host_spec; } else if (host_spec_index < sizeof(host_spec) / sizeof(char) -1) { host_spec[host_spec_index++] = (char) ch; } else fatal("One of the host_specifications from your input file is too long (> %d chars)", (int) sizeof(host_spec)); } host_spec[host_spec_index] = '\0'; } if (!*host_spec) return NULL; return host_spec;}int nmap_main(int argc, char *argv[]) { char *p, *q; int i, arg; long l; unsigned int targetno; FILE *inputfd = NULL, *excludefd = NULL; char *host_spec = NULL, *exclude_spec = NULL; short randomize=1; short quashargv = 0; char **host_exp_group; char *idleProxy = NULL; /* The idle host used to "Proxy" an idle scan */ int num_host_exp_groups; char *machinefilename = NULL, *kiddiefilename = NULL, *normalfilename = NULL, *xmlfilename = NULL; time_t now; struct tm *tm; HostGroupState *hstate = NULL; char *endptr = NULL; struct scan_lists *ports = NULL; TargetGroup *exclude_group = NULL; Traceroute *troute = NULL; char myname[MAXHOSTNAMELEN + 1];#if (defined(IN_ADDR_DEEPSTRUCT) || defined( SOLARIS)) /* Note that struct in_addr in solaris is 3 levels deep just to store an * unsigned int! */ struct ftpinfo ftp = { FTPUSER, FTPPASS, "", { { { 0 } } } , 21, 0};#else struct ftpinfo ftp = { FTPUSER, FTPPASS, "", { 0 }, 21, 0};#endif struct hostent *target = NULL; char **fakeargv; Target *currenths; vector<Target *> Targets; char *portlist = NULL; /* Ports list specified by user */ int sourceaddrwarning = 0; /* Have we warned them yet about unguessable source addresses? */ unsigned int ideal_scan_group_sz = 0; char hostname[MAXHOSTNAMELEN + 1] = ""; const char *spoofmac = NULL; time_t timep; char mytime[128]; struct sockaddr_storage ss; size_t sslen; int option_index; bool iflist = false; // Pre-specified timing parameters. // These are stored here during the parsing of the arguments so that we can // set the defaults specified by any timing template options (-T2, etc) BEFORE // any of these. In other words, these always take precedence over the templates. int pre_max_parallelism=-1, pre_scan_delay=-1, pre_max_scan_delay=-1; int pre_init_rtt_timeout=-1, pre_min_rtt_timeout=-1, pre_max_rtt_timeout=-1; int pre_max_retries=-1; long pre_host_timeout=-1; struct option long_options[] = { {"version", no_argument, 0, 'V'}, {"verbose", no_argument, 0, 'v'}, {"datadir", required_argument, 0, 0}, {"servicedb", required_argument, 0, 0}, {"versiondb", required_argument, 0, 0}, {"debug", optional_argument, 0, 'd'}, {"help", no_argument, 0, 'h'}, {"iflist", no_argument, 0, 0}, {"release_memory", no_argument, 0, 0}, {"release-memory", no_argument, 0, 0}, {"max_os_tries", required_argument, 0, 0}, {"max-os-tries", required_argument, 0, 0}, {"max_parallelism", required_argument, 0, 'M'}, {"max-parallelism", required_argument, 0, 'M'}, {"min_parallelism", required_argument, 0, 0}, {"min-parallelism", required_argument, 0, 0}, {"timing", required_argument, 0, 'T'}, {"max_rtt_timeout", required_argument, 0, 0}, {"max-rtt-timeout", required_argument, 0, 0}, {"min_rtt_timeout", required_argument, 0, 0}, {"min-rtt-timeout", required_argument, 0, 0}, {"initial_rtt_timeout", required_argument, 0, 0}, {"initial-rtt-timeout", required_argument, 0, 0}, {"excludefile", required_argument, 0, 0}, {"exclude", required_argument, 0, 0}, {"max_hostgroup", required_argument, 0, 0}, {"max-hostgroup", required_argument, 0, 0}, {"min_hostgroup", required_argument, 0, 0}, {"min-hostgroup", required_argument, 0, 0}, {"open", no_argument, 0, 0}, {"scanflags", required_argument, 0, 0}, {"defeat_rst_ratelimit", no_argument, 0, 0}, {"defeat-rst-ratelimit", no_argument, 0, 0}, {"host_timeout", required_argument, 0, 0}, {"host-timeout", required_argument, 0, 0}, {"scan_delay", required_argument, 0, 0}, {"scan-delay", required_argument, 0, 0}, {"max_scan_delay", required_argument, 0, 0}, {"max-scan-delay", required_argument, 0, 0}, {"max_retries", required_argument, 0, 0}, {"max-retries", required_argument, 0, 0}, {"oA", required_argument, 0, 0}, {"oN", required_argument, 0, 0}, {"oM", required_argument, 0, 0}, {"oG", required_argument, 0, 0}, {"oS", required_argument, 0, 0}, {"oH", required_argument, 0, 0}, {"oX", required_argument, 0, 0}, {"iL", required_argument, 0, 'i'}, {"iR", required_argument, 0, 0}, {"sI", required_argument, 0, 0}, {"source_port", required_argument, 0, 'g'}, {"source-port", required_argument, 0, 'g'}, {"randomize_hosts", no_argument, 0, 0}, {"randomize-hosts", no_argument, 0, 0}, {"osscan_limit", no_argument, 0, 0}, /* skip OSScan if no open ports */ {"osscan-limit", no_argument, 0, 0}, /* skip OSScan if no open ports */ {"osscan_guess", no_argument, 0, 0}, /* More guessing flexability */ {"osscan-guess", no_argument, 0, 0}, /* More guessing flexability */ {"fuzzy", no_argument, 0, 0}, /* Alias for osscan_guess */ {"packet_trace", no_argument, 0, 0}, /* Display all packets sent/rcv */ {"packet-trace", no_argument, 0, 0}, /* Display all packets sent/rcv */ {"version_trace", no_argument, 0, 0}, /* Display -sV related activity */ {"version-trace", no_argument, 0, 0}, /* Display -sV related activity */ {"data_length", required_argument, 0, 0}, {"data-length", required_argument, 0, 0}, {"send_eth", no_argument, 0, 0}, {"send-eth", no_argument, 0, 0}, {"send_ip", no_argument, 0, 0}, {"send-ip", no_argument, 0, 0}, {"stylesheet", required_argument, 0, 0}, {"no_stylesheet", no_argument, 0, 0}, {"no-stylesheet", no_argument, 0, 0}, {"webxml", no_argument, 0, 0}, {"rH", no_argument, 0, 0}, {"vv", no_argument, 0, 0}, {"ff", no_argument, 0, 0}, {"privileged", no_argument, 0, 0}, {"unprivileged", no_argument, 0, 0}, {"mtu", required_argument, 0, 0}, {"append_output", no_argument, 0, 0}, {"append-output", no_argument, 0, 0}, {"noninteractive", no_argument, 0, 0}, {"spoof_mac", required_argument, 0, 0}, {"spoof-mac", required_argument, 0, 0}, {"thc", no_argument, 0, 0}, {"badsum", no_argument, 0, 0}, {"ttl", required_argument, 0, 0}, /* Time to live */ {"traceroute", no_argument, 0, 0}, {"reason", no_argument, 0, 0}, {"allports", no_argument, 0, 0}, {"version_intensity", required_argument, 0, 0}, {"version-intensity", required_argument, 0, 0}, {"version_light", no_argument, 0, 0}, {"version-light", no_argument, 0, 0}, {"version_all", no_argument, 0, 0}, {"version-all", no_argument, 0, 0}, {"system_dns", no_argument, 0, 0}, {"system-dns", no_argument, 0, 0},⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?