Miscellaneous output options:

Option –append-output (Append to rather than clobber output files):

When you specify a filename to an output format flag such as -oX or -oN, that file is overwritten by default. If you prefer to keep the existing content of the file and append the new results, specify the –append-output option. All output filenames specified in that Nmap execution will then be appended to rather than clobbered. This doesn’t work well for XML (-oX) scan data as the resultant file generally won’t parse properly until you fix it up by hand.

Option –resume <filename> (Resume aborted scan):

Some extensive Nmap runs take a very long time — on the order of days. Such scans don’t always run to completion. Restrictions may prevent Nmap from being run during working hours, the network could go down, the machine Nmap is running on might suffer a planned or unplanned reboot, or Nmap itself could crash. The admin running Nmap could cancel it for any other reason as well, by pressing ctrl-C. Restarting the whole scan from the beginning may be undesirable. Fortunately, if normal (-oN) or grepable (-oG) logs were kept, the user can ask Nmap to resume scanning with the target it was working on when execution ceased. Simply specify the –resume option and pass the normal/grepable output file as its argument. No other arguments are permitted, as Nmap parses the output file to use the same ones specified previously. Simply call Nmap as nmap –resume logfilename. Nmap will append new results to the data files specified in the previous execution. Resumption does not support the XML output format because combining the two runs into one valid XML file would be difficult.

Option –stylesheet <path or URL> (Set XSL stylesheet to transform XML output):

Nmap ships with an XSL stylesheet named nmap.xsl for viewing or translating XML output to HTML. The XML output includes an xml-stylesheet directive which points to nmap.xml where it was initially installed by Nmap (or in the current working directory on Windows). Simply load Nmap’s XML output in a modern web browser and it should retrieve nmap.xsl from the filesystem and use it to render results. If you wish to use a different stylesheet, specify it as the argument to –stylesheet. You must pass the full pathname or URL. One common invocation is –stylesheet http://insecure.org/nmap/data/nmap.xsl. This tells a browser to load the latest version of the stylesheet from Insecure.Org. The –webxml option does the same thing with less typing and memorization. Loading the XSL from Insecure.Org makes it easier to view results on a machine that doesn’t have Nmap (and thus nmap.xsl) installed. So the URL is often more useful, but the local filesystem location of nmap.xsl is used by default for privacy reasons.

Option –webxml (Load stylesheet from Insecure.Org):

This convenience option is simply an alias for –stylesheet http://insecure.org/nmap/data/nmap.xsl.

Option –no_stylesheet (Omit XSL stylesheet declaration from XML):

Specify this option to prevent Nmap from associating any XSL stylesheet with its XML output. The xml-stylesheet directive is omitted.

Miscellaneous Options:

-6 (Enable IPv6 scanning)

Since 2002, Nmap has offered IPv6 support for its most popular features. In particular, ping scanning (TCP-only), connect scanning, and version detection all support IPv6. The command syntax is the same as usual except that you also add the -6 option. Of course, you must use IPv6 syntax if you specify an address rather than a hostname. An address might look like 3ffe:7501:4819:2000:210:f3ff:fe03:14d0, so hostnames are recommended. The output looks the same as usual, with the IPv6 address on the “interesting ports” line being the only IPv6 give away.

-A (Aggressive scan options)

This option enables additional advanced and aggressive options. I haven’t decided exactly which it stands for yet. Presently this enables OS Detection (-O), version scanning (-sV), script scanning (-sC) and traceroute (–traceroute). More features may be added in the future. The point is to enable a comprehensive set of scan options without people having to remember a large set of flags. This option only enables features, and not timing options (such as -T4) or verbosity options (-v) that you might want as well.

The output from this option was too so partial screenshot and text file output:

http://www.linuxhaxor.net/aggresive.htm

Option –datadir <directoryname> (Specify custom Nmap data file location):

Nmap obtains some special data at runtime in files named nmap-service-probes, nmap-services, nmap-protocols, nmap-rpc, nmap-mac-prefixes, and nmap-os-fingerprints. If the location of any of these files has been specified (using the –servicedb or –versiondb options), that location is used for that file. After that, Nmap searches these files in the directory specified with the –datadir option (if any). Any files not found there, are searched for in the directory specified by the NMAPDIR environmental variable. Next comes ~/.nmap for real and effective UIDs (POSIX systems only) or location of the Nmap executable (Win32 only), and then a compiled-in location such as /usr/local/share/nmap or /usr/share/nmap . As a last resort, Nmap will look in the current directory.

Option –servicedb <services file> (Specify custom services file):

Asks Nmap to use the specified services file rather than the nmap-services data file that comes with Nmap. Using this option also causes a fast scan (-F) to be used. See the description for –datadir for more information on Nmap’s data files.

Option –versiondb <service probes file> (Specify custom service probes file):

Asks Nmap to use the specified service probes file rather than the nmap-service-probes data file that comes with Nmap. See the description for –datadir for more information on Nmap’s data files.

Option –send-eth (Use raw ethernet sending):

Asks Nmap to send packets at the raw ethernet (data link) layer rather than the higher IP (network) layer. By default, Nmap chooses the one which is generally best for the platform it is running on. Raw sockets (IP layer) are generally most efficient for UNIX machines, while ethernet frames are required for Windows operation since Microsoft disabled raw socket support. Nmap still uses raw IP packets on UNIX despite this option when there is no other choice (such as non-ethernet connections).

Option –send-ip (Send at raw IP level):

Asks Nmap to send packets via raw IP sockets rather than sending lower level ethernet frames. It is the complement to the –send-eth option discussed previously.

Option –privileged (Assume that the user is fully privileged)

Tells Nmap to simply assume that it is privileged enough to perform raw socket sends, packet sniffing, and similar operations that usually require root privileges on UNIX systems. By default Nmap quits if such operations are requested but geteuid() is not zero. –privileged is useful with Linux kernel capabilities and similar systems that may be configured to allow unprivileged users to perform raw-packet scans. Be sure to provide this option flag before any flags for options that require privileges (SYN scan, OS detection, etc.). The NMAP_PRIVILEGED environmental variable may be set as an equivalent alternative to –privileged.

This doesn’t work in my system.

Option –unprivileged (Assume that the user lacks raw socket privileges):

This option is the opposite of –privileged. It tells Nmap to treat the user as lacking network raw socket and sniffing privileges. This is useful for testing, debugging, or when the raw network functionality of your operating system is somehow broken. The NMAP_UNPRIVILEGED environmental variable may be set as an equivalent alternative to –unprivileged.

Option –release-memory (Release memory before quitting):

This option is only useful for memory-leak debugging. It causes Nmap to release allocated memory just before it quits so that actual memory leaks are easier to spot. Normally Nmap skips this as the OS does this anyway upon process termination.

Option –interactive (Start in interactive mode):

Starts Nmap in interactive mode, which offers an interactive Nmap prompt allowing easy launching of multiple scans (either synchronously or in the background). This is useful for people who scan from multi-user systems as they often want to test their security without letting everyone else on the system know exactly which systems they are scanning. Use –interactive to activate this mode and then type h for help. This option is rarely used because proper shells are usually more familiar and feature-complete. This option includes a bang (!) operator for executing shell commands, which is one of many reasons not to install Nmap setuid root.

Option -V; –version (Print version number):

Prints the Nmap version number and exits.

Option -h; –help (Print help summary page)

Prints a short help screen with the most common command flags. Running Nmap without any arguments does the same thing.

Text output: http://www.linuxhaxor.net/help.htm

Hacking Hacking Linux News News Software Review Hacking Tools News Nmap Software Review

Continue Reading This Post:12345678