diff --git a/README.md b/README.md index f715673..1ae59b5 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,9 @@ nmap [Scan Type] [Options] {target specification} -oN/-oX/-oS/-oG : Output scan in normal, XML,Output in the three major formats at once -v: Increase verbosity level (use -vv or more for greater effect) -* MISC: -6: Enable IPv6 scanning -A: Enable OS detection, version detection, script scanning, and traceroute +* MISC: +-6: Enable IPv6 scanning +-A: Enable OS detection, version detection, script scanning, and traceroute ``` @@ -69,10 +71,73 @@ masscan IP -p 1-65535 --rate 100 -oX masscan.xml ``` +| Option | Discription | +|--------|-------------| +| -p | Ports to scan, E.g. -p80,8000-8100 | +| --rate= | Rate of Packets-per-Second, E,g --rate=10000 = 10kpps (Too High can cause a Jam) | +| --banners | -oB : save results of scan in binary format to | +| --open --banners --readscan -oX | read binary scan results in and save them as xml in | +| --nmap | Options Compatable with Nmap| + +##### Compatable Nmap Options +``` + TARGET SPECIFICATION: + Can pass only IPv4/IPv6 address, CIDR networks, or ranges (non-nmap style) + Ex: 10.0.0.0/8, 192.168.0.1, 10.0.0.1-10.0.0.254 + -iL : Input from list of hosts/networks + --exclude : Exclude hosts/networks + --excludefile : Exclude list from file + --randomize-hosts: Randomize order of hosts (default) +HOST DISCOVERY: + -Pn: Treat all hosts as online (default) + -n: Never do DNS resolution (default) +SCAN TECHNIQUES: + -sS: TCP SYN (always on, default) +SERVICE/VERSION DETECTION: + --banners: get the banners of the listening service if available. The + default timeout for waiting to receive data is 30 seconds. +PORT SPECIFICATION AND SCAN ORDER: + -p : Only scan specified ports + Ex: -p22; -p1-65535; -p 111,137,80,139,8080 +TIMING AND PERFORMANCE: + --max-rate : Send packets no faster than per second + --connection-timeout : time in seconds a TCP connection will + timeout while waiting for banner data from a port. +FIREWALL/IDS EVASION AND SPOOFING: + -S/--source-ip : Spoof source address + -e : Use specified interface + -g/--source-port : Use given port number + --ttl : Set IP time-to-live field + --spoof-mac : Spoof your MAC address +OUTPUT: + --output-format : Sets output to binary/list/unicornscan/json/ndjson/grepable/xml + --output-file : Write scan results to file. If --output-format is + not given default is xml + -oL/-oJ/-oD/-oG/-oB/-oX/-oU : Output scan in List/JSON/nDjson/Grepable/Binary/XML/Unicornscan format, + respectively, to the given filename. Shortcut for + --output-format --output-file + -v: Increase verbosity level (use -vv or more for greater effect) + -d: Increase debugging level (use -dd or more for greater effect) + --open: Only show open (or possibly open) ports + --packet-trace: Show all packets sent and received + --iflist: Print host interfaces and routes (for debugging) + --append-output: Append to rather than clobber specified output files + --resume : Resume an aborted scan +MISC: + --send-eth: Send using raw ethernet frames (default) + -V: Print version number + -h: Print this help summary page. +EXAMPLES: + masscan -v -sS 192.168.0.0/16 10.0.0.0/8 -p 80 + masscan 23.0.0.0/0 -p80 --banners -output-format binary --output-filename internet.scan + masscan --open --banners --readscan internet.scan -oG internet_scan.grepable +``` + + #### Netdiscover -```` +``` netdiscover -i ```