Network exploration tool and security / port scanner
|
-iL inputfilename (Input from list) .
Reads target specifications from inputfilename. Passing a huge list of hosts is often awkward on the
command line, yet it is a common desire. For example, your DHCP server might export a list of 10,000
current leases that you wish to scan. Or maybe you want to scan all IP addresses except for those to
locate hosts using unauthorized static IP addresses. Simply generate the list of hosts to scan and
pass that filename to Nmap as an argument to the -iL option. Entries can be in any of the formats
accepted by Nmap on the command line (IP address, hostname, CIDR, IPv6, or octet ranges). Each entry
must be separated by one or more spaces, tabs, or newlines. You can specify a hyphen (-) as the
filename if you want Nmap to read hosts from standard input rather than an actual file.
The input file may contain comments that start with # and extend to the end of the line.
|
-sL (List Scan) .
The list scan is a degenerate form of host discovery that simply lists each host of the network(s)
specified, without sending any packets to the target hosts. By default, Nmap still does reverse-DNS
resolution on the hosts to learn their names. It is often surprising how much useful information
simple hostnames give out. For example, fw.chi is the name of one company´s Chicago firewall. Nmap
also reports the total number of IP addresses at the end. The list scan is a good sanity check to
ensure that you have proper IP addresses for your targets. If the hosts sport domain names you do not
recognize, it is worth investigating further to prevent scanning the wrong company´s network.
Since the idea is to simply print a list of target hosts, options for higher level functionality such
as port scanning, OS detection, or ping scanning cannot be combined with this. If you wish to disable
ping scanning while still performing such higher level functionality, read up on the -PN (skip ping)
option.
|
-n (No DNS resolution) .
Tells Nmap to never do reverse DNS resolution on the active IP addresses it finds. Since DNS can be
slow even with Nmap´s built-in parallel stub resolver, this option can slash scanning times.
|
Pipelines
A pipeline is a sequence of one or more commands separated by one of the control operators | or |&. The
format for a pipeline is:
[time [-p]] [ ! ] command [ [|⎪|&] command2 ... ]
The standard output of command is connected via a pipe to the standard input of command2. This
connection is performed before any redirections specified by the command (see REDIRECTION below). If |&
is used, the standard error of command is connected to command2's standard input through the pipe; it is
shorthand for 2>&1 |. This implicit redirection of the standard error is performed after any
redirections specified by the command.
The return status of a pipeline is the exit status of the last command, unless the pipefail option is
enabled. If pipefail is enabled, the pipeline's return status is the value of the last (rightmost)
command to exit with a non-zero status, or zero if all commands exit successfully. If the reserved word
! precedes a pipeline, the exit status of that pipeline is the logical negation of the exit status as
described above. The shell waits for all commands in the pipeline to terminate before returning a value.
If the time reserved word precedes a pipeline, the elapsed as well as user and system time consumed by
its execution are reported when the pipeline terminates. The -p option changes the output format to that
specified by POSIX. When the shell is in posix mode, it does not recognize time as a reserved word if
the next token begins with a `-'. The TIMEFORMAT variable may be set to a format string that specifies
how the timing information should be displayed; see the description of TIMEFORMAT under Shell Variables
below.
When the shell is in posix mode, time may be followed by a newline. In this case, the shell displays the
total user and system time consumed by the shell and its children. The TIMEFORMAT variable may be used
to specify the format of the time information.
Each command in a pipeline is executed as a separate process (i.e., in a subshell).
|
print lines matching a pattern
|
grep searches the named input FILEs (or standard input if no files are named, or if a single hyphen-minus
(-) is given as file name) for lines containing a match to the given PATTERN. By default, grep prints
the matching lines.
|
pattern-directed scanning and processing language
|
read from standard input and write to standard output and files
|
Copy standard input to each FILE, and also to standard output.
If a FILE is -, copy again to standard output.
|