Network exploration tool and security / port scanner
-iL inputfilename (Input from list) .
Reads target specifications from inputfilename. Passing a huge list of hosts is often awkward on the
command line, yet it is a common desire. For example, your DHCP server might export a list of 10,000
current leases that you wish to scan. Or maybe you want to scan all IP addresses except for those to
locate hosts using unauthorized static IP addresses. Simply generate the list of hosts to scan and
pass that filename to Nmap as an argument to the -iL option. Entries can be in any of the formats
accepted by Nmap on the command line (IP address, hostname, CIDR, IPv6, or octet ranges). Each entry
must be separated by one or more spaces, tabs, or newlines. You can specify a hyphen (-) as the
filename if you want Nmap to read hosts from standard input rather than an actual file.
The input file may contain comments that start with # and extend to the end of the line.
-sL (List Scan) .
The list scan is a degenerate form of host discovery that simply lists each host of the network(s)
specified, without sending any packets to the target hosts. By default, Nmap still does reverse-DNS
resolution on the hosts to learn their names. It is often surprising how much useful information
simple hostnames give out. For example, fw.chi is the name of one company´s Chicago firewall. Nmap
also reports the total number of IP addresses at the end. The list scan is a good sanity check to
ensure that you have proper IP addresses for your targets. If the hosts sport domain names you do not
recognize, it is worth investigating further to prevent scanning the wrong company´s network.
Since the idea is to simply print a list of target hosts, options for higher level functionality such
as port scanning, OS detection, or ping scanning cannot be combined with this. If you wish to disable
ping scanning while still performing such higher level functionality, read up on the -PN (skip ping)
-n (No DNS resolution) .
Tells Nmap to never do reverse DNS resolution on the active IP addresses it finds. Since DNS can be
slow even with Nmap´s built-in parallel stub resolver, this option can slash scanning times.
--excludefile exclude_file (Exclude list from file) .
This offers the same functionality as the --exclude option, except that the excluded targets are
provided in a newline, space, or tab delimited exclude_file rather than on the command line.
The exclude file may contain comments that start with # and extend to the end of the line.
A pipeline is a sequence of one or more commands separated by one of the control operators | or |&. The
format for a pipeline is:
[time [-p]] [ ! ] command [ [|⎪|&] command2 ... ]
The standard output of command is connected via a pipe to the standard input of command2. This
connection is performed before any redirections specified by the command (see REDIRECTION below). If |&
is used, the standard error of command is connected to command2's standard input through the pipe; it is
shorthand for 2>&1 |. This implicit redirection of the standard error is performed after any
redirections specified by the command.
The return status of a pipeline is the exit status of the last command, unless the pipefail option is
enabled. If pipefail is enabled, the pipeline's return status is the value of the last (rightmost)
command to exit with a non-zero status, or zero if all commands exit successfully. If the reserved word
! precedes a pipeline, the exit status of that pipeline is the logical negation of the exit status as
described above. The shell waits for all commands in the pipeline to terminate before returning a value.
If the time reserved word precedes a pipeline, the elapsed as well as user and system time consumed by
its execution are reported when the pipeline terminates. The -p option changes the output format to that
specified by POSIX. When the shell is in posix mode, it does not recognize time as a reserved word if
the next token begins with a `-'. The TIMEFORMAT variable may be set to a format string that specifies
how the timing information should be displayed; see the description of TIMEFORMAT under Shell Variables
When the shell is in posix mode, time may be followed by a newline. In this case, the shell displays the
total user and system time consumed by the shell and its children. The TIMEFORMAT variable may be used
to specify the format of the time information.
Each command in a pipeline is executed as a separate process (i.e., in a subshell).
print lines matching a pattern
grep searches the named input FILEs (or standard input if no files are named, or if a single hyphen-minus
(-) is given as file name) for lines containing a match to the given PATTERN. By default, grep prints
the matching lines.
pattern scanning and processing language
If no -f option is specified, the first operand to awk shall be the text of the awk program. The
application shall supply the program operand as a single argument to awk. If the text does not end
in a <newline>, awk shall interpret the text as if it did.
Either of the following two types of argument can be intermixed:
A pathname of a file that contains the input to be read, which is matched against the set of
patterns in the program. If no file operands are specified, or if a file operand is '-' , the
standard input shall be used.
An operand that begins with an underscore or alphabetic character from the portable character set
(see the table in the Base Definitions volume of IEEE Std 1003.1-2001, Section 6.1, Portable
Character Set), followed by a sequence of underscores, digits, and alphabetics from the portable
character set, followed by the '=' character, shall specify a variable assignment rather than a
pathname. The characters before the '=' represent the name of an awk variable; if that name is an
awk reserved word (see Grammar ) the behavior is undefined. The characters following the equal
sign shall be interpreted as if they appeared in the awk program preceded and followed by a
double-quote ( ' )' character, as a STRING token (see Grammar ), except that if the last character
is an unescaped backslash, it shall be interpreted as a literal backslash rather than as the first
character of the sequence "\"" . The variable shall be assigned the value of that STRING token
and, if appropriate, shall be considered a numeric string (see Expressions in awk ), the variable
shall also be assigned its numeric value. Each such variable assignment shall occur just prior to
the processing of the following file, if any. Thus, an assignment before the first file argument
shall be executed after the BEGIN actions (if any), while an assignment after the last file
argument shall occur before the END actions (if any). If there are no file arguments, assignments
shall be executed before processing the standard input.