Basic arguments:
-p, --target-port=port TCP port number to scan (for SYN scans)
-o, --output-file=name Output file
-b, --blacklist-file=path File of subnets to exclude, in CIDR notation,
e.g. 192.168.0.0/16
-w, --whitelist-file=path File of subnets to constrain scan to, in CIDR
notation, e.g. 192.168.0.0/16
-f, --output-fields=fields Fields that should be output in result set
Scan options:
-n, --max-targets=n Cap number of targets to probe (as a number or
a percentage of the address space)
-N, --max-results=n Cap number of results to return
-t, --max-runtime=ses Cap length of time for sending packets
-r, --rate=pps Set send rate in packets/sec
-B, --bandwidth=bps Set send rate in bits/second (supports suffixes
G, M and K)
-c, --cooldown-time=secs How long to continue receiving after sending
last probe (default=`8')
-e, --seed=n Seed used to select address permutation
-T, --sender-threads=n Threads used to send packets (default=`1')
-P, --probes=n Number of probes to send to each IP
(default=`1')
-d, --dryrun Don't actually send packets
--shards=N Set the total number of shards (default=`1')
--shard=n Set which shard this scan is (0 indexed)
(default=`0')
Network options:
-s, --source-port=port|range Source port(s) for scan packets
-S, --source-ip=ip|range Source address(es) for scan packets
-G, --gateway-mac=addr Specify gateway MAC address
-i, --interface=name Specify network interface to use
-X, --vpn Sends IP packets instead of Ethernet (for VPNs)
Advanced options:
-M, --probe-module=name Select probe module (default=`tcp_synscan')
-O, --output-module=name Select output module (default=`default')
--probe-args=args Arguments to pass to probe module
--output-args=args Arguments to pass to output module
--output-filter=filter Specify a filter over the response fields to
limit what responses get sent to the output
module
--list-output-modules List available output modules
--list-probe-modules List available probe modules
--list-output-fields List all fields that can be output by selected
probe module
Additional options:
-C, --config=filename Read a configuration file, which can specify
any of these options
(default=`/etc/zmap/zmap.conf')
-l, --log-file=name Write log entries to file
-L, --log-directory=directory Write log entries to a timestamped file in this
directory
-q, --quiet Do not print status updates
-g, --summary Print configuration and summary at end of scan
--metadata-file=name Output file for scan metadata (JSON)
--ignore-invalid-hosts Ignore invalid hosts in whitelist/blacklist
file
--disable-syslog Disables logging messages to syslog
-v, --verbosity=n Level of log detail (0-5) (default=`3')
-h, --help Print help and exit
-V, --version Print version and exit
Examples:
zmap -p 80 -o - (scan the Internet for hosts on port 80 and output to stdout)
zmap -N 5 -B 10M -p 80 -o - (find 5 HTTP servers, scanning at 10 Mb/s)
zmap -p 80 10.0.0.0/8 192.168.0.0/16 -o (scan 10./8, 192.168./16 on port 80)
zmap -p 80 192.168.1.2 192.168.1.3 (scan 192.168.1.2, 192.168.1.3 on port 80)
Probe-module (tcp_synscan) Help:
Probe module that sends a TCP SYN packet to a specific port. Possible
classifications are: synack and rst. A SYN-ACK packet is considered a success
and a reset packet is considered a failed response.
成长值: 54
发表于 2015/5/12 14:37
Google Chrome 42.0.2311.135
Windows 7
发表于 2015/5/12 14:37