Voici les options à ajouter à nmap pour rendre les scan de port plus rapide





0x01. TIMING


D’après les options de nmap :


TIMING AND PERFORMANCE:
  Options which take <time> are in seconds, or append ’ms’ (milliseconds),
  ’s’ (seconds), ’m’ (minutes), or ’h’ (hours) to the value (e.g. 30m).
  -T<0-5>: Set timing template (higher is faster)
  --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
  --min-parallelism/max-parallelism <numprobes>: Probe parallelization
  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
      probe round trip time.
  --max-retries <tries>: Caps number of port scan probe retransmissions.
  --host-timeout <time>: Give up on target after this long
  --scan-delay/--max-scan-delay <time>: Adjust delay between probes
  --min-rate <number>: Send packets no slower than <number> per second
  --max-rate <number>: Send packets no faster than <number> per second



0x03. RESULTATS


Voici les différences, avant les options, 46 secondes au total


‹-› ~,0› time nmap  -Pn -n -p 1-1024 172.42.208.211 --reason
Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-13 03:09 CEST
Nmap scan report for 172.42.208.211
Host is up, received user-set (0.071s latency).
Not shown: 1021 filtered ports
Reason: 1021 no-responses
PORT    STATE  SERVICE REASON
22/tcp  open   ssh     syn-ack
80/tcp  open   http    syn-ack
443/tcp closed https   conn-refused

Nmap done: 1 IP address (1 host up) scanned in 46.06 seconds
nmap -Pn -n -p 1-1024 172.42.208.211 --reason  0.05s user 0.26s system 0% cpu 46.081 total

Avec les opions de timing suivantes :

--min-rtt-timeout .1 = temps au bout du quel la trame envoyée est considérée sans réponse
--max-retries 1 = nombre d’essaie en cas d’échec de connexion
--min-parallelism 50 = nombre de thread
--min-rate 50000 = débit en paquet/seconde
--host-timeout 2 = temps de réponse maximum pour une cible

Résultat en 2.1 secondes :


Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-13 03:08 CEST
Nmap scan report for 172.42.208.211
Host is up, received user-set (0.0020s latency).
Not shown: 1022 filtered ports
Reason: 1022 no-responses
PORT   STATE SERVICE REASON
22/tcp open  ssh     syn-ack
80/tcp open  http    syn-ack

Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds
nmap --min-rtt-timeout .1 --max-retries 1 --min-parallelism 100 --min-rate 50000  0.07s user 1.45s system 69% cpu 2.172 total


   =>   Écrit par : Nicolas, le 04 août 2020


 
Mots clés :  
  linux 
  
  security 
    >   Articles connexes :

Comment gagner du temps sur Internet



Cheat Sheet OpenSSL



/tmp et /var/log en noexec sur macOS



Durcissement de Windows



1498969