Voici les options à ajouter à nmap pour rendre les scan de port plus rapide
0x01. TIMING
D’après les options de nmap :
TIMING AND PERFORMANCE: Options which take <time> are in seconds, or append ’ms’ (milliseconds), ’s’ (seconds), ’m’ (minutes), or ’h’ (hours) to the value (e.g. 30m). -T<0-5>: Set timing template (higher is faster) --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes --min-parallelism/max-parallelism <numprobes>: Probe parallelization --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time. --max-retries <tries>: Caps number of port scan probe retransmissions. --host-timeout <time>: Give up on target after this long --scan-delay/--max-scan-delay <time>: Adjust delay between probes --min-rate <number>: Send packets no slower than <number> per second --max-rate <number>: Send packets no faster than <number> per second
0x03. RESULTATS
Voici les différences, avant les options, 46 secondes au total
‹-› ~,0› time nmap -Pn -n -p 1-1024 172.42.208.211 --reason Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-13 03:09 CEST Nmap scan report for 172.42.208.211 Host is up, received user-set (0.071s latency). Not shown: 1021 filtered ports Reason: 1021 no-responses PORT STATE SERVICE REASON 22/tcp open ssh syn-ack 80/tcp open http syn-ack 443/tcp closed https conn-refused Nmap done: 1 IP address (1 host up) scanned in 46.06 seconds nmap -Pn -n -p 1-1024 172.42.208.211 --reason 0.05s user 0.26s system 0% cpu 46.081 total
Avec les opions de timing suivantes :
--min-rtt-timeout .1 = temps au bout du quel la trame envoyée est considérée sans réponse
--max-retries 1 = nombre d’essaie en cas d’échec de connexion
--min-parallelism 50 = nombre de thread
--min-rate 50000 = débit en paquet/seconde
--host-timeout 2 = temps de réponse maximum pour une cible
Résultat en 2.1 secondes :
Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-13 03:08 CEST Nmap scan report for 172.42.208.211 Host is up, received user-set (0.0020s latency). Not shown: 1022 filtered ports Reason: 1022 no-responses PORT STATE SERVICE REASON 22/tcp open ssh syn-ack 80/tcp open http syn-ack Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds nmap --min-rtt-timeout .1 --max-retries 1 --min-parallelism 100 --min-rate 50000 0.07s user 1.45s system 69% cpu 2.172 total
=> Écrit par : Nicolas, le 04 août 2020