1. 发送以太网数据包
      nmap —send-eth 192.168.1.111

    2. 网络层发送
      nmap —send-ip 192.168.1.111

    3. 假定拥有所有权
      nmap —privileged 192.168.1.111

    4. 在交互模式中启动
      nmap —interactive

    5. 查看 Nmap 版本号
      nmap -V

    6. 设置调试级别
      nmap -d (1-9) 192.168.1.111

    7. 跟踪发送接收的报文
      nmap —packet-trace -p 20-30 192.168.1.111

    8. 列举接口和路由
      nmap —iflist www.iteye.com

    9. 指定网络接口
      nmap -e eth0 192.168.1.111

    10. 继续中断扫描
      nmap -oG 1.txt -v 192.168.126.1/24
      nmap —resume 1.txt (继续扫描)

    11. Dnmap
      dnmap_server -f test (指定命令脚本)
      dnmap_client -s 192.168.1.107 -a test

    12. 编写 Nse 脚本
      (1)
      — The scanning module —
      author = “Wing”
      categories = {“version”}
      portrule = function(host,port)
      return port.protocol == “tcp” and port.number == 80 and
      port.state == “open”
      end
      action = function(host,port)return “Found!!!”
      end
      (2) — The scanning module —
      author = “Wing”
      categories = {“version”}
      local comm=require “comm”
      require “shortport”
      local http=require “http”
      portrule = function(host,port)
      return (port.number == 80) and (port.start==”open”)
      end
      action = function(host,port)
      local uri = “/admin.php”
      local response = http.get(host,port,uri)
      return “Found!!!”
      end

    13. 探测防火墙
      nmap —script=firewalk —traceroute 192.168.1.111

    14. VMware 认证破解
      nmap -p 902 —script vmauthd-brute 192.168.1.107