渗透测试之信息收集，一般使用nmap来收集信息，主要的命令有：

# Fast simple scan
nmap 10.11.1.111

# Nmap ultra fast
nmap 10.11.1.111 --max-retries 1 --min-rate 1000

# Full complete slow scan with output
nmap -v -A -p- -Pn --script vuln -oA full 10.11.1.111

# Scan for UDP
nmap 10.11.1.111 -sU
unicornscan -mU -v -I 10.11.1.111

# Connect to udp if one is open
nc -u 10.11.1.111 48772

# Responder:
responder -I eth0 -A

tcpcump - packet scan

tcpdump -i eth0
tcpdump -c -i eth0
tcpdump -A -i eth0
tcpdump -w 0001.pcap -i eth0
tcpdump -r 0001.pcap
tcpdump -n -i eth0
tcpdump -i eth0 port 22
tcpdump -i eth0 -src 172.21.10.X
tcpdump -i eth0 -dst 172.21.10.X

Network scanning

# Netdiscover
netdiscover -i eth0
netdiscover -r 10.11.1.1/24

# Nmap
nmap -sn 10.11.1.1/24
nmap -sn 10.11.1.1-253
nmap -sn 10.11.1.*

# NetBios
nbtscan -r 10.11.1.1/24

# Linux Ping Sweep (Bash)
for i in {1..254} ;do (ping -c 1 172.21.10.$i | grep "bytes from" &) ;done

# Windows Ping Sweep (Run on Windows System)
for /L %i in (1,1,255) do @ping -n 1 -w 200 172.21.10.%i > nul && echo 192.168.1.%i is up.