Nmap Muhtasari (ESP)

Reading time: 18 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks 
nmap -sV -sC -O -n -oA nmapscan 192.168.0.1/24

Vigezo

IPs za kuchunguza

  • <ip>,<net/mask>: Onyesha ips moja kwa moja
  • -iL <ips_file>: list_IPs
  • -iR <number>: Idadi ya IPs za nasibu, unaweza ku-exclude IPs zinazowezekana na --exclude <Ips> au --excludefile <file>.

Kugundua vifaa

Kwa default Nmap inaanza awamu ya discovery inayojumuisha: -PA80 -PS443 -PE -PP

  • -sL: Haingilii, inataja targets kwa kufanya maombi ya DNS ili kutatua majina. Inafaa kujua kama kwa mfano www.prueba.es/24 semua Ips ni targets zetu.
  • -Pn: No ping. Hii inafaa ikiwa unajua kuwa zote ni active (vikwamba sivyo, unaweza kupoteza muda mwingi, lakini chaguo hili pia husababisha false negatives ukisema haziko active), inazuia awamu ya discovery.
  • -sn : No port scan. Baada ya kumaliza reconnaissance, hai-scan ports. Ni kiasi cha stealthy, na inaruhusu scan ndogo ya network. Kwa privileges inatuma ACK (-PA) kwa 80, SYN(-PS) kwa 443 na echo request na Timestamp request, bila privileges kila mara inakamilisha connections. Ikiwa target ni network, inatumia tu ARP(-PR). Ikiwa imetumika pamoja na chaguo jingine, paketi za chaguo jingine tu ndizo zinazotupwa.
  • -PR: Ping ARP. Inatumika kwa default tunapochunguza kompyuta kwenye network yetu, ni haraka kuliko kutumia pings. Ikiwa hutaki kutumia ARP packets tumia --send-ip.
  • -PS <ports>: Inatuma SYN packets; ikiwa inajibu SYN/ACK basi ni open (inajibu kwa RST ili isimalize connection), ikiwa inajibu RST ni closed na ikiwa haijibu ni unreachable. Ikiwa hawana privileges, connection kamili itatumika kwa otomatiki. Ikiwa hakuna ports zilizotolewa, inazituma kwa 80.
  • -PA <ports>: Kama ilivyosemwa hapo juu lakini kwa ACK, kuunganisha zote kunatoa matokeo bora.
  • -PU <ports>: Kusudio ni kinyume β€” hutumwa kwa ports zinazotegemewa kuwa closed. Baadhi ya firewalls zinaangalia tu connections za TCP. Ikiwa imefungwa inajibiwa na port unreachable, ikiwa inajibiwa na ICMP nyingine au haijibiwi inabaki kama destination unreachable.
  • -PE, -PP, -PM : ICMP PINGS: echo replay, timestamp na addresmask. Zinatumwa ili kubaini kama target ni active.
  • -PY<ports>: Inatuma SCTP INIT probes kwa default kwa 80, inaweza kujibiwa INIT-ACK(open) au ABORT(closed) au hakuna au ICMP unreachable(inactive).
  • -PO <protocols>: Ela protocol imetajwa kwenye headers, kwa default 1(ICMP), 2(IGMP) na 4(Encap IP). Kwa protocols ICMP, IGMP, TCP (6) na UDP (17) headers za protocol zinatumwa, kwa nyingine header ya IP tu. Kusudi ni kwamba kutokana na malformed headers, Protocol unreachable au majibu ya protocol hiyo yenyewe yatajulikana ili kujua kama iko up.
  • -n: No DNS
  • -R: DNS kila mara

Mbinu za port scanning

  • -sS: Hautimalizi connection kwa hivyo haiacha alama, nzuri ikiwa inaweza kutumika.(privileges) Ni ile inayotumika kwa default.
  • -sT: Inakamilisha connection, hivyo huaacha alama, lakini inaweza kutumika bila shaka. Kwa default bila privileges.
  • -sU: Polepole, kwa UDP. Kawaida: DNS(53), SNMP(161,162), DHCP(67 na 68), (-sU53,161,162,67,68): open(reply), closed(port unreachable), filtered (ICMP nyingine), open/filtered (hakuna). Katika open/filtered, -sV inatuma maombi mengi kugundua matoleo nmap inayo-support na inaweza kubaini hali halisi. Inaongeza sana muda.
  • -sY: SCTP protocol inashindwa kuanzisha connection, hivyo hakuna logs, inafanya kazi kama -PY
  • -sN,-sX,-sF: Null, Fin, Xmas, zinaweza kupenya baadhi ya firewalls na kutoa taarifa. Zinategemea kwamba mashine zinazoendana na standards zinapaswa kujibu kwa RST maombi yote yasiyo na SYN, RST au ACK: open/filtered(hakuna), closed(RST), filtered (ICMP unreachable). Hazitegemezeki kwenye Windows, Cisco, BSDI na OS/400. Kwenye unix ndiyo.
  • -sM: Maimon scan: Inatuma FIN na ACK flags, ilitumike kwa BSD, sasa itarudisha zote kama closed.
  • -sA, sW: ACK na Window, inatumiwa kugundua firewalls, ili kujua kama ports zimefiltered au la. -sW hutofautisha kati ya open/closed kwa kuwa open zinajibu na window value tofauti: open (RST na window != 0), closed (RST window = 0), filtered (ICMP unreachable au hakuna). Si kompyuta zote zinavyofanya hivi, hivyo ikiwa vyote vimefungwa, haitafanyikia, ikiwa ni vichache vimefungwa ni sawa, na ikiwa ni vingi vimefungwa na vichache vimefungwa, inafanya upande mwingine.
  • -sI: Idle scan. Kwa visa vinavyo kuwa na firewall active lakini tunajua haifilter kwa IP fulani (au tunataka anonymity) tunaweza kutumia zombie scanner (inafanya kazi kwa ports zote), kutafuta zombies tunaweza kutumia scrpit ipidseq au exploit auxiliary/scanner/ip/ipidseq. Scanner hii inategemea nambari ya IPID ya packets za IP.
  • --badsum: Inatuma checksum mbovu, kompyuta zingekataa packets, lakini firewalls zinaweza kujibu kitu, inatumika kugundua firewalls.
  • -sZ: "Weird" SCTP scanner, wakati unasafirisha probes na cookie echo fragments zinapaswa kupelekwa ikiwa open au kujibiwa na ABORT ikiwa closed. Inaweza kupita kupitia firewalls ambazo init haizipitie, downside ni kwamba haionyeshi tofauti kati ya filtered na open.
  • -sO: Protocol Ip scan. Inatuma headers mbovu na tupu ambazo wakati mwingine hata protocol haiwezi kutofautishwa. Ikiwa ICMP unreachable protocol inafika ni closed, ikiwa unreachable port inafika ni open, ikiwa hitilafu nyingine inafika ni filtered, ikiwa hakuna inarudi open|filtered.
  • -b <server>: FTPhost--> Inatumiwa ku-scan host kutoka kwa host mwingine, hii hufanywa kwa kuunganisha kwenye ftp ya mashine nyingine na kuiuliza itume files kwa ports unayotaka kuscan kutoka kwa mashine nyingine, kwa mujibu wa majibu tutajua kama ziko open au la. [<user>:<password>@]<server>[:<port>] Karibu servers zote za ftp sasa haziruhusu hili na hivyo matumizi yake ni mdogo.

Uchanganuzi wa Msingi (Focus Analysis)

-p: Kutumika kubainisha ports za kuchunguza. Kuchagua ports zote 65,335: -p- au -p all. Nmap ina classification ya ndani based kwenye popularity. Kwa default, inatumia top 1000 ports. Kwa -F (fast scan) inachunguza top 100. Kwa --top-ports inachunguza idadi hiyo ya top ports (kutoka 1 hadi 65,335). Inacheki ports kwa mpangilio wa nasibu; kuzuia hili, tumia -r. Tunaweza pia kuchagua ports maalum: 20-30,80,443,1024- (hiyo ya mwisho ina maana angalia kutoka 1024 na kuendelea). Tunaweza pia ku-group ports kwa protocols: U:53,T:21-25,80,139,S:9. Tunaweza pia kuchagua range ndani ya popular ports za Nmap: -p [-1024] inachunguza hadi port 1024 kutoka zile zilizojumuishwa katika nmap-services. --port-ratio Inachunguza ports maarufu ndani ya ratio kati ya 0 na 1

-sV Version scanning, intensity inaweza kudhibitiwa kutoka 0 hadi 9, default ni 7.

--version-intensity Tunadhibiti intensity, kwa kiwango cha chini itatuma probes zinazowezekana zaidi tu, lakini si zote. Hii inaweza kupunguza kwa kiasi kikubwa muda wa UDP scanning

-O OS detection

--osscan-limit Kwa uklifu wa host scanning, inahitajika angalau port moja open na port moja closed. Ikiwa sharti hili halijatimizwa na tumeweka hii, haitajaribu OS prediction (inaokoa muda)

--osscan-guess Wakati OS detection si kamilifu, hii inafanya ijaribu zaidi

Scripts

--script |||[,...]

Ili kutumia default scripts, tumia -sC au --script=default

Aina zilizo available ni: auth, broadcast, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, na vuln

  • Auth: inatekeleza scripts zote za authentication zilizopo
  • Default: inatekeleza scripts za msingi za default
  • Discovery: inachukua taarifa kutoka kwa target au victim
  • External: script ya kutumia rasilimali za nje
  • Intrusive: inatumia scripts zinazochukuliwa kuwa intrusive kwa victim au target
  • Malware: inakagua connections zilizofunguliwa na malicious code au backdoors
  • Safe: inatekeleza scripts zisizo-intrusive
  • Vuln: inagundua vulnerabilities zinazojulikana zaidi
  • All: inatekeleza kabisa NSE extension scripts zote zilizopo

Kutafuta scripts:

nmap --script-help="http-*" -> Those starting with http-

nmap --script-help="not intrusive" -> All except those

nmap --script-help="default or safe" -> Those in either or both

nmap --script-help="default and safe" --> Those in both

nmap --script-help="(default or safe or intrusive) and not http-*"

--script-args =,={=},={,}

--script-args-file

--script-help ||||all[,...]

--script-trace ---> Hutoa info juu ya jinsi script inavyoendelea

--script-updatedb

Ili kutumia script, andika tu: nmap --script Script_Name target --> Unapotumia script, script na scanner zote zitatekelezwa, hivyo options za scanner pia zinaweza kuongezwa. Tunaweza kuongeza "safe=1" ili kutekeleza tu zile safe.

Udhibiti wa Muda

Nmap inaweza kubadilisha muda kwa seconds, minutes, ms: --host-timeout arguments 900000ms, 900, 900s, na 15m zote zinamaanisha kitu kimoja.

Nmap hugawanya idadi ya hosts za kuchunguza katika vikundi na inachambua vikundi hivi kwa blocks, hivyo haipitishi block inayofuata hadi zote zimechambuliwa (na mtumiaji hapati updates hadi block imechambuliwa). Hili linafanya Nmap iwe bora kutumia vikundi vikubwa. Kwa default katika class C, inatumia 256.

Hii inaweza kubadilishwa kwa --min-hostgroup ; --max-hostgroup (Adjust parallel scan group sizes)

Unaweza kudhibiti idadi ya scanners sambamba lakini ni bora usizidishe (Nmap tayari ina automatic control based kwenye network status): --min-parallelism ; --max-parallelism

Tunaweza kubadilisha RTT timeout, lakini kawaida si lazima: --min-rtt-timeout , --max-rtt-timeout , --initial-rtt-timeout

Tunaweza kubadilisha idadi ya jaribu: --max-retries

Tunaweza kubadilisha muda wa scanning wa host: --host-timeout

Tunaweza kubadilisha muda kati ya kila test ili kuipunguza: --scan-delay ; --max-scan-delay

Tunaweza kubadilisha idadi ya packets kwa sekunde: --min-rate ; --max-rate

Ports nyingi huchukua muda mrefu kujibu wakati zimefiltered au zimefungwa. Ikiwa tunataka tu zilizo open, tunaweza kwenda haraka zaidi kwa: --defeat-rst-ratelimit

Ili kufafanua jinsi tunavyotaka Nmap iwe aggressive: -T paranoid|sneaky|polite|normal|aggressive|insane

-T (0-1)

-T0 --> Inascan port 1 kwa wakati na inasubiri 5min hadi ifike nyingine

-T1 na T2 --> Karibu sawa lakini inasubiri 15 na 0.4sec mtawalia kati ya kila test

-T3 --> Operesheni ya default, inajumuisha parallel scanning

-T4 --> --max-rtt-timeout 1250ms --min-rtt-timeout 100ms --initial-rtt-timeout 500ms --max-retries 6 --max-scan-delay 10ms

-T5 --> --max-rtt-timeout 300ms --min-rtt-timeout 50ms --initial-rtt-timeout 250ms --max-retries 2 --host-timeout 15m --max-scan-delay 5ms

Firewall/IDS

Haziwaruhusu access kwa ports na zinaweza kuchambua packets.

-f Kupanga packets kwa fragments, kwa default inagawanya kwa 8bytes baada ya header, kubainisha size tumi..mtu (kwa hili, usitumie -f), offset lazima iwe multiple ya 8. Version scanners na scripts hazisingezi fragmentation

-D decoy1,decoy2,ME Nmap inatuma scanners lakini kwa other IP addresses kama origin, kwa njia hii wanakuficha. Ukitoa ME kwenye list, Nmap itakuweka hapo, bora kuweka 5 au 6 kabla yako ili kuficha kabisa. Random IPs zinaweza kuzalishwa na RND: Kutengeneza ya random IPs. Hazifanyi kazi na TCP version detectors bila connection. Ikiwa uko ndani ya network, unafaa kutumia IPs active, vinginevyo itakuwa rahisi kugundua kuwa wewe ndiye tu active.

Ili kutumia random IPs: nmap -D RND:10 Target_IP

-S IP Kwa wakati Nmap haijakamata IP yako lazima uipe wewe. Pia inafanya wawe wadhani target nyingine inawascan.

-e Kuchagua interface

Wasimamizi wengi huacha entry ports wazi ili kila kitu kifanye kazi sawa na ni rahisi kwao kuliko kutafuta suluhisho jingine. Hizi zinaweza kuwa DNS ports au FTP ports... kugundua vuln hii Nmap inajumuisha: --source-port ;-g Zinafanana

--data Kutuma hexadecimal text: --data 0xdeadbeef na --data \xCA\xFE\x09

--data-string Kutuma text ya kawaida: --data-string "Scan conducted by Security Ops, extension 7192"

--data-length Nmap inatuma headers tu, kwa hili tunaongeza idadi ya bytes zaidi (zitakazozalishwa kwa nasibu)

Kuseti packet ya IP kwa ukamilifu tumia --ip-options

Ikiwa unataka kuona options kwenye packets zinazotumwa na kupokelewa, eleza --packet-trace. Kwa habari zaidi na mifano ya kutumia IP options na Nmap, angalia http://seclists.org/nmap-dev/2006/q3/52.

--ttl

--randomize-hosts Kufanya shambulio ionekane kidogo

--spoof-mac <MAC address, prefix, or vendor name> Kubadilisha MAC mifano: Apple, 0, 01:02:03:04:05:06, deadbeefcafe, 0020F2, na Cisco

--proxies Kutumia proxies, wakati mwingine proxy haijunze connections nyingi kama Nmap inataka hivyo parallelism itahitaji kubadilishwa: --max-parallelism

-sP Kugundua hosts kwenye network yetu kwa ARP

Wasimamizi wengi hutengeneza rule ya firewall inayoruhusu packets zote zinazo toka kwenye port fulani kupita (kama 20,53 na 67), tunaweza kusema Nmap itume packets zetu kutoka ports hizi: nmap --source-port 53 IP

Outputs

-oN file Output ya kawaida

-oX file Output ya XML

-oS file Script kiddies output

-oG file Greppable output

-oA file Yote isipokuwa -oS

-v level verbosity

-d level debugging

--reason Sababu ya host na state

--stats-every time Kila muda ule inatuambia inavyokwenda

--packet-trace Kuona ni packets gani zinaenda nje, filters zinaweza kutajwa kama: --version-trace au --script-trace

--open inaonyesha open, open|filtered na unfiltered

--resume file Output ya muhtasari

Mengineyo

-6 Ruhusu IPv6

-A ni sawa na -O -sV -sC --traceroute

Run time

Wakati Nmap inaendesha tunaweza kubadilisha options:

v / V Ongeza / punguza level ya verbosity

d / D Ongeza / punguza level ya debugging

p / P Zima / washia packet tracing

? Chapisha help screen ya runtime interaction

Vulscan

Script ya Nmap inayochunguza versions za services zilizopatikana kutoka database za offline (zililipukuliwa kutoka kwa vyanzo vingine) na kurudisha vulnerabilities zinazoweza kuwaipo

DBs zinazotumika ni:

  1. Scipvuldb.csv | http://www.scip.ch/en/?vuldb
  2. Cve.csv | http://cve.mitre.org
  3. Osvdb.csv | http://www.osvdb.org
  4. Securityfocus.csv | http://www.securityfocus.com/bid/
  5. Securitytracker.csv | http://www.securitytracker.com
  6. Xforce.csv | http://xforce.iss.net
  7. Exploitdb.csv | http://www.exploit-db.com
  8. Openvas.csv | http://www.openvas.org

Kudownload na ku-install kwenye folder ya Nmap:

wget http://www.computec.ch/projekte/vulscan/download/nmap_nse_vulscan-2.0.tar.gz && tar -czvf nmap_nse_vulscan-2.0.tar.gz vulscan/ && sudo cp -r vulscan/ /usr/share/nmap/scripts/

Pia utahitaji kudownload DB packages na kuziweka kwenye /usr/share/nmap/scripts/vulscan/

Matumizi:

Ili kutumia zote: sudo nmap -sV --script=vulscan HOST_TO_SCAN

Ili kutumia DB maalum: sudo nmap -sV --script=vulscan --script-args vulscandb=cve.csv HOST_TO_SCAN

Kuongeza Kasi ya Nmap Service scan x16

Kulingana to this post unaweza kuongeza kasi ya uchambuzi wa service wa nmap kwa kubadilisha thamani zote za totalwaitms ndani ya /usr/share/nmap/nmap-service-probes kuwa 300 na tcpwrappedms kuwa 200.

Zaidi ya hayo, probes ambazo hazina servicewaitms maalum zinatumia default value ya 5000. Kwa hivyo, tunaweza kuongeza values kwa kila probe, au tunaweza compile nmap wenyewe na kubadilisha default value katika service_scan.h.

Ikiwa hutaki kubadilisha kabisa values za totalwaitms na tcpwrappedms katika faili /usr/share/nmap/nmap-service-probes, unaweza kuhariri parsing code ili hizi values kwenye nmap-service-probes zikubaliwe kutofuatwa kabisa.

Kujenga Nmap static kwa mazingira yenye vizuizi

Katika mazingira ya Linux yaliyoimara au minimal (containers, appliances), binaries za Nmap zinazounganishwa kwa dynamic mara nyingi hufeli kutokana na kukosekana kwa runtime loaders au shared libraries (mfano, /lib64/ld-linux-x86-64.so.2, libc.so). Kujenga Nmap yako iliyounganishwa statically na ku-jaza data za NSE inaruhusu utekelezaji bila ku-install packages za system.

Mbinu ya juu (High-level approach)

  • Tumia clean amd64 Ubuntu builder kupitia Docker.
  • Jenga OpenSSL na PCRE2 kama static libraries.
  • Jenga Nmap ukilinking statically na ukitumia libpcap/libdnet zilizojumuishwa ili kuepuka dependencies za dynamic.
  • Jifunze na amata NSE scripts na directories za data pamoja na binary.

Gundua architecture ya target (mfano)

bash
uname -a
# If building from macOS/ARM/etc., pin the builder arch:
docker run --rm --platform=linux/amd64 -v "$(pwd)":/out -w /tmp ubuntu:22.04 bash -lc 'echo ok'

Hatua 1 β€” Andaa toolchain

bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update && apt-get install -y --no-install-recommends \
build-essential ca-certificates curl bzip2 xz-utils pkg-config perl python3 file git \
automake autoconf libtool m4 zlib1g-dev

Hatua 2 β€” Jenga static OpenSSL (1.1.1w)

bash
OSSL="1.1.1w"
curl -fsSLO "https://www.openssl.org/source/openssl-$OSSL.tar.gz"
tar xzf "openssl-$OSSL.tar.gz" && cd "openssl-$OSSL"
./Configure no-shared no-zlib linux-x86_64 -static --prefix=/opt/ossl
make -j"$(nproc)" && make install_sw
cd /tmp

Hatua ya 3 β€” Jenga PCRE2 ya statiki (10.43)

bash
PCRE2=10.43
curl -fsSLO "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$PCRE2/pcre2-$PCRE2.tar.bz2"
tar xjf "pcre2-$PCRE2.tar.bz2" && cd "pcre2-$PCRE2"
./configure --disable-shared --enable-static --prefix=/opt/pcre2
make -j"$(nproc)" && make install
cd /tmp

Hatua 4 β€” Jenga static Nmap (7.98)

bash
NMAP=7.98
curl -fsSLO "https://nmap.org/dist/nmap-$NMAP.tar.bz2"
tar xjf "nmap-$NMAP.tar.bz2" && cd "nmap-$NMAP"
export CPPFLAGS="-I/opt/ossl/include -I/opt/pcre2/include"
export LDFLAGS="-L/opt/ossl/lib -L/opt/pcre2/lib -static -static-libstdc++ -static-libgcc"
export LIBS="-lpcre2-8 -ldl -lpthread -lz"
./configure \
--with-openssl=/opt/ossl \
--with-libpcre=/opt/pcre2 \
--with-libpcap=included \
--with-libdnet=included \
--without-zenmap --without-ndiff --without-nmap-update
# Avoid building shared libpcap by accident
sed -i -e "s/^shared: /shared: #/" libpcap/Makefile || true
make -j1 V=1 nmap
strip nmap

Vidokezo muhimu

  • -static, -static-libstdc++, -static-libgcc zinalazimisha kuunganishwa kwa static.
  • Kutumia --with-libpcap=included/--with-libdnet=included huzuia maktaba za mfumo zilizosheikiwa.
  • Marekebisho ya sed hufanya lengo la libpcap lililosheikiwa lisifanye kazi ikiwa lipo.

Hatua 5 β€” Kusanya binary na data za NSE

bash
mkdir -p /out/nmap-bundle/nmap-data
cp nmap /out/nmap-bundle/nmap-linux-amd64-static
cp -r scripts nselib /out/nmap-bundle/nmap-data/
cp nse_main.lua nmap-services nmap-protocols nmap-service-probes \
nmap-mac-prefixes nmap-os-db nmap-payloads nmap-rpc \
/out/nmap-bundle/nmap-data/ 2>/dev/null || true

tar -C /out -czf /out/nmap-linux-amd64-static-bundle.tar.gz nmap-bundle

Uthibitisho na vidokezo vya operesheni

  • Tumia faili iliyopo kwenye artifact kuthibitisha kuwa imeunganishwa kwa njia ya static.
  • Weka data ya NSE pamoja na binary ili kuhakikisha uwiano wa script kwenye hosts ambazo hazina Nmap imewekwa.
  • Hata kwa binary ya static, utekelezaji unaweza kuzuiliwa na AppArmor/seccomp/SELinux; DNS/egress bado lazima ifanye kazi.
  • Deterministic builds hupunguza hatari ya supply-chain ikilinganishwa na kupakua binaries β€œstatic” zisizo wazi.

Mstari mmoja (Dockerized)

Jenga, pakia, na chapisha taarifa za artifact
bash
docker run --rm --platform=linux/amd64 -v "$(pwd)":/out -w /tmp ubuntu:22.04 bash -lc '
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update && apt-get install -y --no-install-recommends \
build-essential ca-certificates curl bzip2 xz-utils pkg-config perl python3 file git \
automake autoconf libtool m4 zlib1g-dev

OSSL="1.1.1w"; curl -fsSLO "https://www.openssl.org/source/openssl-$OSSL.tar.gz" \
&& tar xzf "openssl-$OSSL.tar.gz" && cd "openssl-$OSSL" \
&& ./Configure no-shared no-zlib linux-x86_64 -static --prefix=/opt/ossl \
&& make -j"$(nproc)" && make install_sw && cd /tmp

PCRE2=10.43; curl -fsSLO "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$PCRE2/pcre2-$PCRE2.tar.bz2" \
&& tar xjf "pcre2-$PCRE2.tar.bz2" && cd "pcre2-$PCRE2" \
&& ./configure --disable-shared --enable-static --prefix=/opt/pcre2 \
&& make -j"$(nproc)" && make install && cd /tmp

NMAP=7.98; curl -fsSLO "https://nmap.org/dist/nmap-$NMAP.tar.bz2" \
&& tar xjf "nmap-$NMAP.tar.bz2" && cd "nmap-$NMAP" \
&& export CPPFLAGS="-I/opt/ossl/include -I/opt/pcre2/include" \
&& export LDFLAGS="-L/opt/ossl/lib -L/opt/pcre2/lib -static -static-libstdc++ -static-libgcc" \
&& export LIBS="-lpcre2-8 -ldl -lpthread -lz" \
&& ./configure --with-openssl=/opt/ossl --with-libpcre=/opt/pcre2 --with-libpcap=included --with-libdnet=included --without-zenmap --without-ndiff --without-nmap-update \
&& sed -i -e "s/^shared: /shared: #/" libpcap/Makefile || true \
&& make -j1 V=1 nmap && strip nmap

mkdir -p /out/nmap-bundle/nmap-data \
&& cp nmap /out/nmap-bundle/nmap-linux-amd64-static \
&& cp -r scripts nselib /out/nmap-bundle/nmap-data/ \
&& cp nse_main.lua nmap-services nmap-protocols nmap-service-probes nmap-mac-prefixes nmap-os-db nmap-payloads nmap-rpc /out/nmap-bundle/nmap-data/ 2>/dev/null || true \
&& tar -C /out -czf /out/nmap-linux-amd64-static-bundle.tar.gz nmap-bundle \
&& echo "===== OUTPUT ====="; ls -lah /out; echo "===== FILE TYPE ====="; file /out/nmap-bundle/nmap-linux-amd64-static || true
'

Marejeo

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks