nmap扫描的-P0和-Pn参数的区别

Posted 2023-03-15

-P0的官方解释是无ping扫描
-Pn是跳过主机发现，本质上也是不进行ping扫描，不知道这两个参数具体有什么区别？

1.-P0和-Pn两个选项的效果是一样的，就是不进行主机发现，而直接进行更深层次的扫描，如服务版本扫描或系统类型扫描。
2.有两处说明-P0和-Pn的效果是一样的。
一、man和help的解释
这是man nmap对-P0的解释
-P0: Treat all hosts as online -- skip host discovery
这是nmap --help对-Pn的解释
-Pn: Treat all hosts as online -- skip host discovery
两处解释一样，可以证明-P0和-Pn参数的效果一样。
二、nmap的源代码
在nmap的源代码:zenmap/zenmapCore/NmapOptions.py中有
# Sets of options that should be treated as equivalent from the point of
# view of the external interface. For example, ops["--timing"] means the
# same thing as ops["-T"].
EQUIVALENT_OPTIONS = (
("debug", "d"),
("help", "h"),
("iL", "i"),
("max-parallelism", "M"),
("osscan-guess", "fuzzy"),
("oG", "oM", "m"),
("oN", "o"),
("sP", "sn"),
("P", "PE", "PI"),
("PA", "PT"),
("P0", "PD", "PN", "Pn"),
("rH", "randomize-hosts"),
("source-port", "g"),
("timing", "T"),
("verbose", "v"),
("version", "V"),
For example, ops["--timing"] means the
# same thing as ops["-T"]
这句话的解释就是--timing和-T的参数效果一样，所以以此类推:-P0、-PD、-PN、-Pn四个参数效果一样。 参考技术A -P0和-Pn两个选项的效果是一样的，就是不进行主机发现，而直接进行更深层次的扫描，如服务版本扫描或系统类型扫描。

有两处说明-P0和-Pn的效果是一样的。
一、man和help的解释
这是man nmap对-P0的解释
-P0: Treat all hosts as online -- skip host discovery
这是nmap --help对-Pn的解释
-Pn: Treat all hosts as online -- skip host discovery
两处解释一样，可以证明-P0和-Pn参数的效果一样。

二、nmap的源代码
在nmap的源代码：zenmap/zenmapCore/NmapOptions.py中有
# Sets of options that should be treated as equivalent from the point of
# view of the external interface. For example, ops["--timing"] means the
# same thing as ops["-T"].
EQUIVALENT_OPTIONS = (
("debug", "d"),
("help", "h"),
("iL", "i"),
("max-parallelism", "M"),
("osscan-guess", "fuzzy"),
("oG", "oM", "m"),
("oN", "o"),
("sP", "sn"),
("P", "PE", "PI"),
("PA", "PT"),
("P0", "PD", "PN", "Pn"),
("rH", "randomize-hosts"),
("source-port", "g"),
("timing", "T"),
("verbose", "v"),
("version", "V"),
)

For example, ops["--timing"] means the
# same thing as ops["-T"]
这句话的解释就是--timing和-T的参数效果一样，所以以此类推：-P0、-PD、-PN、-Pn四个参数效果一样。本回答被提问者采纳