|
Help or Usage |
|
| ./hawk --help |
./hawk -? |
./hawk --usage |
| Short Option |
Long Option |
Description |
Default Value |
Possible values |
| -t IP |
--target IP |
The target specified with IPv4, IPv6 or a domain name. Default behavior for domains goes as IPv4 as default, and IPv6 as a backup if a IPv4 adress is not available. You can also specify specific adress family by using "example.com:4" for IPv4 or "example.com:6" |
No default value, must be specified |
Any IPv4 and IPv6 adresses, or any domain name |
| Short Option |
Long Option |
Description |
Default Value |
Possible values |
| -p PORTS |
--port PORTS |
Specify one or more ports to scan |
1-1000 |
Any positive integer between 0 and 65535 |
| Short Option |
Long Option |
Description |
Default Value |
Possible values |
| -m METHOD |
--method METHOD |
Specify that scanning method to use |
Required |
Methods |
conn or connect() is the regular way to connect to a TCP service though a 3 way handshake.
icmp or ICMP Echo reply is used for UDP port scanning. This method utilized the fact that some firewalls reply with "Port Unreachable" or "Destination Unreachable" for UDP ports that are not open.
This works mostly on older firewalls because modern firewalls will not responde at all for this very reason.
syn or SYN Scan utilizes that in a TCP 3 way handshake, the target will respond with a TCP packet with the SYN flag set to 1 if a connection is possible, but you will not respond with an ACK, possibly making this scanning method more "sneaky". Older firewalls used to ignore non established connection, but modern firewalls will log these types of scans.
| Short Option |
Long Option |
Description |
Default Value |
Possible values |
| -i INTER |
--interface INTER |
Specify the network interface to scan |
None (Program will guess) |
Any network interface (Max 16 Chars long) |
| Short Option |
Long Option |
Description |
Default Value |
Possible values |
| Verbose |
|
--no-ping |
Will not ping the target before a scan. Pinging the target only happens then running the program as root. |
None |
None |
| Short Option |
Long Option |
Description |
Default Value |
Possible values |
| -w TIME |
--timeout TIME |
This is the time (in SECONDS) before a port is declared as closed. |
3 |
Any positive integer between 0 and MAX_INT |
| Short Option |
Long Option |
Description |
Default Value |
Possible values |
| -n WORKERS |
--threading-workers WORKERS |
The amount of parallel scans |
3 threads |
Any positive integer between 0 and MAX_INT. |
| Short Option |
Long Option |
Description |
Default Value |
Possible values |
| None |
--no-ping |
Will not ping the target before a scan. Pinging the target only happens then running the program as root. |
None |
None |
| Short Option |
Long Option |
Description |
Default Value |
Possible values |
| None |
--parse-services |
Will parse /etc/services file to be used in the program for static port detection. |
false |
false or true |
| Description |
Usage |
| Target localhost with an IPv4 adress and scan ports 50 to 100 using the "conn" method |
hawk -t 127.0.0.1 -m conn -p 50-100 |
| Target localhost with an IPv6 adress and scan ports 50 to 100 using the "conn" method |
hawk -t ::1 -m conn -p 50-100 |
| Target localhost and fetch the IPv6 adress and scan ports 50 to 100 using the "conn" method |
hawk -t localhost:6 -m conn -p 50-100 |