玩玩nmap
---恢复内容开始---
[root@miyan ~]# nmap -v Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 15:34 CST
Read data files from: /usr/bin/../share/nmap
WARNING: No targets were specified, so hosts scanned.
Nmap done: IP addresses ( hosts up) scanned in 0.07 seconds
Raw packets sent: (0B) | Rcvd: (0B)
nmap用于探查网络、执行安全扫描、网络核查并且在远程机器上找出开放端口。它可以扫描在线的主机、操作系统、包过滤器和远程主机上的开放端口。
nmap命令格式:
Usage: nmap [Scan Type(s)] [Options] {target specification}
1.使用主机名扫描:
2.使用IP扫描
2.使用-v选项可以给出更详细信息
3.扫描多台主机。nmap后面写上多个IP地址或者主机名
4.使用通配符来使nmap扫描整个子网或者IP段
[root@miyan ~]# nmap 172.18..*
耗时太久
5.使用IP地址的最后一段扫描多台主机
[root@miyan ~]# nmap 172.18.16.201,, Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 16:26 CST
Nmap scan report for 172.18.16.203
Host is up (.012s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP addresses ( host up) scanned in 6.20 seconds
6.从文件中扫描主机列表
将主机名或者IP写到一个文件中,可以直接让nmap读取并执行扫描。
[root@miyan ~]# cat test.txt
172.18.16.201
172.18.16.202
172.18.16.203
执行扫描,使用-iL参数
[root@miyan ~]# nmap -iL test.txt Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 16:43 CST
Nmap scan report for 172.18.16.203
Host is up (.015s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP addresses ( host up) scanned in 6.08 seconds
7.扫描一个IP段
[root@miyan ~]# nmap 172.18.16.200- Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 16:46 CST
Nmap scan report for 172.18.16.203
Host is up (.084s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap scan report for 172.18.16.205
Host is up (.074s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open http
/tcp open mysql
/tcp open ms-wbt-server Nmap scan report for 172.18.16.209
Host is up (.041s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open msrpc
/tcp open netbios-ssn
/tcp open microsoft-ds
/tcp open ms-wbt-server
/tcp open snet-sensor-mgmt Nmap scan report for 172.18.16.214
Host is up (.052s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open msrpc
/tcp open netbios-ssn
/tcp open microsoft-ds
/tcp open icslap
/tcp open ms-wbt-server
/tcp open wsdapi
/tcp open unknown Nmap scan report for 172.18.16.218
Host is up (.0043s latency).
All scanned ports on 172.18.16.218 are filtered Nmap done: IP addresses ( hosts up) scanned in 31.94 seconds
8.排除部分主机
[root@miyan ~]# nmap 172.18.16.200- --exclude 172.18.16.205 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:12 CST
Nmap scan report for 172.18.16.203
Host is up (.025s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap scan report for 172.18.16.209
Host is up (.015s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open msrpc
/tcp open netbios-ssn
/tcp open microsoft-ds
/tcp open ms-wbt-server
/tcp open snet-sensor-mgmt Nmap done: IP addresses ( hosts up) scanned in 16.57 seconds
9.扫描系统信息
[root@miyan ~]# nmap -A 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:14 CST
Nmap scan report for 172.18.16.203
Host is up (.0024s latency).
Not shown: filtered ports
PORT STATE SERVICE VERSION
/tcp open ssh OpenSSH 3.8.1p1 Debian .sarge. (protocol 2.0)
| ssh-hostkey:
|_ c7:ef::9a:6e:2e:f6::::d6:cd:db:ef:b2: (RSA)
/tcp open http GoAhead WebServer
/tcp open rpcbind (RPC #)
| rpcinfo:
| program version port/proto service
| /tcp rpcbind
|_ /udp rpcbind
/tcp open ssl/http GoAhead WebServer
| ssl-cert: Subject: commonName=AMI/organizationName=American Megatrends Inc./stateOrProvinceName=Georgia/countryName=US
| Not valid before: --08T22::
|_Not valid after: --07T22::
/tcp open ipmi-usb IPMI USB redirection
/tcp open upnp SuperMicro IPMI UPnP
Warning: OSScan results may be unreliable because we could not find at least open and closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6. - 2.6. (likely embedded)
Network Distance: hops
Service Info: OS: Linux; Device: remote management; CPE: cpe:/o:linux:linux_kernel, cpe:/o:supermicro:intelligent_platform_management_firmware TRACEROUTE (using port /tcp)
HOP RTT ADDRESS
4.04 ms 192.168.1.1
4.02 ms 172.18.16.203 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: IP address ( host up) scanned in 103.10 seconds
同样-O或者-osscan-guess同样可以实现
[root@miyan ~]# nmap -O 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:21 CST
Nmap scan report for 172.18.16.203
Host is up (.0030s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2
Warning: OSScan results may be unreliable because we could not find at least open and closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6. - 2.6. (likely embedded)
Network Distance: hops OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: IP address ( host up) scanned in 6.22 seconds
10.扫描主机来检测防火墙
[root@miyan ~]# nmap -sA 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:22 CST
Nmap scan report for 172.18.16.203
Host is up (.0015s latency).
All scanned ports on 172.18.16.203 are filtered Nmap done: IP address ( host up) scanned in 21.18 seconds
11.检测主机以检查防火墙是否正在工作
[root@miyan ~]# nmap -PN 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:24 CST
Nmap scan report for 172.18.16.203
Host is up (.0039s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.53 seconds
12.查找网络中的在线主机
[root@miyan ~]# nmap -sP 172.18..* Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:25 CST
Nmap scan report for 172.18.16.1
Host is up (.0026s latency).
Nmap scan report for 172.18.16.62
Host is up (.0039s latency).
Nmap scan report for 172.18.16.65
Host is up (.0021s latency).
Nmap scan report for 172.18.16.69
Host is up (.0045s latency).
Nmap scan report for 172.18.16.87
Host is up (.0025s latency).
Nmap scan report for 172.18.16.92
Host is up (.0082s latency).
Nmap scan report for 172.18.16.126
Host is up (.0016s latency).
Nmap scan report for 172.18.16.130
Host is up (.0023s latency).
Nmap scan report for 172.18.16.132
Host is up (.0029s latency).
Nmap scan report for 172.18.16.186
Host is up (.0048s latency).
Nmap scan report for 172.18.16.190
Host is up (.027s latency).
Nmap scan report for 172.18.16.203
Host is up (.0043s latency).
Nmap scan report for 172.18.16.205
Host is up (.0090s latency).
Nmap scan report for 172.18.16.209
Host is up (.0064s latency).
Nmap scan report for 172.18.16.214
Host is up (.0060s latency).
Nmap scan report for 172.18.16.218
Host is up (.0086s latency).
Nmap scan report for 172.18.16.231
Host is up (.0025s latency).
Nmap scan report for 172.18.16.235
Host is up (.0067s latency).
Nmap scan report for 172.18.16.237
Host is up (.00079s latency).
Nmap scan report for 172.18.16.239
Host is up (.0029s latency).
Nmap scan report for 172.18.16.248
Host is up (.0071s latency).
Nmap scan report for 172.18.16.254
Host is up (.0035s latency).
Nmap done: IP addresses ( hosts up) scanned in 3.40 seconds
13.执行快速扫描
使用-F参数,扫描仅在/usr/share/nmap/nmap-services中列出的端口
[root@miyan ~]# nmap -F 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:57 CST
Nmap scan report for 172.18.16.203
Host is up (.0041s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https Nmap done: IP address ( host up) scanned in 1.94 seconds
14.连续扫描端口
[root@miyan ~]# nmap -r 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:01 CST
Nmap scan report for 172.18.16.203
Host is up (.0083s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.16 seconds
15.显示主机及路由
列出本机的主机接口与路由信息
[root@miyan ~]# nmap --iflist Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:02 CST
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
enp3s0 (enp3s0) (none)/ ethernet up F0:DE:F1::B9:9C
virbr0-nic (virbr0-nic) (none)/ ethernet down :::D1::
wlp4s0b1 (wlp4s0b1) 192.168.1.8/ ethernet up AC:::2B:0E:AA
wlp4s0b1 (wlp4s0b1) fe80::ae81:12ff:fe2b:eaa/ ethernet up AC:::2B:0E:AA
docker0 (docker0) 172.17.0.1/ ethernet up ::D1:E0:5D:AC
virbr0 (virbr0) 192.168.124.1/ ethernet up :::D1::
lo (lo) 127.0.0.1/ loopback up
lo (lo) ::/ loopback up **************************ROUTES**************************
DST/MASK DEV METRIC GATEWAY
192.168.124.0/ virbr0
192.168.1.0/ wlp4s0b1
172.17.0.0/ docker0
0.0.0.0/ wlp4s0b1 192.168.1.1
::/ lo
fe80::ae81:12ff:fe2b:eaa/ lo
fe80::/ wlp4s0b1
ff00::/ wlp4s0b1
16.扫描特定端口
[root@miyan ~]# nmap -p 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:04 CST
Nmap scan report for 172.18.16.203
Host is up (.0015s latency).
PORT STATE SERVICE
/tcp open http Nmap done: IP address ( host up) scanned in 0.09 seconds
扫描多个端口
[root@miyan ~]# nmap -p , 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:11 CST
Nmap scan report for 172.18.16.203
Host is up (.0015s latency).
PORT STATE SERVICE
/tcp open http
/tcp filtered msrpc Nmap done: IP address ( host up) scanned in 1.31 seconds
指定端口范围:
[root@miyan ~]# nmap -p - 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:16 CST
Nmap scan report for 172.18.16.203
Host is up (.0022s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open http
/tcp open rpcbind Nmap done: IP address ( host up) scanned in 1.81 seconds
17.扫描TCP端口
指定nmap扫描的端口类型和端口号
[root@miyan ~]# nmap -p T: 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:08 CST
Nmap scan report for 172.18.16.203
Host is up (.0028s latency).
PORT STATE SERVICE
/tcp open http Nmap done: IP address ( host up) scanned in 0.11 seconds
18.扫描UDP端口
[root@miyan ~]# nmap -sU 172.18.16.203
19.找出远程主机服务版本号
[root@miyan ~]# nmap -sV 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:18 CST
Nmap scan report for 172.18.16.203
Host is up (.0048s latency).
Not shown: filtered ports
PORT STATE SERVICE VERSION
/tcp open ssh OpenSSH 3.8.1p1 Debian .sarge. (protocol 2.0)
/tcp open http GoAhead WebServer
/tcp open rpcbind (RPC #)
/tcp open ssl/http GoAhead WebServer
/tcp open ipmi-usb IPMI USB redirection
/tcp open upnp SuperMicro IPMI UPnP
Service Info: OS: Linux; Device: remote management; CPE: cpe:/o:linux:linux_kernel, cpe:/o:supermicro:intelligent_platform_management_firmware Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: IP address ( host up) scanned in 48.88 seconds
20.使用TCP ACK(PA)和TCP Syn(PS)扫描主机
有时包过滤防火墙阻止了标准ICMPping请求,在这个情况下,使用TCP ACK和TCP Syn方法来扫描远程主机
[root@miyan ~]# nmap -PS 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:23 CST
Nmap scan report for 172.18.16.203
Host is up (.0073s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.68 seconds
root@miyan ~]# nmap -PA 172.18.16.203
TCP Syn(PS)扫描远程主机的特定端口
Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:26 CST
Nmap scan report for 172.18.16.203
Host is up (.0014s latency).
PORT STATE SERVICE
/tcp open http Nmap done: IP address ( host up) scanned in 0.10 seconds
TCP Syn(PS)扫描最常用端口
[root@miyan ~]# nmap -sT 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:28 CST
Nmap scan report for 172.18.16.203
Host is up (.0025s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.29 seconds
21.执行隐秘扫描
[root@miyan ~]# nmap -sS 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:27 CST
Nmap scan report for 172.18.16.203
Host is up (.0062s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.88 seconds
22.tcp空扫描
[root@miyan ~]# nmap -sN 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:30 CST
Nmap scan report for 172.18.16.203
Host is up (.0013s latency).
All scanned ports on 172.18.16.203 are open|filtered Nmap done: IP address ( host up) scanned in 21.15 seconds
原文地址:
https://linux.cn/article-2561-3.html
玩玩nmap的更多相关文章
- nmap使用/参数,及绕过防火墙
nmap是什么? 它是一种一个很强大的扫描工具,端口,版本号,统统都可以给你扫出来 我的IP网段:192.168.1.0 咱们先找一个主机随便玩玩把,反正没有害处,最多被防火墙拦截了 nmap -sP ...
- ★Kali信息收集★8.Nmap :端口扫描
★Kali信息收集~ 0.Httrack 网站复制机 http://www.cnblogs.com/dunitian/p/5061954.html ★Kali信息收集~ 1.Google Hackin ...
- 安全测试 - 端口嗅探工具Nmap
Nmap 在官网下载nmap端口检测工具https://nmap.org/,nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端. 使用: 通过cmd命令:nmap www.5i5j.c ...
- NMAP分布式扫描工具dnmap
NMAP分布式扫描工具dnmap NMAP是一款知名的网络扫描工具.它提供丰富和强大的网络扫描功能.但很多时候,需要渗透测试人员从多个终端发起扫描任务,以快速扫描大型网络,或规避IP限制等安全策略 ...
- nmap
扫描端口 nmap -v -sS -open -iL iplist.txt -no-stylesheet -oX output.xml -p- -P0 -v 详细信息-sS 隐蔽扫描(半开syn).– ...
- 使用nmap工具查询局域网某个网段正在使用的ip地址
linux下nmap工具可扫描局域网正在使用的ip地址 查询局域网某网段正在使用的ip地址: nmap -sP .* 以上命令,将打印10.10.70.*/24网络所有正在使用的ip地址
- Nmap参数详解
转自:http://blog.csdn.net/huangwwu11/article/details/20230795 Nmap--networkmapper,网络探测工具和安全/端口扫描器 nmap ...
- nmap报错: Failed to open device ethxxx
nmap报错: Failed to open device ethxxx 周银辉 今天用nmap时, 报错: Failed to open device eth4, 好郁闷. 调查了一下, 是w ...
- fping tcping hping nmap nc
[root@test ~]# fping -a -g 192.168.40.1 192.168.40.240 |nl #-a 扫描alive主机,-g扫描一个段的ip地址 [root@test ...
随机推荐
- zookeeper安装与集群搭建
此处以centos系统下zookeeper安装为例,详细步骤可参考官网文档:zookeeper教程 一.单节点部署 1.下载zookeeper wget http://mirrors.hust.edu ...
- jfinal整合妹子UI初步完成
- 移动端上下滑动事件之--坑爹的touch.js
原文 http://blog.csdn.net/minidrupal/article/details/39611605 移动端页面的盛行,微信的便利的页面推广等等,让越来越多的css3效果和htm ...
- heap corruption detected错误解决方法调试方法以及内存管理相关
1.heap corruption detected http://vopit.blog.51cto.com/2400931/645980 heap corruption detected:aft ...
- 几何画板给word绘制图形的方法
几何画板是一款专门用来绘图的工具,它里面有很多的绘图工具和功能菜单,都是专门为画图而设计的,比如一些理科的期刊杂志论文出版的时候,里面所涉及到的图形很多都是用几何画板画出来的.下面就根据几何画板教程来 ...
- 【链接】LINUX SHELL脚本攻略笔记[速查]
LINUX SHELL脚本攻略笔记[速查]
- iOS-如何读取Plist文件
解决办法: // 1) 找到Plist文件的路径 "path" NSString *path = [[NSBundle mainBundle]pathForResource:@&q ...
- 【BZOJ2055】80人环游世界 有上下界费用流
[BZOJ2055]80人环游世界 Description 想必大家都看过成龙大哥的<80天环游世界>,里面的紧张刺激的打斗场面一定给你留下了深刻的印象.现在就有这么 一个 ...
- Leetcode-Permuation Sequence
The set [1,2,3,…,n] contains a total of n! unique permutations. By listing and labeling all of the p ...
- boost:property_tree::ini_parser:::read_ini 读取ini时崩溃
原因: 1 路径错误 2 配置文件中某一行缺少=,例如用// 做注释的,前面应该加";" 解决办法: 添加异常处理,实例代码如下: #include <boost/prope ...