玩玩nmap
---恢复内容开始---
[root@miyan ~]# nmap -v Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 15:34 CST
Read data files from: /usr/bin/../share/nmap
WARNING: No targets were specified, so hosts scanned.
Nmap done: IP addresses ( hosts up) scanned in 0.07 seconds
Raw packets sent: (0B) | Rcvd: (0B)
nmap用于探查网络、执行安全扫描、网络核查并且在远程机器上找出开放端口。它可以扫描在线的主机、操作系统、包过滤器和远程主机上的开放端口。
nmap命令格式:
Usage: nmap [Scan Type(s)] [Options] {target specification}
1.使用主机名扫描:
2.使用IP扫描
2.使用-v选项可以给出更详细信息
3.扫描多台主机。nmap后面写上多个IP地址或者主机名
4.使用通配符来使nmap扫描整个子网或者IP段
[root@miyan ~]# nmap 172.18..*
耗时太久
5.使用IP地址的最后一段扫描多台主机
[root@miyan ~]# nmap 172.18.16.201,, Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 16:26 CST
Nmap scan report for 172.18.16.203
Host is up (.012s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP addresses ( host up) scanned in 6.20 seconds
6.从文件中扫描主机列表
将主机名或者IP写到一个文件中,可以直接让nmap读取并执行扫描。
[root@miyan ~]# cat test.txt
172.18.16.201
172.18.16.202
172.18.16.203
执行扫描,使用-iL参数
[root@miyan ~]# nmap -iL test.txt Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 16:43 CST
Nmap scan report for 172.18.16.203
Host is up (.015s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP addresses ( host up) scanned in 6.08 seconds
7.扫描一个IP段
[root@miyan ~]# nmap 172.18.16.200- Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 16:46 CST
Nmap scan report for 172.18.16.203
Host is up (.084s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap scan report for 172.18.16.205
Host is up (.074s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open http
/tcp open mysql
/tcp open ms-wbt-server Nmap scan report for 172.18.16.209
Host is up (.041s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open msrpc
/tcp open netbios-ssn
/tcp open microsoft-ds
/tcp open ms-wbt-server
/tcp open snet-sensor-mgmt Nmap scan report for 172.18.16.214
Host is up (.052s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open msrpc
/tcp open netbios-ssn
/tcp open microsoft-ds
/tcp open icslap
/tcp open ms-wbt-server
/tcp open wsdapi
/tcp open unknown Nmap scan report for 172.18.16.218
Host is up (.0043s latency).
All scanned ports on 172.18.16.218 are filtered Nmap done: IP addresses ( hosts up) scanned in 31.94 seconds
8.排除部分主机
[root@miyan ~]# nmap 172.18.16.200- --exclude 172.18.16.205 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:12 CST
Nmap scan report for 172.18.16.203
Host is up (.025s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap scan report for 172.18.16.209
Host is up (.015s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open msrpc
/tcp open netbios-ssn
/tcp open microsoft-ds
/tcp open ms-wbt-server
/tcp open snet-sensor-mgmt Nmap done: IP addresses ( hosts up) scanned in 16.57 seconds
9.扫描系统信息
[root@miyan ~]# nmap -A 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:14 CST
Nmap scan report for 172.18.16.203
Host is up (.0024s latency).
Not shown: filtered ports
PORT STATE SERVICE VERSION
/tcp open ssh OpenSSH 3.8.1p1 Debian .sarge. (protocol 2.0)
| ssh-hostkey:
|_ c7:ef::9a:6e:2e:f6::::d6:cd:db:ef:b2: (RSA)
/tcp open http GoAhead WebServer
/tcp open rpcbind (RPC #)
| rpcinfo:
| program version port/proto service
| /tcp rpcbind
|_ /udp rpcbind
/tcp open ssl/http GoAhead WebServer
| ssl-cert: Subject: commonName=AMI/organizationName=American Megatrends Inc./stateOrProvinceName=Georgia/countryName=US
| Not valid before: --08T22::
|_Not valid after: --07T22::
/tcp open ipmi-usb IPMI USB redirection
/tcp open upnp SuperMicro IPMI UPnP
Warning: OSScan results may be unreliable because we could not find at least open and closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6. - 2.6. (likely embedded)
Network Distance: hops
Service Info: OS: Linux; Device: remote management; CPE: cpe:/o:linux:linux_kernel, cpe:/o:supermicro:intelligent_platform_management_firmware TRACEROUTE (using port /tcp)
HOP RTT ADDRESS
4.04 ms 192.168.1.1
4.02 ms 172.18.16.203 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: IP address ( host up) scanned in 103.10 seconds
同样-O或者-osscan-guess同样可以实现
[root@miyan ~]# nmap -O 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:21 CST
Nmap scan report for 172.18.16.203
Host is up (.0030s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2
Warning: OSScan results may be unreliable because we could not find at least open and closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6. - 2.6. (likely embedded)
Network Distance: hops OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: IP address ( host up) scanned in 6.22 seconds
10.扫描主机来检测防火墙
[root@miyan ~]# nmap -sA 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:22 CST
Nmap scan report for 172.18.16.203
Host is up (.0015s latency).
All scanned ports on 172.18.16.203 are filtered Nmap done: IP address ( host up) scanned in 21.18 seconds
11.检测主机以检查防火墙是否正在工作
[root@miyan ~]# nmap -PN 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:24 CST
Nmap scan report for 172.18.16.203
Host is up (.0039s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.53 seconds
12.查找网络中的在线主机
[root@miyan ~]# nmap -sP 172.18..* Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:25 CST
Nmap scan report for 172.18.16.1
Host is up (.0026s latency).
Nmap scan report for 172.18.16.62
Host is up (.0039s latency).
Nmap scan report for 172.18.16.65
Host is up (.0021s latency).
Nmap scan report for 172.18.16.69
Host is up (.0045s latency).
Nmap scan report for 172.18.16.87
Host is up (.0025s latency).
Nmap scan report for 172.18.16.92
Host is up (.0082s latency).
Nmap scan report for 172.18.16.126
Host is up (.0016s latency).
Nmap scan report for 172.18.16.130
Host is up (.0023s latency).
Nmap scan report for 172.18.16.132
Host is up (.0029s latency).
Nmap scan report for 172.18.16.186
Host is up (.0048s latency).
Nmap scan report for 172.18.16.190
Host is up (.027s latency).
Nmap scan report for 172.18.16.203
Host is up (.0043s latency).
Nmap scan report for 172.18.16.205
Host is up (.0090s latency).
Nmap scan report for 172.18.16.209
Host is up (.0064s latency).
Nmap scan report for 172.18.16.214
Host is up (.0060s latency).
Nmap scan report for 172.18.16.218
Host is up (.0086s latency).
Nmap scan report for 172.18.16.231
Host is up (.0025s latency).
Nmap scan report for 172.18.16.235
Host is up (.0067s latency).
Nmap scan report for 172.18.16.237
Host is up (.00079s latency).
Nmap scan report for 172.18.16.239
Host is up (.0029s latency).
Nmap scan report for 172.18.16.248
Host is up (.0071s latency).
Nmap scan report for 172.18.16.254
Host is up (.0035s latency).
Nmap done: IP addresses ( hosts up) scanned in 3.40 seconds
13.执行快速扫描
使用-F参数,扫描仅在/usr/share/nmap/nmap-services中列出的端口
[root@miyan ~]# nmap -F 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 17:57 CST
Nmap scan report for 172.18.16.203
Host is up (.0041s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https Nmap done: IP address ( host up) scanned in 1.94 seconds
14.连续扫描端口
[root@miyan ~]# nmap -r 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:01 CST
Nmap scan report for 172.18.16.203
Host is up (.0083s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.16 seconds
15.显示主机及路由
列出本机的主机接口与路由信息
[root@miyan ~]# nmap --iflist Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:02 CST
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
enp3s0 (enp3s0) (none)/ ethernet up F0:DE:F1::B9:9C
virbr0-nic (virbr0-nic) (none)/ ethernet down :::D1::
wlp4s0b1 (wlp4s0b1) 192.168.1.8/ ethernet up AC:::2B:0E:AA
wlp4s0b1 (wlp4s0b1) fe80::ae81:12ff:fe2b:eaa/ ethernet up AC:::2B:0E:AA
docker0 (docker0) 172.17.0.1/ ethernet up ::D1:E0:5D:AC
virbr0 (virbr0) 192.168.124.1/ ethernet up :::D1::
lo (lo) 127.0.0.1/ loopback up
lo (lo) ::/ loopback up **************************ROUTES**************************
DST/MASK DEV METRIC GATEWAY
192.168.124.0/ virbr0
192.168.1.0/ wlp4s0b1
172.17.0.0/ docker0
0.0.0.0/ wlp4s0b1 192.168.1.1
::/ lo
fe80::ae81:12ff:fe2b:eaa/ lo
fe80::/ wlp4s0b1
ff00::/ wlp4s0b1
16.扫描特定端口
[root@miyan ~]# nmap -p 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:04 CST
Nmap scan report for 172.18.16.203
Host is up (.0015s latency).
PORT STATE SERVICE
/tcp open http Nmap done: IP address ( host up) scanned in 0.09 seconds
扫描多个端口
[root@miyan ~]# nmap -p , 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:11 CST
Nmap scan report for 172.18.16.203
Host is up (.0015s latency).
PORT STATE SERVICE
/tcp open http
/tcp filtered msrpc Nmap done: IP address ( host up) scanned in 1.31 seconds
指定端口范围:
[root@miyan ~]# nmap -p - 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:16 CST
Nmap scan report for 172.18.16.203
Host is up (.0022s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open http
/tcp open rpcbind Nmap done: IP address ( host up) scanned in 1.81 seconds
17.扫描TCP端口
指定nmap扫描的端口类型和端口号
[root@miyan ~]# nmap -p T: 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:08 CST
Nmap scan report for 172.18.16.203
Host is up (.0028s latency).
PORT STATE SERVICE
/tcp open http Nmap done: IP address ( host up) scanned in 0.11 seconds
18.扫描UDP端口
[root@miyan ~]# nmap -sU 172.18.16.203
19.找出远程主机服务版本号
[root@miyan ~]# nmap -sV 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:18 CST
Nmap scan report for 172.18.16.203
Host is up (.0048s latency).
Not shown: filtered ports
PORT STATE SERVICE VERSION
/tcp open ssh OpenSSH 3.8.1p1 Debian .sarge. (protocol 2.0)
/tcp open http GoAhead WebServer
/tcp open rpcbind (RPC #)
/tcp open ssl/http GoAhead WebServer
/tcp open ipmi-usb IPMI USB redirection
/tcp open upnp SuperMicro IPMI UPnP
Service Info: OS: Linux; Device: remote management; CPE: cpe:/o:linux:linux_kernel, cpe:/o:supermicro:intelligent_platform_management_firmware Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: IP address ( host up) scanned in 48.88 seconds
20.使用TCP ACK(PA)和TCP Syn(PS)扫描主机
有时包过滤防火墙阻止了标准ICMPping请求,在这个情况下,使用TCP ACK和TCP Syn方法来扫描远程主机
[root@miyan ~]# nmap -PS 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:23 CST
Nmap scan report for 172.18.16.203
Host is up (.0073s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.68 seconds
root@miyan ~]# nmap -PA 172.18.16.203
TCP Syn(PS)扫描远程主机的特定端口
Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:26 CST
Nmap scan report for 172.18.16.203
Host is up (.0014s latency).
PORT STATE SERVICE
/tcp open http Nmap done: IP address ( host up) scanned in 0.10 seconds
TCP Syn(PS)扫描最常用端口
[root@miyan ~]# nmap -sT 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:28 CST
Nmap scan report for 172.18.16.203
Host is up (.0025s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.29 seconds
21.执行隐秘扫描
[root@miyan ~]# nmap -sS 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:27 CST
Nmap scan report for 172.18.16.203
Host is up (.0062s latency).
Not shown: filtered ports
PORT STATE SERVICE
/tcp open ssh
/tcp open http
/tcp open rpcbind
/tcp open https
/tcp open unknown
/tcp open ibm-db2 Nmap done: IP address ( host up) scanned in 4.88 seconds
22.tcp空扫描
[root@miyan ~]# nmap -sN 172.18.16.203 Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-04 18:30 CST
Nmap scan report for 172.18.16.203
Host is up (.0013s latency).
All scanned ports on 172.18.16.203 are open|filtered Nmap done: IP address ( host up) scanned in 21.15 seconds
原文地址:
https://linux.cn/article-2561-3.html
玩玩nmap的更多相关文章
- nmap使用/参数,及绕过防火墙
nmap是什么? 它是一种一个很强大的扫描工具,端口,版本号,统统都可以给你扫出来 我的IP网段:192.168.1.0 咱们先找一个主机随便玩玩把,反正没有害处,最多被防火墙拦截了 nmap -sP ...
- ★Kali信息收集★8.Nmap :端口扫描
★Kali信息收集~ 0.Httrack 网站复制机 http://www.cnblogs.com/dunitian/p/5061954.html ★Kali信息收集~ 1.Google Hackin ...
- 安全测试 - 端口嗅探工具Nmap
Nmap 在官网下载nmap端口检测工具https://nmap.org/,nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端. 使用: 通过cmd命令:nmap www.5i5j.c ...
- NMAP分布式扫描工具dnmap
NMAP分布式扫描工具dnmap NMAP是一款知名的网络扫描工具.它提供丰富和强大的网络扫描功能.但很多时候,需要渗透测试人员从多个终端发起扫描任务,以快速扫描大型网络,或规避IP限制等安全策略 ...
- nmap
扫描端口 nmap -v -sS -open -iL iplist.txt -no-stylesheet -oX output.xml -p- -P0 -v 详细信息-sS 隐蔽扫描(半开syn).– ...
- 使用nmap工具查询局域网某个网段正在使用的ip地址
linux下nmap工具可扫描局域网正在使用的ip地址 查询局域网某网段正在使用的ip地址: nmap -sP .* 以上命令,将打印10.10.70.*/24网络所有正在使用的ip地址
- Nmap参数详解
转自:http://blog.csdn.net/huangwwu11/article/details/20230795 Nmap--networkmapper,网络探测工具和安全/端口扫描器 nmap ...
- nmap报错: Failed to open device ethxxx
nmap报错: Failed to open device ethxxx 周银辉 今天用nmap时, 报错: Failed to open device eth4, 好郁闷. 调查了一下, 是w ...
- fping tcping hping nmap nc
[root@test ~]# fping -a -g 192.168.40.1 192.168.40.240 |nl #-a 扫描alive主机,-g扫描一个段的ip地址 [root@test ...
随机推荐
- Caffe在以下环境安装:Win10+CUDA8.0+Cudnn5.0+VS2013+Matlab2016a(转载)
Caffe在以下环境安装:Win10+CUDA8.0+Cudnn5.0+VS2013+Matlab2016a 最近于导师要求下,从头学习Caffe.之前接触了CNN进行了图片分类,后导师提起过Caff ...
- Hive学习笔记——基本配置及测试
1.什么是Hive Hive 是建立在 Hadoop上的数据仓库基础构架.它提供了一系列的工具,可以用来进行数据提取转化加载(ETL),这是一种可以存储.查询和分析存储在Hadoop中的大规模数据的机 ...
- list<> 中find的使用
昨天要在 std::list<std::string> 中判断是否存在某一字符串 std::string . 我首先想到的是 list迭代+std::string重载的"==&q ...
- java项目的部署
1.将tomocat解压到服务器上 2.放项目war包. 3.war包解压. 4.修改端口配置. 1.<Server port="8024" shutdown="S ...
- NPAPI命休矣
NPAPI命休矣,Firebreath命休矣,NPPluginProxy命休矣.以后该更多专注LLVM.Emscripten.Websocket和NativeClient之类的技术啦.
- python 学习笔记 if语句
一.if语句的格式 语句块必须有相同的缩进. 语句块必须比if,elif,else多一层缩进 # 如果条件成立则执行语句块1, # 否则 如果条件2成立则执行语句块2 # 其他情况执行语句块3 # e ...
- 使用NPOI导入Excel注意日期格式和数字格式
//使用NPOI导入Excel public static DataTable importExcelToDataSetUsingNPOI(string FilePath, string fileNa ...
- HDU-1095-A+B for Input-Output Practice (VII)(多一个空格?)
A+B for Input-Output Practice (VII) Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 65536/32 ...
- abp项目如何按业务功能模块横向分割?
1.为什么要做分层? 请先看项目分层的最后结构: 2.设计的初衷 项目较大,且主题鲜明,分为:BI模块.DM-用户洞察模块.Manage-应用管理模块.Report应用分析报表模块,大模块之间并无依赖 ...
- (转)java 静态内部类
转自:http://blog.sina.com.cn/s/blog_605f5b4f0100zbps.html 参考:http://docs.oracle.com/javase/tutorial/ja ...