1. 程式人生 > >Nmap 基礎用法

Nmap 基礎用法

Nmap 又叫做Network Mapper(網路對映器)是一個開源並且為了Linux系統管理員或者網路管理員的萬能的工具。Nmap用於瀏覽網路,執行安全掃描,網路審計以及在遠端機器找到開放埠。它可以掃描線上主機,作業系統,濾包器和遠端主機開啟的埠。

Nmap 命令 Nmap 命令和例子

我用兩個不同的方面,去覆蓋所有NMAP的使用方法,第一部分是正經的Nmap。順便提一下裝置,我會使用兩個沒有防火牆的伺服器,來測試Nmap命令。

  • 192.168.0.100 – server1.tecmint.com
  • 192.168.0.101 – server2.tecmint.com

Nmap 命令 用法

# nmap [掃描型別] [選項] {目標說明}

怎麼在Linux安裝NMAP

如今大多數的Linux發行版,像 Red Hat, CentOS, Fedoro, Debian 和 Ubuntu 已經在預設安裝包管理庫Yum或APT中包含Nmap. 這兩個工具是用來安裝和管理軟體包和升級的工具.為了安裝Nmap可以使用下列命令。

# yum install nmap      [基於Red Hat系統]
$ sudo apt-get install nmap [基於Debian系統]

一旦你安裝完成最新的nmap應用程式,你可以使用下列來自這篇文章的例子命令。

1. 使用Hostname和IP地址來掃描系統

Nmap工具提供豐富的方法來掃描一個系統。在這個例子中,我將演示一個掃描,用“server2.tecmint.com”的主機名掃描出他的系統所有開放埠,服務和MAC地址。

使用主機名掃描

[[email protected] ~]# nmap server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds
You have new mail in /var/spool/mail/root

使用IP地址掃描

[[email protected] ~]# nmap 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
958/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds
You have new mail in /var/spool/mail/root

2. 使用 “-v” 選項

你可以看見下面命令使用了“-v”選項,此選項個給了更多的遠端裝置的細節。

[[email protected] ~]# nmap -v server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST
Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43
The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43
Discovered open port 22/tcp on 192.168.0.101
Discovered open port 80/tcp on 192.168.0.101
Discovered open port 8888/tcp on 192.168.0.101
Discovered open port 111/tcp on 192.168.0.101
Discovered open port 3306/tcp on 192.168.0.101
Discovered open port 957/tcp on 192.168.0.101
The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.tecmint.com (192.168.0.101) appears to be up ... good.
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
               Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)

掃描多個主機

掃描多個主機只需要簡單地以空格隔開輸入他們IP地址或者主機名即可

[[email protected] ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds

4. 掃描整個子網

通過使用萬用字元,你可以掃描整個子網或者IP段。

[[email protected] ~]# nmap 192.168.0.*

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST
Interesting ports on server1.tecmint.com (192.168.0.100):
Not shown: 1677 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
851/tcp open  unknown

Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds
You have new mail in /var/spool/mail/root

在上面的輸出你可以看見nmap掃描整個子網並且提供了那些主機在這個網路上線狀態的資訊。

5. 使用IP地址最後8位元組,掃描多個伺服器

你可以通過簡單的使用IP地址的最後8位元組,執行掃描多個IP地址。例如,這裡我演示了掃描IP地址192.168.0.101, 192.168.0.102 和 192.168.0.103.

[[email protected] ~]# nmap 192.168.0.101,102,103

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds
You have new mail in /var/spool/mail/root

6. 掃描來自檔案的主機列表

如果你有很多的主機需要掃描並且所有主機細節都是寫在檔案裡,你可以直接地告訴NMAP去讀這個檔案然後執行掃描。來看看怎麼做:

建立一個文字檔案叫“nmaptest.txt”並且規定所有需要做掃描的IP地址和伺服器的主機名。

[[email protected] ~]# cat > nmaptest.txt

localhost
server2.tecmint.com
192.168.0.101

接下來,執行下面命令,使用“iL”選項的nmap命令去掃描所有在檔案列出的IP地址。

[[email protected] ~]# nmap -iL nmaptest.txt

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1675 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
111/tcp open  rpcbind
631/tcp open  ipp
857/tcp open  unknown

Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
958/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
958/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds

7. 掃描IP段

你可以用Nmap執行掃描指定的IP段。

[[email protected] ~]# nmap 192.168.0.101-110

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds

8. 掃描除開某IP的網段

You can exclude some hosts while performing a full network scan or when you are scanning with wildcards with “–exclude” option. 當你使用Nmap的萬用字元掃描整個網路的時候想要排除某幾個IP地址,可以使用“–exclude”選項。

[[email protected] ~]# nmap 192.168.0.* --exclude 192.168.0.100

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 seconds
You have new mail in /var/spool/mail/root

9. 掃描系統資訊和路由追蹤

通過Nmap,你可以探測在遠端主機的作業系統以及版本資訊。為了可以探測作業系統和版本,指令碼掃描和路由追蹤,我們可以使用“-A”選項。

[[email protected] ~]# nmap -A 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:25 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 4.3 (protocol 2.0)
80/tcp   open  http    Apache httpd 2.2.3 ((CentOS))
111/tcp  open  rpcbind  2 (rpc #100000)
957/tcp  open  status   1 (rpc #100024)
3306/tcp open  mysql   MySQL (unauthorized)
8888/tcp open  http    lighttpd 1.4.32
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52814B66%O=22%C=1%M=080027)
TSeq(Class=TR%IPID=Z%TS=1000HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Uptime 0.169 days (since Mon Nov 11 12:22:15 2013)

Nmap finished: 1 IP address (1 host up) scanned in 22.271 seconds
You have new mail in /var/spool/mail/root

在上面的輸出,你可以看見NMAP提供了遠端主機正在執行的作業系統的TCP/IP指紋資訊、更多的埠細節資訊和執行在遠端主機的服務。

10. 使用Nmap啟動作業系統檢測

使用“-O”選項和“-osscan-guess”都可以幫助發現作業系統。

[[email protected] ~]# nmap -O server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:40 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52815CF4%O=22%C=1%M=080027)
TSeq(Class=TR%IPID=Z%TS=1000HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=Option -O and -osscan-guess also helps to discover OSR%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Uptime 0.221 days (since Mon Nov 11 12:22:16 2013)

Nmap finished: 1 IP address (1 host up) scanned in 11.064 seconds
You have new mail in /var/spool/mail/root

11. 掃描主機來檢測防火牆

下列命令演示一次掃描,遠端機器是否使用任何的濾包器和防火牆。

[[email protected] ~]# nmap -sA 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 EST
All 1680 scanned ports on server2.tecmint.com (192.168.0.101) are UNfiltered
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.382 seconds
You have new mail in /var/spool/mail/root

12. 掃描主機來檢查它的是否收到防火牆保護

可以掃描主機是否受到任何的濾包器和防火牆的保護。

[[email protected] ~]# nmap -PN 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds

13. 找出網路中線上的主機

隨著“-sP”選項的幫助,我們可以輕鬆地檢查出在網路哪個主機是線上,有這個選項支援的nmap跳過埠探測和其他檢測。

[[email protected] ~]# nmap -sP 192.168.0.*

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:01 EST
Host server1.tecmint.com (192.168.0.100) appears to be up.
Host server2.tecmint.com (192.168.0.101) appears to be up.
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.109 seconds

14. 執行快速掃描

使用“-F”選項可以執行快速掃描去掃描nmap-services檔案列出的埠,但不會掃描其他的埠。

[[email protected] ~]# nmap -F 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:47 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1234 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.322 seconds

15. 查詢Nmap版本

使用“-V”選項可以查詢在你的機器上執行的nmap命令的版本。

[[email protected] ~]# nmap -V

Nmap version 4.11 ( http://www.insecure.org/nmap/ )
You have new mail in /var/spool/mail/root

16. 連續地掃描埠

使用“-r”標記替代隨機掃描

[[email protected] ~]# nmap -r 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:52 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds

17. 列印主機介面和路由

使用“–iflist”選項你可以找出主機的介面和路由資訊

[[email protected] ~]# nmap --iflist

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:07 EST
************************INTERFACES************************
DEV  (SHORT) IP/MASK          TYPE     UP MAC
lo   (lo)    127.0.0.1/8      loopback up
eth0 (eth0)  192.168.0.100/24 ethernet up 08:00:27:11:C7:89

**************************ROUTES**************************
DST/MASK      DEV  GATEWAY
192.168.0.0/0 eth0
169.254.0.0/0 eth0

在上面的輸出,你可以看見上面的示意圖列出了你的系統的介面和他們各自的路由。

18. 掃描特定的埠

Nmap有多種多樣的選項去發現遠端機器的埠。通過“-p”選項,你可以指定你想要掃描的埠,預設情況下Nmap掃描只掃描TCP埠。

[[email protected] ~]# nmap -p 80 server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:12 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT   STATE SERVICE
80/tcp open  http
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) sca

19. 掃描一個TCP埠

你也可以指定特別的埠型別和標號來掃描。

[[email protected] ~]# nmap -p T:8888,80 server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT     STATE SERVICE
80/tcp   open  http
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds

20. 掃描一個UDP埠

[[email protected] ~]# nmap -sU 53 server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT     STATE SERVICE
53/udp   open  http
8888/udp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds

21. 掃描多個指定埠

使用“-p”選項,你也可以指定多個埠掃描。

[[email protected] ~]# nmap -p 80,443 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:56 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.190 seconds

22. 掃描一段的埠

你可以掃描一段範圍表達的埠。

[[email protected] ~]#  nmap -p 80-160 192.168.0.101

23. 找到主機服務版本號

使用“-sV”選項,我們可以查詢出在遠端伺服器的服務版本。

[[email protected] ~]# nmap -sV 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:48 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 4.3 (protocol 2.0)
80/tcp   open  http    Apache httpd 2.2.3 ((CentOS))
111/tcp  open  rpcbind  2 (rpc #100000)
957/tcp  open  status   1 (rpc #100024)
3306/tcp open  mysql   MySQL (unauthorized)
8888/tcp open  http    lighttpd 1.4.32
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 12.624 seconds

24. 掃描遠端主機是使用TCP ACK還是TCP Syn

有時,濾包器防火牆阻止 ICMP的ping請求,在那種情況下,我們可以使用 TCP ACKTCP Syn方法來掃描遠端主機。

[[email protected] ~]# nmap -PS 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:51 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.360 seconds
You have new mail in /var/spool/mail/root

25. 用TCP ACK掃描遠端主機掃描特定埠

[[email protected] ~]# nmap -PA -p 22,80 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:02 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.166 seconds
You have new mail in /var/spool/mail/root

26. 用TCP Syn掃描遠端主機掃描特定埠

[[email protected] ~]# nmap -PS -p 22,80 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:08 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.165 seconds
You have new mail in /var/spool/mail/root

27. 執行一個祕密的掃描

[[email protected] ~]# nmap -sS 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:10 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.383 seconds
You have new mail in /var/spool/mail/root

28. 用TCP Syn檢查所有通用的埠

[[email protected] ~]# nmap -sT 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:12 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
957/tcp  open  unknown
3306/tcp open  mysql
8888/tcp open  sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.406 seconds
You have new mail in /var/spool/mail/root

29. 執行一個TCP 空掃描來欺騙防火牆

[[email protected] ~]# nmap -sN 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 19:01 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT     STATE         SERVICE
22/tcp   open|filtered ssh
80/tcp   open|filtered http
111/tcp  open|filtered rpcbind
957/tcp  open|filtered unknown
3306/tcp open|filtered mysql
8888/tcp open|filtered sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 1.584 seconds
You have new mail in /var/spool/mail/root

這就是現在的NMAP,我將會在這一系列的第二部分提出更多創造性的NMAP選項.直到那時,請繼續關注我們,別忘了分享你的寶貴的評價。

via: http://www.tecmint.com/nmap-command-examples/

本文由 LCTT 原創翻譯,Linux中國 榮譽推出

相關推薦

Nmap 基礎用法

Nmap 又叫做Network Mapper(網路對映器)是一個開源並且為了Linux系統管理員或者網路管理員的萬能的工具。Nmap用於瀏覽網路,執行安全掃描,網路審計以及在遠端機器找到開放埠。它可以掃描線上主機,作業系統,濾包器和遠端主機開啟的埠。  Nmap 命

nmap命令-----基礎用法

系統漏洞掃描之王-nmap 案例一:掃描指定IP所開發埠 命令:nmap -sS -p 1-65535 -v 192.108.1.106 表示使用半開掃描,指定埠1到65535,並且顯示掃描全過程 案例二:掃描www.xxser.com C段存活主機 命令:nmap -sP www.xx

vector最最最基礎用法(非原創)

sort排序 兩個 src per pre 開始 程序 -1 logs 在c++中,vector是一個十分有用的容器,下面對這個容器做一下總結。 1 基本操作 (1)頭文件#include<vector>. (2)創建vector對象,vector<int

Vue組件基礎用法

options tag 基礎 one 靈活 tro 解耦 message rip 前面的話   組件(Component)是Vue.js最強大的功能之一。組件可以擴展HTML元素,封裝可重用的代碼。根據項目需求,抽象出一些組件,每個組件裏包含了展現、功能和樣式。每個頁面,

react入門----組件的基礎用法

可能 處理 對象 amp array 方法 字符串 arr 實例 1、組件 1 <!-- React 允許將代碼封裝成組件(component),然後像插入普通 HTML 標簽一樣,在網頁中插入這個組件。React.createClass 方法就用於生成一個組

js基礎用法1

finish ive fun object close appname isn innertext code click() 對象.click() 使對象被點擊。closed 對象.closed 對象窗口是否已封閉true/falseclearTimeout(對象) 清除已

Sed 的基礎用法

sedSed 的基礎用法sed [ -nefr] [n1,n2] action-n: 是安靜模式,只有經過sed處理的行才會顯示,其他不現實-e:表示直接在命令行上執行。是默認選項不用填寫。-f: 將Sed的操作寫在一個文件裏面,用的時候-f filename 就可以按照內容進行Sed操作-r :表示支持正則

JS---基礎用法2

prompt logs pro 轉換成整型 win 基礎 onclick log 休息 <!DOCTYPE html> <html> <head lang="en"> <meta charset="UTF-8">

詳細解讀-this-關鍵字在全局、函數、對象、jQuery中的基礎用法

瀏覽器中 person ack true ++ 例子 span mar 編程 一、前言 1、 Javascript是一門基於對象的動態語言,也就是說,所有東西都是對象,一個很典型的例子就是函數也被視為普通的對象。Javascript可以通過一定的設計模式來實現面向對

sscanf的最基礎用法(非原創)

urn clas 參數 detail tail include sca min col 1 #include<stdio.h> 2 #include<stdlib.h> 3 #include<string.h> 4 5 in

TensorFlow TensorFlow的基礎用法

非線性方程 false run 從零學習 好的 江湖 git 接下來 相關 原文: TensorFlow 優化實踐 寫在前面的話 在前面一章中說到了TensorFlow的基礎用法,這一章作為一個進階來聊聊神經網絡的具體的結構和參數問題,包括: 前饋神經網絡循環神經網絡神經網

Python3.6:bs4解析html基礎用法

實用 pri safari -a webkit con 內容 like div Python3.6:bs4解析html基礎用法 代碼: import urllib.request from bs4 import BeautifulSoup import re url =

canvas基礎用法

eve element 繼承 矩形區域 轉換 src 展示 當前位置 順時針 canvas 是 HTML5 提供的一個用於展示繪圖效果的標簽. canvas 原意畫布, 帆布. 在 HTML 頁面中用於展示繪圖效果. 最早 canvas 是蘋果提出的一個方案, 今天已經在大

MongoDB配置與基礎用法

multi sta att 替換 core bin 系統 ram 多個 MongoDB 安裝 官網:https://www.mongodb.com/ 手冊:https://docs.mongodb.org/manual/ win7系統需要安裝補丁,KB2731284

第12課:HTML+CSS的基礎用法

日常使用 mil rtc 一行 ade user 新頁面 form -s 1. html之head部分的常用標簽的使用 <!--指定html是標準的html還是其它的html--> <!DOCTYPE html> <html lang="en

Python-if、for、while的基礎用法

分支 代碼執行 pan 結束 nbsp 只需要 for 不想 區別 Python的各種代碼執行,都是從上至下執行,滿足條件就返回,不會執行後面的代碼 一、if    假如把寫程序比做走路,那我們到現在為止,一直走的都是直路,還沒遇到過分叉口,想象現實中,你遇到了分叉口,然後

日誌分析命令awk基礎用法

pri 取出 http 我只 修飾符 日誌 自動 文本處理工具 ssi awk awk是一個很好用的文本處理工具,相對於sed常用用作一整行的處理,awk則比較擅長將一行分成數個字段來處理。而在我們性能測試中,可以awk可以幫助我們造數,也可以幫助我們分析日誌。 簡單來說

awk的基本概念,基礎用法和高級用法

awk 基本概念 基礎用法 高級用法 awk:文本處理三劍客:grep系,sed,awkgrep系:grep,egrep,fgrep,基於PATTERN進行文本過濾;sed:流編輯器,逐行編輯器;模式空間,保持空間;awk:報告生成器;格式化文檔輸出; awk是下面三個人的姓氏縮寫:

Promise 的基礎用法

AD int func val sof style AC mic soft Promise 是異步編程的一種解決方案,比傳統的解決方案–回調函數和事件--更合理和更強大。它由社區最早提出和實現,ES6將其寫進了語言標準,統一了語法,原生提供了Promise 所謂Promis

文本三劍客之一 “sed”的基礎用法和高級用法

sed基礎用法 sed高級用法 sed工具; 用法: sed [option]… ‘script’ inputfile… 常用選項: -n:不輸出模式空間內容到屏幕,即不自動打印[root@localhost ~]# sed -n -e “2p” -e “6p” f1 (2;6代表處理第幾行)-e: