Nmap 基礎用法
Nmap 又叫做Network Mapper(網路對映器)是一個開源並且為了Linux系統管理員或者網路管理員的萬能的工具。Nmap用於瀏覽網路,執行安全掃描,網路審計以及在遠端機器找到開放埠。它可以掃描線上主機,作業系統,濾包器和遠端主機開啟的埠。
Nmap 命令和例子
我用兩個不同的方面,去覆蓋所有NMAP的使用方法,第一部分是正經的Nmap。順便提一下裝置,我會使用兩個沒有防火牆的伺服器,來測試Nmap命令。
- 192.168.0.100 – server1.tecmint.com
- 192.168.0.101 – server2.tecmint.com
Nmap 命令 用法
# nmap [掃描型別] [選項] {目標說明}
怎麼在Linux安裝NMAP
如今大多數的Linux發行版,像 Red Hat, CentOS, Fedoro, Debian 和 Ubuntu 已經在預設安裝包管理庫Yum或APT中包含Nmap. 這兩個工具是用來安裝和管理軟體包和升級的工具.為了安裝Nmap可以使用下列命令。
# yum install nmap [基於Red Hat系統]
$ sudo apt-get install nmap [基於Debian系統]
一旦你安裝完成最新的nmap應用程式,你可以使用下列來自這篇文章的例子命令。
1. 使用Hostname和IP地址來掃描系統
Nmap工具提供豐富的方法來掃描一個系統。在這個例子中,我將演示一個掃描,用“server2.tecmint.com”的主機名掃描出他的系統所有開放埠,服務和MAC地址。
使用主機名掃描
[[email protected] ~]# nmap server2.tecmint.com Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds You have new mail in /var/spool/mail/root
使用IP地址掃描
[[email protected] ~]# nmap 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds
You have new mail in /var/spool/mail/root
2. 使用 “-v” 選項
你可以看見下面命令使用了“-v”選項,此選項個給了更多的遠端裝置的細節。
[[email protected] ~]# nmap -v server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST
Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43
The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43
Discovered open port 22/tcp on 192.168.0.101
Discovered open port 80/tcp on 192.168.0.101
Discovered open port 8888/tcp on 192.168.0.101
Discovered open port 111/tcp on 192.168.0.101
Discovered open port 3306/tcp on 192.168.0.101
Discovered open port 957/tcp on 192.168.0.101
The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.tecmint.com (192.168.0.101) appears to be up ... good.
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
掃描多個主機
掃描多個主機只需要簡單地以空格隔開輸入他們IP地址或者主機名即可
[[email protected] ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds
4. 掃描整個子網
通過使用萬用字元,你可以掃描整個子網或者IP段。
[[email protected] ~]# nmap 192.168.0.*
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST
Interesting ports on server1.tecmint.com (192.168.0.100):
Not shown: 1677 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
851/tcp open unknown
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds
You have new mail in /var/spool/mail/root
在上面的輸出你可以看見nmap掃描整個子網並且提供了那些主機在這個網路是上線狀態的資訊。
5. 使用IP地址最後8位元組,掃描多個伺服器
你可以通過簡單的使用IP地址的最後8位元組,執行掃描多個IP地址。例如,這裡我演示了掃描IP地址192.168.0.101, 192.168.0.102 和 192.168.0.103.
[[email protected] ~]# nmap 192.168.0.101,102,103
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds
You have new mail in /var/spool/mail/root
6. 掃描來自檔案的主機列表
如果你有很多的主機需要掃描並且所有主機細節都是寫在檔案裡,你可以直接地告訴NMAP去讀這個檔案然後執行掃描。來看看怎麼做:
建立一個文字檔案叫“nmaptest.txt”並且規定所有需要做掃描的IP地址和伺服器的主機名。
[[email protected] ~]# cat > nmaptest.txt
localhost
server2.tecmint.com
192.168.0.101
接下來,執行下面命令,使用“iL”選項的nmap命令去掃描所有在檔案列出的IP地址。
[[email protected] ~]# nmap -iL nmaptest.txt
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1675 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
857/tcp open unknown
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds
7. 掃描IP段
你可以用Nmap執行掃描指定的IP段。
[[email protected] ~]# nmap 192.168.0.101-110
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds
8. 掃描除開某IP的網段
You can exclude some hosts while performing a full network scan or when you are scanning with wildcards with “–exclude” option. 當你使用Nmap的萬用字元掃描整個網路的時候想要排除某幾個IP地址,可以使用“–exclude”選項。
[[email protected] ~]# nmap 192.168.0.* --exclude 192.168.0.100
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 seconds
You have new mail in /var/spool/mail/root
9. 掃描系統資訊和路由追蹤
通過Nmap,你可以探測在遠端主機的作業系統以及版本資訊。為了可以探測作業系統和版本,指令碼掃描和路由追蹤,我們可以使用“-A”選項。
[[email protected] ~]# nmap -A 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:25 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
80/tcp open http Apache httpd 2.2.3 ((CentOS))
111/tcp open rpcbind 2 (rpc #100000)
957/tcp open status 1 (rpc #100024)
3306/tcp open mysql MySQL (unauthorized)
8888/tcp open http lighttpd 1.4.32
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52814B66%O=22%C=1%M=080027)
TSeq(Class=TR%IPID=Z%TS=1000HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Uptime 0.169 days (since Mon Nov 11 12:22:15 2013)
Nmap finished: 1 IP address (1 host up) scanned in 22.271 seconds
You have new mail in /var/spool/mail/root
在上面的輸出,你可以看見NMAP提供了遠端主機正在執行的作業系統的TCP/IP指紋資訊、更多的埠細節資訊和執行在遠端主機的服務。
10. 使用Nmap啟動作業系統檢測
使用“-O”選項和“-osscan-guess”都可以幫助發現作業系統。
[[email protected] ~]# nmap -O server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:40 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52815CF4%O=22%C=1%M=080027)
TSeq(Class=TR%IPID=Z%TS=1000HZ)
T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)
T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=Option -O and -osscan-guess also helps to discover OSR%Ops=)
T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)
Uptime 0.221 days (since Mon Nov 11 12:22:16 2013)
Nmap finished: 1 IP address (1 host up) scanned in 11.064 seconds
You have new mail in /var/spool/mail/root
11. 掃描主機來檢測防火牆
下列命令演示一次掃描,遠端機器是否使用任何的濾包器和防火牆。
[[email protected] ~]# nmap -sA 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 EST
All 1680 scanned ports on server2.tecmint.com (192.168.0.101) are UNfiltered
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.382 seconds
You have new mail in /var/spool/mail/root
12. 掃描主機來檢查它的是否收到防火牆保護
可以掃描主機是否受到任何的濾包器和防火牆的保護。
[[email protected] ~]# nmap -PN 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds
13. 找出網路中線上的主機
隨著“-sP”選項的幫助,我們可以輕鬆地檢查出在網路哪個主機是線上,有這個選項支援的nmap跳過埠探測和其他檢測。
[[email protected] ~]# nmap -sP 192.168.0.*
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:01 EST
Host server1.tecmint.com (192.168.0.100) appears to be up.
Host server2.tecmint.com (192.168.0.101) appears to be up.
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.109 seconds
14. 執行快速掃描
使用“-F”選項可以執行快速掃描去掃描nmap-services檔案列出的埠,但不會掃描其他的埠。
[[email protected] ~]# nmap -F 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:47 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1234 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.322 seconds
15. 查詢Nmap版本
使用“-V”選項可以查詢在你的機器上執行的nmap命令的版本。
[[email protected] ~]# nmap -V
Nmap version 4.11 ( http://www.insecure.org/nmap/ )
You have new mail in /var/spool/mail/root
16. 連續地掃描埠
使用“-r”標記替代隨機掃描
[[email protected] ~]# nmap -r 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:52 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds
17. 列印主機介面和路由
使用“–iflist”選項你可以找出主機的介面和路由資訊
[[email protected] ~]# nmap --iflist
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:07 EST
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MAC
lo (lo) 127.0.0.1/8 loopback up
eth0 (eth0) 192.168.0.100/24 ethernet up 08:00:27:11:C7:89
**************************ROUTES**************************
DST/MASK DEV GATEWAY
192.168.0.0/0 eth0
169.254.0.0/0 eth0
在上面的輸出,你可以看見上面的示意圖列出了你的系統的介面和他們各自的路由。
18. 掃描特定的埠
Nmap有多種多樣的選項去發現遠端機器的埠。通過“-p”選項,你可以指定你想要掃描的埠,預設情況下Nmap掃描只掃描TCP埠。
[[email protected] ~]# nmap -p 80 server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:12 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT STATE SERVICE
80/tcp open http
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) sca
19. 掃描一個TCP埠
你也可以指定特別的埠型別和標號來掃描。
[[email protected] ~]# nmap -p T:8888,80 server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT STATE SERVICE
80/tcp open http
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds
20. 掃描一個UDP埠
[[email protected] ~]# nmap -sU 53 server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT STATE SERVICE
53/udp open http
8888/udp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds
21. 掃描多個指定埠
使用“-p”選項,你也可以指定多個埠掃描。
[[email protected] ~]# nmap -p 80,443 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:56 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.190 seconds
22. 掃描一段的埠
你可以掃描一段範圍表達的埠。
[[email protected] ~]# nmap -p 80-160 192.168.0.101
23. 找到主機服務版本號
使用“-sV”選項,我們可以查詢出在遠端伺服器的服務版本。
[[email protected] ~]# nmap -sV 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:48 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
80/tcp open http Apache httpd 2.2.3 ((CentOS))
111/tcp open rpcbind 2 (rpc #100000)
957/tcp open status 1 (rpc #100024)
3306/tcp open mysql MySQL (unauthorized)
8888/tcp open http lighttpd 1.4.32
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 12.624 seconds
24. 掃描遠端主機是使用TCP ACK還是TCP Syn
有時,濾包器防火牆阻止 ICMP的ping請求,在那種情況下,我們可以使用 TCP ACK和TCP Syn方法來掃描遠端主機。
[[email protected] ~]# nmap -PS 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:51 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.360 seconds
You have new mail in /var/spool/mail/root
25. 用TCP ACK掃描遠端主機掃描特定埠
[[email protected] ~]# nmap -PA -p 22,80 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:02 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.166 seconds
You have new mail in /var/spool/mail/root
26. 用TCP Syn掃描遠端主機掃描特定埠
[[email protected] ~]# nmap -PS -p 22,80 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:08 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.165 seconds
You have new mail in /var/spool/mail/root
27. 執行一個祕密的掃描
[[email protected] ~]# nmap -sS 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:10 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.383 seconds
You have new mail in /var/spool/mail/root
28. 用TCP Syn檢查所有通用的埠
[[email protected] ~]# nmap -sT 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:12 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.406 seconds
You have new mail in /var/spool/mail/root
29. 執行一個TCP 空掃描來欺騙防火牆
[[email protected] ~]# nmap -sN 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 19:01 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open|filtered ssh
80/tcp open|filtered http
111/tcp open|filtered rpcbind
957/tcp open|filtered unknown
3306/tcp open|filtered mysql
8888/tcp open|filtered sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 1.584 seconds
You have new mail in /var/spool/mail/root
這就是現在的NMAP,我將會在這一系列的第二部分提出更多創造性的NMAP選項.直到那時,請繼續關注我們,別忘了分享你的寶貴的評價。
via: http://www.tecmint.com/nmap-command-examples/
相關推薦
Nmap 基礎用法
Nmap 又叫做Network Mapper(網路對映器)是一個開源並且為了Linux系統管理員或者網路管理員的萬能的工具。Nmap用於瀏覽網路,執行安全掃描,網路審計以及在遠端機器找到開放埠。它可以掃描線上主機,作業系統,濾包器和遠端主機開啟的埠。 Nmap 命
nmap命令-----基礎用法
系統漏洞掃描之王-nmap 案例一:掃描指定IP所開發埠 命令:nmap -sS -p 1-65535 -v 192.108.1.106 表示使用半開掃描,指定埠1到65535,並且顯示掃描全過程 案例二:掃描www.xxser.com C段存活主機 命令:nmap -sP www.xx
vector最最最基礎用法(非原創)
sort排序 兩個 src per pre 開始 程序 -1 logs 在c++中,vector是一個十分有用的容器,下面對這個容器做一下總結。 1 基本操作 (1)頭文件#include<vector>. (2)創建vector對象,vector<int
Vue組件基礎用法
options tag 基礎 one 靈活 tro 解耦 message rip 前面的話 組件(Component)是Vue.js最強大的功能之一。組件可以擴展HTML元素,封裝可重用的代碼。根據項目需求,抽象出一些組件,每個組件裏包含了展現、功能和樣式。每個頁面,
react入門----組件的基礎用法
可能 處理 對象 amp array 方法 字符串 arr 實例 1、組件 1 <!-- React 允許將代碼封裝成組件(component),然後像插入普通 HTML 標簽一樣,在網頁中插入這個組件。React.createClass 方法就用於生成一個組
js基礎用法1
finish ive fun object close appname isn innertext code click() 對象.click() 使對象被點擊。closed 對象.closed 對象窗口是否已封閉true/falseclearTimeout(對象) 清除已
Sed 的基礎用法
sedSed 的基礎用法sed [ -nefr] [n1,n2] action-n: 是安靜模式,只有經過sed處理的行才會顯示,其他不現實-e:表示直接在命令行上執行。是默認選項不用填寫。-f: 將Sed的操作寫在一個文件裏面,用的時候-f filename 就可以按照內容進行Sed操作-r :表示支持正則
JS---基礎用法2
prompt logs pro 轉換成整型 win 基礎 onclick log 休息 <!DOCTYPE html> <html> <head lang="en"> <meta charset="UTF-8">
詳細解讀-this-關鍵字在全局、函數、對象、jQuery中的基礎用法!
瀏覽器中 person ack true ++ 例子 span mar 編程 一、前言 1、 Javascript是一門基於對象的動態語言,也就是說,所有東西都是對象,一個很典型的例子就是函數也被視為普通的對象。Javascript可以通過一定的設計模式來實現面向對
sscanf的最基礎用法(非原創)
urn clas 參數 detail tail include sca min col 1 #include<stdio.h> 2 #include<stdlib.h> 3 #include<string.h> 4 5 in
TensorFlow TensorFlow的基礎用法
非線性方程 false run 從零學習 好的 江湖 git 接下來 相關 原文: TensorFlow 優化實踐 寫在前面的話 在前面一章中說到了TensorFlow的基礎用法,這一章作為一個進階來聊聊神經網絡的具體的結構和參數問題,包括: 前饋神經網絡循環神經網絡神經網
Python3.6:bs4解析html基礎用法
實用 pri safari -a webkit con 內容 like div Python3.6:bs4解析html基礎用法 代碼: import urllib.request from bs4 import BeautifulSoup import re url =
canvas基礎用法
eve element 繼承 矩形區域 轉換 src 展示 當前位置 順時針 canvas 是 HTML5 提供的一個用於展示繪圖效果的標簽. canvas 原意畫布, 帆布. 在 HTML 頁面中用於展示繪圖效果. 最早 canvas 是蘋果提出的一個方案, 今天已經在大
MongoDB配置與基礎用法
multi sta att 替換 core bin 系統 ram 多個 MongoDB 安裝 官網:https://www.mongodb.com/ 手冊:https://docs.mongodb.org/manual/ win7系統需要安裝補丁,KB2731284
第12課:HTML+CSS的基礎用法
日常使用 mil rtc 一行 ade user 新頁面 form -s 1. html之head部分的常用標簽的使用 <!--指定html是標準的html還是其它的html--> <!DOCTYPE html> <html lang="en
Python-if、for、while的基礎用法
分支 代碼執行 pan 結束 nbsp 只需要 for 不想 區別 Python的各種代碼執行,都是從上至下執行,滿足條件就返回,不會執行後面的代碼 一、if 假如把寫程序比做走路,那我們到現在為止,一直走的都是直路,還沒遇到過分叉口,想象現實中,你遇到了分叉口,然後
日誌分析命令awk基礎用法
pri 取出 http 我只 修飾符 日誌 自動 文本處理工具 ssi awk awk是一個很好用的文本處理工具,相對於sed常用用作一整行的處理,awk則比較擅長將一行分成數個字段來處理。而在我們性能測試中,可以awk可以幫助我們造數,也可以幫助我們分析日誌。 簡單來說
awk的基本概念,基礎用法和高級用法
awk 基本概念 基礎用法 高級用法 awk:文本處理三劍客:grep系,sed,awkgrep系:grep,egrep,fgrep,基於PATTERN進行文本過濾;sed:流編輯器,逐行編輯器;模式空間,保持空間;awk:報告生成器;格式化文檔輸出; awk是下面三個人的姓氏縮寫:
Promise 的基礎用法
AD int func val sof style AC mic soft Promise 是異步編程的一種解決方案,比傳統的解決方案–回調函數和事件--更合理和更強大。它由社區最早提出和實現,ES6將其寫進了語言標準,統一了語法,原生提供了Promise 所謂Promis
文本三劍客之一 “sed”的基礎用法和高級用法
sed基礎用法 sed高級用法 sed工具; 用法: sed [option]… ‘script’ inputfile… 常用選項: -n:不輸出模式空間內容到屏幕,即不自動打印[root@localhost ~]# sed -n -e “2p” -e “6p” f1 (2;6代表處理第幾行)-e: