nmap_命令详解

1

使用主机名扫描

[[email protected] opt]# nmap www.baidu.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 16:52 CST

Nmap scan report for www.baidu.com (220.181.111.188)

Host is up (0.0025s latency).

Other addresses for www.baidu.com (not scanned): 220.181.112.244

Not shown: 998 filtered ports

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 5.01 seconds

2

使用IP地址扫描

[[email protected] opt]# nmap 192.168.20.237

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 16:53 CST

Nmap scan report for 192.168.20.237

Host is up (0.0000060s latency).

Not shown: 997 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

80/tcp   open  http

3306/tcp open  mysql

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds

3

扫描使用“-v”选项

使用“ -v “选项后给出了远程机器更详细的信息。

[[email protected] opt]# nmap -v www.baidu.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 16:54 CST

Initiating Ping Scan at 16:54

Scanning www.baidu.com (220.181.111.188) [4 ports]

Completed Ping Scan at 16:54, 0.02s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 16:54

Completed Parallel DNS resolution of 1 host. at 16:54, 0.02s elapsed

Initiating SYN Stealth Scan at 16:54

Scanning www.baidu.com (220.181.111.188) [1000 ports]

Discovered open port 80/tcp on 220.181.111.188

Discovered open port 443/tcp on 220.181.111.188

Completed SYN Stealth Scan at 16:54, 4.53s elapsed (1000 total ports)

Nmap scan report for www.baidu.com (220.181.111.188)

Host is up (0.0019s latency).

Other addresses for www.baidu.com (not scanned): 220.181.112.244

Not shown: 998 filtered ports

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Read data files from: /usr/bin/../share/nmap

Nmap done: 1 IP address (1 host up) scanned in 4.68 seconds

Raw packets sent: 2004 (88.152KB) | Rcvd: 5 (204B)

4

扫描多台主机

Nmap命令后加上多个IP地址或主机名来扫描多台主机

[[email protected] opt]# nmap  www.baidu.com www.163.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 16:56 CST

Nmap scan report for www.baidu.com (220.181.112.244)

Host is up (0.0023s latency).

Other addresses for www.baidu.com (not scanned): 220.181.111.188

Not shown: 998 filtered ports

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap scan report for www.163.com (175.25.168.40)

Host is up (0.0028s latency).

Not shown: 984 closed ports

PORT      STATE SERVICE

80/tcp    open  http

81/tcp    open  hosts2-ns

88/tcp    open  kerberos-sec

443/tcp   open  https

2323/tcp  open  3d-nfsd

3030/tcp  open  arepa-cas

8080/tcp  open  http-proxy

8081/tcp  open  blackice-icecap

8082/tcp  open  blackice-alerts

8083/tcp  open  us-srv

8088/tcp  open  radan-http

8090/tcp  open  unknown

8888/tcp  open  sun-answerbook

9001/tcp  open  tor-orport

9500/tcp  open  ismserver

20000/tcp open  dnp

Nmap done: 2 IP addresses (2 hosts up) scanned in 17.15 seconds

5

扫描整个子网

使用*通配符来扫描整个子网或某个范围的IP地址

[[email protected] opt]# nmap 192.168.20.*

6

使用IP地址的最后一个字节扫描多台服务器

[[email protected] opt]# nmap 192.168.20.236,237,238

7

从一个文件中扫描主机列表

运行带“iL” 选项的nmap命令来扫描文件中列出的所有IP地址

[[email protected] opt]# more abc.txt

192.168.20.248

192.168.20.235

192.168.20.227

[[email protected] opt]# nmap -iL abc.txt

8

扫描一个IP地址范围

nmap 192.168.20.236-238

9

排除一些远程主机后再扫描

[[email protected] opt]# nmap 192.168.20.236-238 --exclude 192.168.20.237

10

扫描操作系统信息和路由跟踪

为了启用操作系统和版本检测,脚本扫描和路由跟踪功能,我们可以使用NMAP的“-A“选项。

从下面的输出你可以看到,Nmap显示出了远程主机操作系统的TCP/IP协议指纹,并且更加具体的显示出远程主机上的端口和服务

[[email protected] opt]# nmap -A 192.168.20.229

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:04 CST

Nmap scan report for 192.168.20.229

Host is up (0.00028s latency).

Not shown: 997 closed ports

PORT     STATE SERVICE VERSION

22/tcp   open  ssh     OpenSSH 5.3 (protocol 2.0)

| ssh-hostkey:

|   1024 59:14:67:7a:92:dc:30:76:e0:59:9c:f2:eb:d7:dc:77 (DSA)

|_  2048 3a:a8:73:5a:e7:02:34:5d:fe:1e:04:7d:5f:b3:ba:19 (RSA)

80/tcp   open  http    nginx

|_http-server-header: nginx

|_http-title: \xE5\xA5\xBD\xE6\x9C\xA8

8088/tcp open  http    Jetty 7.6.15.v20140411

|_http-server-header: Jetty(7.6.15.v20140411)

|_http-title: Error 404 Not Found

MAC Address: 00:0C:29:6C:03:6A (VMware)

No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=7.40%E=4%D=3/29%OT=22%CT=1%CU=33617%PV=Y%DS=1%DC=D%G=Y%M=000C29%T

OS:M=58DB78C6%P=x86_64-redhat-linux-gnu)SEQ(SP=108%GCD=1%ISR=109%TI=Z%CI=Z%

OS:II=I%TS=U)OPS(O1=M5B4NNSNW9%O2=M5B4NNSNW9%O3=M5B4NW9%O4=M5B4NNSNW9%O5=M5

OS:B4NNSNW9%O6=M5B4NNS)WIN(W1=3908%W2=3908%W3=3908%W4=3908%W5=3908%W6=3908)

OS:ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW9%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%

OS:F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T

OS:5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=

OS:Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF

OS:=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40

OS:%CD=S)

Network Distance: 1 hop

TRACEROUTE

HOP RTT     ADDRESS

1   0.28 ms 192.168.20.229

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 20.09 seconds

11

启用Nmap的操作系统探测功能

使用选项“-O”和“-osscan-guess”也帮助探测操作系统信息

[[email protected] opt]# nmap -O 192.168.20.229

12

扫描主机侦测防火墙

扫描远程主机以探测该主机是否使用了包过滤器或防火墙

[[email protected] opt]# nmap -sA www.baidu.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:11 CST

Nmap scan report for www.baidu.com (220.181.112.244)

Host is up (0.0019s latency).

Other addresses for www.baidu.com (not scanned): 220.181.111.188

All 1000 scanned ports on www.baidu.com (220.181.112.244) are filtered     #可以判断出使用了防火墙

Nmap done: 1 IP address (1 host up) scanned in 21.22 seconds

[[email protected] opt]# nmap -sA 192.168.20.229

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:14 CST

Nmap scan report for 192.168.20.229

Host is up (0.00033s latency).

All 1000 scanned ports on 192.168.20.229 are unfiltered     #未使用防火墙

MAC Address: 00:0C:29:6C:03:6A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds

13

扫描主机检测是否有防火墙保护

扫描主机检测其是否受到数据包过滤软件或防火墙的保护

[[email protected] opt]# nmap -PN www.baidu.com

14

找出网络中的在线主机

使用“-sP”选项,我们可以简单的检测网络中有哪些在线主机,该选项会跳过端口扫描和其他一些检测。

[[email protected] opt]# nmap -sP 192.168.20.*

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:18 CST

Nmap scan report for 192.168.20.1

Host is up (0.00068s latency).

MAC Address: 68:ED:A4:03:5A:65 (Shenzhen Seavo Technology)

Nmap scan report for 192.168.20.57

Host is up (0.00080s latency).

MAC Address: 14:18:77:27:34:DF (Dell)

Nmap scan report for 192.168.20.211

Host is up (0.00038s latency).

MAC Address: 14:18:77:4F:70:DC (Dell)

15

执行快速扫描

你可以使用“-F”选项执行一次快速扫描,仅扫描列在nmap-services文件中的端口而避开所有其它的端口

[[email protected] opt]# nmap -F www.baidu.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:24 CST

Nmap scan report for www.baidu.com (220.181.112.244)

Host is up (0.0019s latency).

Other addresses for www.baidu.com (not scanned): 220.181.111.188

Not shown: 98 filtered ports

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 1.81 seconds

16

查看Nmap的版本

使用“-V”选项来检测你机子上Nmap的版本。

[[email protected] opt]# nmap -V

Nmap version 7.40 ( https://nmap.org )

Platform: x86_64-redhat-linux-gnu

Compiled with: liblua-5.3.3 openssl-1.0.1e libpcre-7.8 libpcap-1.4.0 nmap-libdnet-1.12 ipv6

Compiled without:

Available nsock engines: epoll poll select

17

顺序扫描端口

使用“-r”选项表示不会随机的选择端口扫描

[[email protected] opt]# nmap -r www.baidu.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:27 CST

Nmap scan report for www.baidu.com (220.181.111.188)

Host is up (0.0025s latency).

Other addresses for www.baidu.com (not scanned): 220.181.112.244

Not shown: 998 filtered ports

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 4.39 seconds

18

打印主机接口和路由

你可以使用nmap的"--iflist”选项检测主机接口和路由信息

从下面的输出你可以看到,nmap列举出了你系统上的接口以及它们各自的路由信息

[[email protected] opt]# nmap --iflist

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:28 CST

************************INTERFACES************************

DEV  (SHORT) IP/MASK                     TYPE     UP MTU   MAC

lo   (lo)    127.0.0.1/8                 loopback up 16436

lo   (lo)    ::1/128                     loopback up 16436

eth0 (eth0)  192.168.20.237/24           ethernet up 1500  00:0C:29:14:81:57

eth0 (eth0)  fe80::20c:29ff:fe14:8157/64 ethernet up 1500  00:0C:29:14:81:57

**************************ROUTES**************************

DST/MASK                     DEV  METRIC GATEWAY

192.168.20.0/24              eth0 0

169.254.0.0/16               eth0 1002

0.0.0.0/0                    eth0 0      192.168.20.1

::1/128                      lo   0

fe80::20c:29ff:fe14:8157/128 lo   0

fe80::/64                    eth0 256

ff00::/8                     eth0 256

19

扫描特定的端口

使用Nmap扫描远程机器的端口有各种选项,你可以使用“-P”选项指定你想要扫描的端口,默认情况下nmap只扫描TCP端口

[[email protected] opt]# nmap -p 80 www.baidu.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:34 CST

Nmap scan report for www.baidu.com (220.181.111.188)

Host is up (0.0018s latency).

Other addresses for www.baidu.com (not scanned): 220.181.112.244

PORT   STATE SERVICE

80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

20

扫描TCP端口

可以指定具体的端口类型和端口号来让nmap扫描

[[email protected] opt]# nmap -p T:80,8088 192.168.20.229

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:46 CST

Nmap scan report for 192.168.20.229

Host is up (0.00042s latency).

PORT     STATE SERVICE

80/tcp   open  http

8088/tcp open  radan-http

MAC Address: 00:0C:29:6C:03:6A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

21

扫描UDP端口

[[email protected] opt]# nmap -sU 192.168.20.229

22

扫描多个端口

还可以使用选项“-P”来扫描多个端口

[[email protected] opt]# nmap -p 80,8088 192.168.20.229

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:54 CST

Nmap scan report for 192.168.20.229

Host is up (0.0016s latency).

PORT     STATE SERVICE

80/tcp   open  http

8088/tcp open  radan-http

MAC Address: 00:0C:29:6C:03:6A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds

23

扫描指定范围内的端口

可以使用表达式来扫描某个范围内的端口

[[email protected] opt]# nmap -p 80-8088 192.168.20.229

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:58 CST

Nmap scan report for 192.168.20.229

Host is up (0.00025s latency).

Not shown: 7999 closed ports

PORT     STATE SERVICE

80/tcp   open  http

5010/tcp open  telelpathstart

5011/tcp open  telelpathattack

5012/tcp open  nsp

5013/tcp open  fmpro-v6

5015/tcp open  fmwp

5016/tcp open  unknown

5017/tcp open  unknown

6379/tcp open  redis

8088/tcp open  radan-http

MAC Address: 00:0C:29:6C:03:6A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds

24

查找主机服务版本号

我们可以使用“-sV”选项找出远程主机上运行的服务版本

[[email protected] opt]# nmap -sV 192.168.20.237

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 17:59 CST

Nmap scan report for 192.168.20.237

Host is up (0.0000060s latency).

Not shown: 997 closed ports

PORT     STATE SERVICE VERSION

22/tcp   open  ssh     OpenSSH 5.3 (protocol 2.0)

80/tcp   open  http    Apache httpd 2.2.15 ((CentOS))

3306/tcp open  mysql   MySQL 5.6.35

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 6.80 seconds

25

使用TCP ACK (PA)和TCP Syn (PS)扫描远程主机

有时候包过滤防火墙会阻断标准的ICMP ping请求,在这种情况下,我们可以使用TCP ACK和TCP Syn方法来扫描远程主机

[[email protected] opt]# nmap -PS www.baidu.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 18:01 CST

Nmap scan report for www.baidu.com (220.181.111.188)

Host is up (0.0040s latency).

Other addresses for www.baidu.com (not scanned): 220.181.112.244

Not shown: 998 filtered ports

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 5.99 seconds

26

使用TCP ACK扫描远程主机上特定的端口

[[email protected] opt]# nmap -PA -p 80,8088 192.168.20.229

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 18:04 CST

Nmap scan report for 192.168.20.229

Host is up (0.00040s latency).

PORT     STATE SERVICE

80/tcp   open  http

8088/tcp open  radan-http

MAC Address: 00:0C:29:6C:03:6A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds

27

执行一次隐蔽的扫描

[[email protected] opt]# nmap -sS www.baidu.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 18:05 CST

Nmap scan report for www.baidu.com (220.181.112.244)

Host is up (0.0018s latency).

Other addresses for www.baidu.com (not scanned): 220.181.111.188

Not shown: 998 filtered ports

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 4.99 seconds

28

使用TCP Syn扫描最常用的端口

[[email protected] opt]# nmap -sT www.baidu.com

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 18:06 CST

Nmap scan report for www.baidu.com (220.181.112.244)

Host is up (0.0019s latency).

Other addresses for www.baidu.com (not scanned): 220.181.111.188

Not shown: 998 filtered ports

PORT    STATE SERVICE

80/tcp  open  http

443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 4.55 seconds

29

执行TCP空扫描以骗过防火墙

[[email protected] opt]# nmap -sN 192.168.20.237

Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 18:08 CST

Nmap scan report for 192.168.20.237

Host is up (0.0000060s latency).

Not shown: 997 closed ports

PORT     STATE         SERVICE

22/tcp   open|filtered ssh

80/tcp   open|filtered http

3306/tcp open|filtered mysql

Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds

时间: 03-28

nmap_命令详解的相关文章

jar打包命令详解

:如何把 java 程序编译成 .exe 文件.通常回答只有两种,一种是说,制作一个可执行的 JAR 文件包,就可以像.chm 文档一样双击运行了:而另一种回答,则是使用 JET 来进行编译.但是 JET 是要用钱买的,而且,据说 JET 也不是能把所有的 Java 程序都编译成执行文件,性能也要打些折扣.所以,使用制作可执行 JAR 文件包的方法就是最佳选择了,何况它还能保持 Java 的跨平台特性.先来看看什么是 JAR 文件包: 1. JAR 文件包 JAR 文件就是 Java Archi

Linux压缩与解压缩命令详解

简介:常用的压缩命令有gzip.bzip2.tar 提示:gzip与bzip2工具不可以对目录做打包压缩操作,gzip与bzip2解压都是用-d参数(decompress=uncompress) tar命令详解: 用法:tar 模式 [选项][路径]... 模式:    -c 创建打包文件 -delete -r --append -t --list内容 -x --extract 选项:    -C --directory -f 打包后的文件名称 -j bzip格式压缩 --remove-file

(转)Linux下PS命令详解

(转)Linux下PS命令详解 整理自:http://blog.chinaunix.net/space.php?uid=20564848&do=blog&id=74654 要对系统中进程进行监测控制,查看状态,内存,CPU的使用情况,使用命令:/bin/ps (1) ps :是显示瞬间进程的状态,并不动态连续: (2) top:如果想对进程运行时间监控,应该用 top 命令: (3) kill 用于杀死进程或者给进程发送信号: (4) 查看文章最后的man手册,可以查看ps的每项输出的含义

Linux上的free命令详解

Linux上的free命令详解 转自: http://www.cnblogs.com/coldplayerest/archive/2010/02/20/1669949.html 解释一下Linux上free命令的输出. 下面是free的运行结果,一共有4行.为了方便说明,我加上了列号.这样可以把free的输出看成一个二维数组FO(Free Output).例如: FO[2][1] = 24677460 FO[3][2] = 10321516 1          2          3    

Find命令详解

find命令详解 格式 find pathname -options [ -print -exec -ok ... ] 功能 在磁盘中查找文件,并作相应处理 参数 pathname         所查找的目录,可以是相对/绝对路径 options -print 将结果输出到标准输出 -exec 'command' {} \; 对结果执行该参数所给的shell命令 -ok 与-exec作用相同,不过需要用户确认是否执行命令 -name 按照文件名查找 -perm [+-]mode 按照文件权限查

iftop命令命令详解

iftop命令命令详解 作者:尹正杰 在Linux命令中有很多内置命令,和外置命令,但是内部命令的功能毕竟是有限的,比如ifconfig,它就不能看到网卡流量的 实时发送情况,尽管咱们知道可以用watch命令去查看网卡的发送接收流量的情况,但是还是不够细致,因为它仅仅能看到我们的 接受和发送的总流量,因此,我们今天来介绍一个比较好使的实施查看网络流量信息的软件---iftop,其实他的工作模式和top很像. 废话不多说~让我们直接进入正题吧: 1.想必大家都会在linux命令行上敲击ifconf

linux yum命令详解

yum(全称为 Yellow dog Updater, Modified)是一个在Fedora和RedHat以及SUSE中的Shell前端软件包管理器.基於RPM包管理,能够从指定的服务器自动下载RPM包并且安装,可以自动处理依赖性关系,并且一次安装所有依赖的软体包,无须繁琐地一次次下载.安装.yum提供了查找.安装.删除某一个.一组甚至全部软件包的命令,而且命令简洁而又好记. yum的命令形式一般是如下:yum [options] [command] [package ...]其中的[opti

Linux上命令的使用格式和基础命令详解

一.Linux上命令的使用格式 命令行提示符详解: 用户通过终端的命令行接口来控制操作系统,登陆后如下: [[email protected] ~]# root: 当前登录的用户 @:分隔符 localhost: 当前主机的主机名,非完整格式:此处的完整格式为:localhost.localdomain [[email protected] ~]# hostname localhost.localdomain ~:用户当前所在的目录(current directory),也称为工作目录(work

scp命令详解

先说下常用的情况: 两台机器IP分别为:A.104.238.161.75,B.43.224.34.73. 在A服务器上操作,将B服务器上/home/lk/目录下所有的文件全部复制到本地的/root目录下,命令为:scp -r [email protected]:/home/lk /root. 具体过程为: [[email protected] ~]# scp -r [email protected]43.224.34.73:/home/lk /root [email protected]43.2