??Nmap(Network Mapper)是一款安全開(kāi)源的掃描工具≈T可以用于掃描目標(biāo)網(wǎng)絡(luò)或主機(jī)所有的開(kāi)放端口唉韭,也可以探測(cè)遠(yuǎn)程主機(jī)的操作系統(tǒng)類(lèi)型。Nmap支持很多掃描技術(shù)犯犁,是樓主所知功能最強(qiáng)大的掃描工具属愤,沒(méi)有之一,雖然樓主平時(shí)僅僅用來(lái)掃描端口而已酸役。Linux 和 Windows 都可以安裝使用住诸。
安裝
yum install nmap -y
命令格式
nmap [掃描類(lèi)型] [通用選項(xiàng)] [掃描目標(biāo)]
常用參數(shù)說(shuō)明
-sT #是最基本的TCP掃描方式。很容易被檢測(cè)到涣澡,會(huì)在目標(biāo)主機(jī)的日志中記錄大批的連接請(qǐng)求以及錯(cuò)誤信息贱呐。
-sS #TCP同步掃描(TCP SYN),因?yàn)椴槐厝看蜷_(kāi)一個(gè)TCP連接入桂,所以這項(xiàng)技術(shù)通常稱(chēng)為半開(kāi)掃描(half-open)奄薇。這項(xiàng)技術(shù)最大的好處是,很少有系統(tǒng)能夠把這記入系統(tǒng)日志抗愁。
-sU #使用此選項(xiàng)獲取某臺(tái)主機(jī)上提供哪些UDP(用戶(hù)數(shù)據(jù)報(bào)協(xié)議,RFC768)服務(wù)馁蒂。
-O #獲得遠(yuǎn)程主機(jī)的操作系統(tǒng)類(lèi)型。
-v #顯示掃描過(guò)程中的詳細(xì)信息蜘腌。
-p #待掃描的端口號(hào)范圍沫屡。
** 注: **
1. 詳見(jiàn) http://nmap.org
2. 端口取值范圍是0 - 65535(即2的16次方),其中0 - 1024 是系統(tǒng)保留
使用示例及說(shuō)明
# nmap 127.0.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2017-07-18 13:39 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
80/tcp open http
3306/tcp open mysql
8088/tcp open radan-http
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
# nmap -p0-65535 127.0.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2017-07-18 13:42 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Not shown: 65526 closed ports
PORT STATE SERVICE
80/tcp open http
3306/tcp open mysql
6379/tcp open unknown
8088/tcp open radan-http
8125/tcp open unknown
9053/tcp open unknown
9056/tcp open unknown
19999/tcp open unknown
21111/tcp open unknown
39880/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.83 seconds
# nmap -sS -O 180.00.00.xxx
Starting Nmap 6.40 ( http://nmap.org ) at 2017-07-18 13:42 CST
Nmap scan report for 180.00.00.xxx
Host is up (0.025s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: switch
Running (JUST GUESSING): HP embedded (86%)
OS CPE: cpe:/h:hp:procurve_switch_4000m
Aggressive OS guesses: HP 4000M ProCurve switch (J4121A) (86%)
No exact OS matches for host (test conditions non-ideal).
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.45 seconds
# nmap -sS -O -v 180.00.00.xxx
Starting Nmap 6.40 ( http://nmap.org ) at 2017-07-18 13:49 CST
Initiating Ping Scan at 13:49
Scanning 180.00.00.xxx [4 ports]
Completed Ping Scan at 13:49, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:49
Completed Parallel DNS resolution of 1 host. at 13:49, 0.03s elapsed
Initiating SYN Stealth Scan at 13:49
Scanning 180.00.00.xxx [1000 ports]
Discovered open port 443/tcp on 180.00.00.xxx
Discovered open port 80/tcp on 180.00.00.xxx
Completed SYN Stealth Scan at 13:49, 4.58s elapsed (1000 total ports)
Initiating OS detection (try #1) against 180.00.00.xxx
Retrying OS detection (try #2) against 180.00.00.xxx
Nmap scan report for 180.00.00.xxx
Host is up (0.024s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: switch
Running (JUST GUESSING): HP embedded (86%)
OS CPE: cpe:/h:hp:procurve_switch_4000m
Aggressive OS guesses: HP 4000M ProCurve switch (J4121A) (86%)
No exact OS matches for host (test conditions non-ideal).
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: Randomized
Read data files from: /usr/bin/../share/nmap
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.01 seconds
Raw packets sent: 2078 (95.116KB) | Rcvd: 23 (1.680KB)
** 編譯安裝: **
# wget http://nmap.org/dist/nmap-7.01.tar.bz2
# tar -xvf nmap-x.x.x. tar.bz2
# cd nmap-x.x.x
# ./configure --prefix=/usr/local/nmap
# make && make install