Nmap命令
介紹
- 用于列舉網(wǎng)絡(luò)主機(jī)清單炉抒、管理服務(wù)升級調(diào)度盏混、監(jiān)控主機(jī)或服務(wù)運(yùn)行狀況音榜。
- 可以檢查目標(biāo)主機(jī)是否在線庞瘸,端口開放情況、檢測運(yùn)行服務(wù)類型以及版本信息赠叼、偵測操作系統(tǒng)與設(shè)備類型擦囊。
功能
- 主機(jī)發(fā)現(xiàn)
- 端口掃描
- 版本偵測
- 操作系統(tǒng)偵測
- 支持探測腳本的編寫
常見的服務(wù)和端口號
| 服務(wù) |
端口號 |
| http |
80 |
| https |
443 |
| telnet |
23 |
| ftp |
21 |
| ssh |
22 |
| smtp |
25 |
| pop3 |
110 |
| WebLogin |
7001 |
| tomcat |
8080 |
| 服務(wù) |
端口號 |
| WIN2003遠(yuǎn)程登錄 |
3389 |
| Oracle |
1521 |
| MS SQL SERVER |
1443 |
| MYSQL |
3306 |
| redis |
6279 |
?
語法
#nmap 參數(shù) ip地址
選項
| 選項參數(shù) |
說明 |
| -sS |
TCP同步掃描 |
| -sT |
TCP連接掃描 |
| -sn |
不進(jìn)行端口掃描,只檢測主機(jī)是否運(yùn)行 |
| -sU |
掃描UDP端口 |
| -sV |
探測服務(wù)版本信息 |
| -Pn |
值進(jìn)行掃描嘴办,不ping主機(jī) |
| -PS |
使用SYN包對目標(biāo)主機(jī)進(jìn)行掃描 |
| -PU |
使用DUPping掃描端口 |
| -O |
掃描系統(tǒng)的操作系統(tǒng) |
| 選項參數(shù) |
說明 |
| -v |
顯示掃描過程的詳細(xì)信息 |
| -S |
設(shè)置掃描的源IP的地址 |
| -g |
設(shè)置掃描的源端口 |
| -p |
指定要掃描的端口 |
| -n |
不進(jìn)行DNS解析瞬场,加快掃描速度 |
| -exclude |
排除指定主機(jī) |
| -excludefile |
排除指定文件中的主機(jī) |
范例
# nmap localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-01 08:03 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
# nmap -p 10-4000 192.168.13.153
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-01 08:06 EST
Nmap scan report for 192.168.13.153 (192.168.13.153)
Host is up (0.00038s latency).
Not shown: 3986 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
MAC Address: 00:0C:29:31:AF:3F (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.67 seconds
nmap 192.168.13.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-01 08:07 EST
--<skip>
Nmap scan report for 192.168.13.153 (192.168.13.153)
Host is up (0.0022s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
6667/tcp open irc
MAC Address: 00:0C:29:31:AF:3F (VMware)
Nmap scan report for 192.168.13.254 (192.168.13.254)
Host is up (0.000078s latency).
All 1000 scanned ports on 192.168.13.254 (192.168.13.254) are filtered
MAC Address: 00:50:56:EC:83:97 (VMware)
Nmap scan report for 192.168.13.152 (192.168.13.152)
Host is up (0.0000050s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (6 hosts up) scanned in 9.88 seconds
- 探測目標(biāo)主機(jī)的服務(wù)和操作系統(tǒng)
# nmap -O -sV 192.168.13.153
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-01 08:14 EST
Nmap scan report for 192.168.13.153 (192.168.13.153)
Host is up (0.00094s latency).
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
3306/tcp open mysql MySQL (unauthorized)
6667/tcp open irc InspIRCd
MAC Address: 00:0C:29:31:AF:3F (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Hosts: LAZYSYSADMIN, Admin.local; OS: Linux; CPE: cpe:/o:linux:linux_kernel
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.48 seconds
