• nmap基本使用方法


    原文:https://www.jianshu.com/p/874405b0a6ae
    1、nmap简单扫描
    nmap默认发送一个ARP的PING数据包,来探测目标主机1-10000范围内所开放的所有端口
    命令语法: 
    nmap <target ip address>
    其中:target ip address是扫描的目标主机的ip地址
    例子:nmap 173.22.90.10
    [root@docker-node4 ~]# nmap 173.22.90.10
    PORT    STATE SERVICE
    22/tcp  open  ssh 
    80/tcp  open  http
    111/tcp open  rpcbind
    扫描出开放的端口
    2、nmap简单扫描,并对结果返回详细的描述输出
    命令语法:namp -vv <target ip address>
    介绍:-vv参数设置对结果的详细输出
    例子:nmap -vv    173.22.90.10
    效果如下:
    [root@docker-node4 ~]# nmap -vv 173.22.90.10
    Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 04:48 CST
    Initiating ARP Ping Scan at 04:48
    Scanning 173.22.90.10 [1 port]
    Completed ARP Ping Scan at 04:48, 0.01s elapsed (1 total hosts)
    Initiating Parallel DNS resolution of 1 host. at 04:48
    Completed Parallel DNS resolution of 1 host. at 04:48, 6.53s elapsed
    Initiating SYN Stealth Scan at 04:48
    Scanning 173-22-90-10.client.mchsi.com (173.22.90.10) [1000 ports]
    Discovered open port 111/tcp on 173.22.90.10
    Discovered open port 80/tcp on 173.22.90.10
    Discovered open port 22/tcp on 173.22.90.10
    3、nmap自定义扫描
    命令语法:nmap -p(range) <target IP>
    介绍:(range)为要扫描的端口范围,端口大小不能超过65535
    例子:扫描目标主机的20-120号端口
     nmap -p20-120 173.22.90.10
    

      

    4、nmap 指定端口扫描
    命令语法:nmap -p(port1,port2,…) <target IP>
    介绍:port1,port2…为想要扫描的端口号
    例子:扫描目标主机的80,22端口
    [root@docker-node4 ~]# nmap -p22,80 173.22.90.10
    Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 04:57 CST
    Nmap scan report for 173-22-90-10.client.mchsi.com (173.22.90.10)
    Host is up (0.00032s latency).
    PORT   STATE SERVICE
    22/tcp open  ssh
    80/tcp open  http
    MAC Address: 00:0C:29:CF:A7:30 (VMware)
    5、nmap ping 扫描
    nmap可以利用类似windows/linux系统下的ping 方式进行扫描
    命令语法: nmap -sP <target ip>
    例子:nmap sP 10.1.112.89
    [root@docker-node4 ~]# nmap -sP 173.22.90.10  扫描存活的主机,这个机器存活
    Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:00 CST
    Nmap scan report for 173-22-90-10.client.mchsi.com (173.22.90.10)
    Host is up (0.00048s latency).
    MAC Address: 00:0C:29:CF:A7:30 (VMware)
    Nmap done: 1 IP address (1 host up) scanned in 6.77 seconds
    
    [root@docker-node4 ~]# nmap -sP 173.22.90.16  
    Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:00 CST
    Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
    Nmap done: 1 IP address (0 hosts up) scanned in 0.43 seconds
    这个就是显示不是存活状态的主机,没有ping成功  
    6、nmap 路由跟踪
    路由器追踪功能,能够帮助网络管理员了解网络通行情况,同时也是网络管理人员很好的辅助工具,通过路由器追踪可以轻松的查处从我们电脑所在地到目的地之间所经常的网络节点,并可以看到通过各个结点所花费的时间
    命令语法: 
    nmap –traceroute <target IP>
    例子:namp –traceroute 8.8.8.8(geogle dns服务器ip)
    [root@docker-node4 ~]# nmap --traceroute 8.8.8.8
    Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:04 CST
    Nmap scan report for dns.google (8.8.8.8)
    Host is up (0.045s latency).
    Not shown: 999 filtered ports
    PORT   STATE SERVICE
    53/tcp open  domain
    TRACEROUTE (using port 53/tcp)
    HOP RTT      ADDRESS
    1   2.77 ms  192.168.1.1
    2   5.63 ms  113.45.32.1
    3   6.26 ms  124.205.97.50
    4   6.31 ms  124.205.97.50
    5   6.41 ms  218.241.165.41
    6   8.75 ms  124.205.98.41
    7   6.52 ms  202.99.1.173
    8   6.58 ms  218.241.244.98  
    7、nmap设置扫描一个网段下的ip
    命令语法: 
    nmap -sP <network address> </CIDR>
    介绍:CIDR为设置的子网掩码(/24,/16,/8等)
    例子:nmap -sP 10.1.1.0 /24
    [root@docker-node4 ~]# nmap -sP 192.168.1.1 /24
    Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:11 CST
    Failed to resolve "".
    Nmap scan report for 192.168.1.1
    Host is up (0.0061s latency).
    MAC Address: B0:95:8E:5F:98:85 (Unknown)
    Nmap done: 1 IP address (1 host up) scanned in 13.04 seconds  
    8、nmap 操作系统类型的探测
    命令语法: 
    nmap -0 <target IP>
    例子:nmap -O(大写的o) 10.1.112.89
    效果: 
    [root@docker-node4 ~]#  nmap -O 192.168.1.103
    Running (JUST GUESSING): AVtech embedded (87%), FreeBSD 6.X (86%), Microsoft Windows XP (85%)
    扫描出是windows的系统
    不过不准确我的这个是windows10的系统  
    9、nmap万能开关
    包含了1-10000端口ping扫描,操作系统扫描,脚本扫描,路由跟踪,服务探测
    命令语法: 
    nmap -A <target ip>
    例子:nmap -A 10.1.112.89
    [root@docker-node4 ~]#  nmap -A 192.168.1.105
    Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:23 CST
    Stats: 0:01:09 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
    SYN Stealth Scan Timing: About 86.40% done; ETC: 05:24 (0:00:09 remaining)
    Nmap scan report for 192.168.1.105
    Host is up (0.064s latency).
    All 1000 scanned ports on 192.168.1.105 are filtered
    MAC Address: F4:D1:08:BE:1C:CA (Unknown)
    Too many fingerprints match this host to give specific OS details
    Network Distance: 1 hop
    TRACEROUTE
    HOP RTT      ADDRESS
    1   63.61 ms 192.168.1.105
    OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 82.40 seconds  
    10、nmap命令混合式扫描
    可以做到类似参数-A所完成的功能,但又能细化我们的需求要求
    命令语法: 
    nmap -vv -p1-100 -O <target ip>
    例子: 
    nmap -vv -p1-100 -O 10.1.112.89
    [root@docker-node4 ~]#  nmap -vv -p1-100 -o 173.22.90.10
    PORT   STATE SERVICE
    22/tcp open  ssh
    80/tcp open  http
    MAC Address: 00:0C:29:CF:A7:30 (VMware)
    No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
    TCP/IP fingerprint:
    OS:SCAN(V=6.40%E=4%D=8/18%OT=22%CT=1%CU=39398%PV=N%DS=1%DC=D%G=Y%M=000C29%T
    OS:M=5D58714F%P=x86_64-redhat-linux-gnu)SEQ(SP=107%GCD=1%ISR=10D%TI=Z%TS=A)
    

      

  • 相关阅读:
    竞赛图和哈密顿回路
    Hall 定理
    Vim 和 Gdb 学习笔记
    AT4996 [AGC034F] RNG and XOR(FWT)
    UOJ310 黎明前的巧克力(fwt)
    AT5202 [AGC038E] Gachapon(min-max)
    AT2289 [ARC067D] Yakiniku Restaurants(水题)
    拉格朗日插值
    [CSP-SJX2019]散步(模拟)
    Leetcode547 朋友圈 图的DFS与unionFind算法
  • 原文地址:https://www.cnblogs.com/airoot/p/13571449.html
Copyright © 2020-2023  润新知