Nmap工具使用

Nmap是一款网络扫描和主机检测的非常有用的工具。 Nmap是不局限于仅仅收集信息和枚举，同时可以用来作为一个漏洞探测器或安全扫描器。它可以适用于winodws,linux,mac等操作系统。Nmap是一款非常强大的实用工具。

 

官网地址：https://nmap.org

 

一、Nmap安装

 

1：下载安装包，解压

[root@host1 ]# wget http://nmap.org/dist/nmap-7.01.tar.bz2
[root@host1 ]# tar -xvf nmap-7.01.tar.bz2 

2：开始编译安装

[root@host1 ]# cd nmap-7.01
[root@host1 nmap-7.01]# ./configure
checking lua5.2/lua.h presence... no
checking for lua5.2/lua.h... no
checking for lua version >= 502... checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
no
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
            .       .
            \`-"'"-'/
             } 6 6 {
            ==. Y ,==
              /^^^  .
             /       )  Ncat: A modern interpretation of classic Netcat
            (  )-(  )/
            -""---""---   /
           /   Ncat    \_/
          (     ____
           \_.=|____E
Configuration complete.
   (  )   /   _                 (
     |  (   ( .(               )                      _____
       `  `   )              (  ___                 / _   
 (_`    +   . x  ( .            /   \____-----------/ (o)   \_
- .-               +  ;          (  O                           \____
(__                +- .( -'.- <.   \_____________  `                /
(_____            ._._: <_ - <- _- _  VVVVVVV VV V                /
  .    /./.+-  . .- /  +--  - .    (--_AAAAAAA__A_/                |
  (__ ' /x  / x _/ (                \______________//_              \_______
 , x / ( '  . / .  /                                  \___'               /
    /  /  _/ /    +                                       |              /
   '  (__/                                               /              /
                                                       /                  
  NMAP IS A POWERFUL TOOL -- USE CAREFULLY AND RESPONSIBLY
Configured with: ndiff zenmap nping lua ncat
Configured without: localdirs openssl nmap-update
Type make (or gmake on some *BSD machines) to compile.
WARNING: You are compiling without OpenSSL

[root@host1 nmap-7.01]#  make && make install
/usr/bin/install -c -c -m 644 docs/ncat.1 /usr/local/share/man/man1/ncat.1
make[1]: 离开目录“/data/nmap-7.01/ncat”
cd ndiff && /usr/bin/python2 setup.py install --prefix "/usr/local" 
running install
running build
running build_py
running build_scripts
running install_lib
copying build/lib/ndiff.py -> /usr/local/lib/python2.7/site-packages
byte-compiling /usr/local/lib/python2.7/site-packages/ndiff.py to ndiff.pyc
running install_scripts
copying build/scripts-2.7/ndiff -> /usr/local/bin
changing mode of /usr/local/bin/ndiff to 755
running install_data
copying docs/ndiff.1 -> /usr/local/share/man/man1
running install_egg_info
make[1]: 进入目录“/data/nmap-7.01/nping”
/usr/bin/install -c -d /usr/local/bin /usr/local/share/man/man1
/usr/bin/install -c -c -m 755 nping /usr/local/bin/nping
/usr/bin/strip -x /usr/local/bin/nping
/usr/bin/install -c -c -m 644 docs/nping.1 /usr/local/share/man/man1/
NPING SUCCESSFULLY INSTALLED
make[1]: 离开目录“/data/nmap-7.01/nping”
NMAP SUCCESSFULLY INSTALLED

3：检验是否安装成功

[root@host1 ~]# nmap -v

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:46 CST
Read data files from: /usr/local/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.03 seconds
           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

 

 

二、Nmap端口扫描使用

 

命令详解

nmap -sS -P0 -sV -O <target>

这里的 < target > 可以是单一 IP, 或主机名，或域名，或子网

-sS TCP SYN 扫描 (又称半开放,或隐身扫描)

-P0 允许你关闭 ICMP pings.

-sV 打开系统版本检测

-O 尝试识别远程操作系统

其它选项:

-A 同时打开操作系统指纹和版本检测

-v 详细输出扫描情况

 

1：扫描单个主机地址

[root@host1 ~]# nmap 192.168.1.101

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:48 CST
Nmap scan report for 192.168.1.101
Host is up (0.000012s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

2：扫描一个子网内主机

[root@host1 ~]# nmap 192.168.1.1/24

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST
Nmap scan report for 192.168.1.1
Host is up (0.00088s latency).
Not shown: 941 filtered ports, 56 closed ports
PORT    STATE SERVICE
23/tcp  open  telnet
80/tcp  open  http
443/tcp open  https
MAC Address: DC:DA:80:83:C2:A6 (Unknown)

Nmap scan report for 192.168.1.2
Host is up (0.00080s latency).
Not shown: 992 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49157/tcp open  unknown
MAC Address: F0:DE:F1:A5:64:10 (Wistron InfoComm (Kunshan)Co)

Nmap scan report for 192.168.1.3
Host is up (0.00086s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 04:D9:F5:20:11:36 (Unknown)

Nmap scan report for 192.168.1.5
Host is up (0.0040s latency).
All 1000 scanned ports on 192.168.1.5 are filtered
MAC Address: 04:D9:F5:20:10:83 (Unknown)

Nmap scan report for 192.168.1.8
Host is up (0.0018s latency).
Not shown: 999 filtered ports
PORT     STATE SERVICE
1080/tcp open  socks
MAC Address: 04:D4:C4:1F:F8:3A (Unknown)

Nmap scan report for 192.168.1.9
Host is up (0.0038s latency).
All 1000 scanned ports on 192.168.1.9 are filtered
MAC Address: A8:5E:45:D0:D1:94 (Unknown)

Nmap scan report for 192.168.1.10
Host is up (0.00075s latency).
Not shown: 996 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
10010/tcp open  rxapi
MAC Address: B4:2E:99:8F:7A:42 (Unknown)

Nmap scan report for 192.168.1.11
Host is up (0.00034s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
5357/tcp open  wsdapi
MAC Address: 10:E7:C6:E0:ED:CB (Unknown)

Nmap scan report for 192.168.1.15
Host is up (0.0018s latency).
Not shown: 998 filtered ports
PORT     STATE SERVICE
5357/tcp open  wsdapi
8002/tcp open  teradataordbms
MAC Address: 18:C0:4D:27:3E:5A (Unknown)

Nmap scan report for 192.168.1.16
Host is up (0.0017s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
88/tcp  open  kerberos-sec
445/tcp open  microsoft-ds
631/tcp open  ipp
MAC Address: 68:FE:F7:09:EC:B7 (Unknown)

Nmap scan report for 192.168.1.17
Host is up (0.0022s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
5357/tcp open  wsdapi
MAC Address: 00:E0:4C:36:03:5A (Realtek Semiconductor)

Nmap scan report for 192.168.1.108
Host is up (0.0052s latency).
Not shown: 999 filtered ports
PORT     STATE SERVICE
5357/tcp open  wsdapi
MAC Address: 80:FA:5B:48:7A:E9 (Clevo)

Nmap scan report for 192.168.1.101
Host is up (0.0000090s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
8080/tcp open  http-proxy

Nmap done: 256 IP addresses (13 hosts up) scanned in 916.18 seconds

3：扫描某个范围主机

[root@host1 ~]# nmap 192.168.1.1-100

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST

4：扫描多个主机地址

[root@host1 ~]# nmap 192.168.1.100  192.168.1.101

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:48 CST

5：ping扫描存活IP主机

[root@host1 ~]# nmap -sP 192.168.1.0/24

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST

6：指定扫描端口

[root@host1 ~]# nmap -p80,443,1433 192.168.1.1

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST

7：常用扫描命令

[root@host1 ~]#  nmap -sV -Pn 192.168.1.1 -v -n

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST