• 10.21 nmap:网络探测工具和安全/端口扫描器


    nmap命令

      是一款开放源代码的网络探测和安全审核工具,是Network Mapper的缩写。其设计目标是快速地扫描大型网络。nmap可以发现网络上有哪些主机,主机提供了什么服务(应用程序名称和版本号),并探测操作系统的类型及版本信息。
    如果系统没有nmap命令,则可以使用下面的命令来安装:
     
      nmap [Scan Type] [option] (target specification) 
     
    扫描目标可以为IP地址、子网地址等,如192.168.1.2或10.0.0.0/24。
     
     

    nmap命令的参数选项及说明

     
    -sS    TCP同步扫描(TCP SYN)
    -ST    TCP连接扫描
    -sn    不进行端口扫描,只检查主机正在运行。该选项与老版本的-sP相同
    -sU    扫描UDP端口
    -sV    探测服务版本信息
    -Pn    只进行扫描,不ping主机
    -PS    使用SYN包对目标主机进行扫描。默认是80端口,也可以指定端口,格式为-PS22或-PS22-25,80,113,1050,35000,记住PS和端口号之间不要有空格
    -PU    使用udp ping扫描端口
    -O     激活对TCP/IP指纹特征(fingerprinting)的扫描,获得远程主机的标志,也就是操作系统类型
    -V     显示扫描过程中的详细信息*
    -S<IP>          设置扫描的源IP地址
    -g port         设置扫描的源端口
    -oN             把扫描的结果重定向到文件中
    -iL filename    从文件中读取扫描的目标
    -p<端口>        指定要扫描的端口,可以是一个单独的端口,也可以用逗号分隔开多个端口,或者使用“-”表示端口范围
    -n              不进行DNS解析,加快扫描速度
    -exclude        排除指定主机
    -excludefile    排除指定文件中的主机
     
     

    查看主机当前开放的端口

    [root@cs6 ~]# nmap 10.0.0.100
     
    Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 16:49 CST
    Nmap scan report for 10.0.0.100
    Host is up (0.0000040s latency).
    Not shown: 998 closed ports
    PORT   STATE SERVICE
    22/tcp open  ssh
    80/tcp open  http
     
    Nmap done: 1 IP address (1 host up) scanned in 6.83 seconds

    扫描主机的指定端口

    [root@cs6 ~]# nmap -p 1024-65535 10.0.0.100
     
    Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:01 CST
    Nmap scan report for 10.0.0.100
    Host is up (0.0000040s latency).
    All 64512 scanned ports on 10.0.0.100 are closed
     
    Nmap done: 1 IP address (1 host up) scanned in 7.18 seconds

    扫描局域网内所有的IP

    [root@cs6 ~]# nmap 10.0.0.0/24
     
    Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:02 CST
    Nmap scan report for 10.0.0.1
    Host is up (0.00023s latency).
    Not shown: 999 filtered ports
    PORT     STATE SERVICE
    3306/tcp open  mysql
    MAC Address: 00:50:56:C0:00:08 (VMware)
     
    Nmap scan report for 10.0.0.2
    Host is up (0.00013s latency).
    Not shown: 999 closed ports
    PORT   STATE    SERVICE
    53/tcp filtered domain
    MAC Address: 00:50:56:F4:FB:52 (VMware)
     
    Nmap scan report for 10.0.0.100
    Host is up (0.0000040s latency).
    Not shown: 998 closed ports
    PORT   STATE SERVICE
    22/tcp open  ssh
    80/tcp open  http
     
    Nmap done: 256 IP addresses (3 hosts up) scanned in 25.94 seconds
    [root@cs6 ~]# nmap -sn 10.0.0.0/24 #<==使用-sn选项不扫描端口。
     
    Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:03 CST
    Nmap scan report for 10.0.0.1
    Host is up (0.000089s latency).
    MAC Address: 00:50:56:C0:00:08 (VMware)
    Nmap scan report for 10.0.0.2
    Host is up (0.00013s latency).
    MAC Address: 00:50:56:F4:FB:52 (VMware)
    Nmap scan report for 10.0.0.100
    Host is up.
    Nmap done: 256 IP addresses (3 hosts up) scanned in 21.05 seconds
     
     
    [root@cs6 ~]# nmap -sn 10.0.0.1-10 #<=可以使用这种地进范围进行扫描。
    Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:04 CST
    Nmap scan report for 10.0.0.1
    Host is up (0.000034s latency).
    MAC Address: 00:50:56:C0:00:08 (VMware)
    Nmap scan report for 10.0.0.2
    Host is up (0.00015s latency).
    MAC Address: 00:50:56:F4:FB:52 (VMware)
    Nmap done: 10 IP addresses (2 hosts up) scanned in 6.77 seconds

    探测目标主机的服务和操作系统的版本

    [root@cs6 ~]# nmap -O -sV 10.0.0.100
     
    Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:05 CST
    Nmap scan report for 10.0.0.100
    Host is up (0.000090s latency).
    Not shown: 998 closed ports
    PORT   STATE SERVICE VERSION
    22/tcp open  ssh     OpenSSH 5.3 (protocol 2.0)
    80/tcp open  http?
    1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
    SF-Port80-TCP:V=5.51%I=7%D=5/7%Time=5CD14A57%P=x86_64-redhat-linux-gnu%r(N
    SF:ULL,1D,"Ix20lovex20linuxx20www.wenyule.top
    ");
    No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
    TCP/IP fingerprint:
    OS:SCAN(V=5.51%D=5/7%OT=22%CT=1%CU=35109%PV=Y%DS=0%DC=L%G=Y%TM=5CD14A63%P=x
    OS:86_64-redhat-linux-gnu)SEQ(SP=106%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)OPS(
    OS:O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD
    OS:7ST11NW7%O6=MFFD7ST11)WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFC
    OS:B)ECN(R=Y%DF=Y%T=40%W=FFD7%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=
    OS:S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q
    OS:=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A
    OS:%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y
    OS:%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T
    OS:=40%CD=S)
    #<= -O 显示系统版本,但是nmap命令是根据探测的TCP/IP指纹与自己的指纹库进行对比的。如果不在指纹库之内的系统就会无法识别。
    Network Distance: 0 hops
     
    OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 18.61 seconds

         上面的输出信息中不仅包含了端口号,而且还包括了服务的版本号。在网络安全性要求较高的主机上,最好能够屏蔽服务版本号,以防止黑客利用特定版本的服务漏洞进行攻击。

     
     
     
  • 相关阅读:
    C++ Boost Thread 编程指南
    boost的Any库学习
    人生规划,关注未来,才能持续发展
    察言观色—看穿他人心理的6种方法
    MS SQL Server 2008发布与订阅
    WebService代理类中对枚举类型的序列化
    Winform注册和注销全局快捷键
    sql server中如何为数据表添加表的描述MS_Description
    如何修改SQL Server 2008数据库服务器名称
    IIS 上发布网站后编译器错误信息: CS0016: 解决办法
  • 原文地址:https://www.cnblogs.com/wenyule/p/12214081.html
Copyright © 2020-2023  润新知