• nmap常用参数详解

                              nmap常用参数详解

                                                      作者:尹正杰

    版权声明:原创作品,谢绝转载!否则将追究法律责任。

       借用英雄联盟的一个英雄赵信的一句话:“即使敌众我寡,末将亦能万军丛中取敌将首级!”。三国关羽,万军丛中斩了颜良,枭首而还。我打一个比方啊,如果攻击一台服务器,做为一名优秀的黑客是拿着菜刀去把服务器的电源线切断就叫攻击服务器吗?很显然并不是。先说明,黑一个商业站点不是一两个软件就可以保证成功的,也不是一天两天的“黑客”技术学习就可以做到的。如果以上两点都不成,不要讲“黑”了。有钱的话请人来黑吧。

      告诉你三点入侵前要做到的事情。如果你都可以完成,再谈具体的吧:

          1>.取得对方IP,获取对方OS类型,所打过的安全补丁,以及运行的服务程序;
          2>.针对上面的情况,扫描其漏洞;
          3>.分析所得到的情报,找出可以利用的漏洞,再进行入侵;
      总之,想黑人家的服务器,得具有比对方的网管更加利害的网络技术及应对复杂情况的能力。否则,是黑不到人的哟~
      今天我要给大家推荐一款很牛逼的软件,即Nmap。我推荐这个软件的目的是为了工作的方便,而不是为了让你去一些坏事情。所谓道高一尺魔高一丈,你如果能够战胜自己的心魔就会做一些正义的事情!所以,我们不能怪一些软件功能太逆天了,而是取决于使用该软件的人。
     
    一.什么是Nmap
      Nmap是一款网络扫描和主机检测的非常有用的工具。Nmap是不局限于仅仅收集信息和枚举,同时可以用来作为一个漏洞探测器或安全扫描器。它可以适用于winodws,linux,mac等操作系统。本篇博客针对linux操作系统进行解说。
     
    二.安装Nmap
    [root@yinzhengjie ~]# yum -y install nmap
     
    三.Nmap的常用姿势
    1.扫描单一的一个主机
     1 #!/bin/bash
 2 #@author :yinzhengjie
 3 #Blog:http://www.cnblogs.com/yinzhengjie
 4 #EMAIL:y1053419035@qq.com
 5 
 6 [root@yinzhengjie ~]# nmap 172.16.96.133
 7 
 8 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 12:16 CST
 9 Nmap scan report for bogon (172.16.96.133)
10 Host is up (0.00060s latency).
11 Not shown: 997 closed ports
12 PORT     STATE SERVICE
13 22/tcp   open  ssh
14 80/tcp   open  http
15 3306/tcp open  mysql
16 
17 Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
18 [root@yinzhengjie ~]#
    2.扫描整个子网
      1 [root@yinzhengjie ~]# nmap 172.16.96.1/24
  2 
  3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:12 CST
  4 Nmap scan report for bogon (172.16.96.1)
  5 Host is up (0.00073s latency).
  6 Not shown: 997 closed ports
  7 PORT     STATE SERVICE
  8 22/tcp   open  ssh
  9 53/tcp   open  domain
 10 3306/tcp open  mysql
 11 
 12 Nmap scan report for bogon (172.16.96.40)
 13 Host is up (0.0014s latency).
 14 Not shown: 999 filtered ports
 15 PORT   STATE SERVICE
 16 22/tcp open  ssh
 17 
 18 Nmap scan report for bogon (172.16.96.53)
 19 Host is up (0.00085s latency).
 20 Not shown: 964 filtered ports, 32 closed ports
 21 PORT     STATE SERVICE
 22 21/tcp   open  ftp
 23 80/tcp   open  http
 24 888/tcp  open  accessbuilder
 25 8888/tcp open  sun-answerbook
 26 
 27 Nmap scan report for bogon (172.16.96.60)
 28 Host is up (0.00092s latency).
 29 Not shown: 988 closed ports
 30 PORT      STATE SERVICE
 31 135/tcp   open  msrpc
 32 139/tcp   open  netbios-ssn
 33 445/tcp   open  microsoft-ds
 34 1521/tcp  open  oracle
 35 3389/tcp  open  ms-term-serv
 36 49152/tcp open  unknown
 37 49153/tcp open  unknown
 38 49154/tcp open  unknown
 39 49156/tcp open  unknown
 40 49158/tcp open  unknown
 41 49160/tcp open  unknown
 42 49161/tcp open  unknown
 43 
 44 Nmap scan report for bogon (172.16.96.61)
 45 Host is up (0.00079s latency).
 46 Not shown: 988 closed ports
 47 PORT      STATE SERVICE
 48 135/tcp   open  msrpc
 49 139/tcp   open  netbios-ssn
 50 445/tcp   open  microsoft-ds
 51 3389/tcp  open  ms-term-serv
 52 8009/tcp  open  ajp13
 53 8080/tcp  open  http-proxy
 54 49152/tcp open  unknown
 55 49153/tcp open  unknown
 56 49154/tcp open  unknown
 57 49155/tcp open  unknown
 58 49156/tcp open  unknown
 59 49159/tcp open  unknown
 60 
 61 Nmap scan report for bogon (172.16.96.80)
 62 Host is up (0.0012s latency).
 63 Not shown: 999 filtered ports
 64 PORT   STATE SERVICE
 65 22/tcp open  ssh
 66 
 67 Nmap scan report for bogon (172.16.96.90)
 68 Host is up (0.0013s latency).
 69 Not shown: 994 filtered ports
 70 PORT     STATE  SERVICE
 71 22/tcp   open   ssh
 72 80/tcp   open   http
 73 1720/tcp closed H.323/Q.931
 74 8080/tcp closed http-proxy
 75 9943/tcp open   unknown
 76 9944/tcp open   unknown
 77 
 78 Nmap scan report for bogon (172.16.96.91)
 79 Host is up (0.00095s latency).
 80 Not shown: 997 filtered ports
 81 PORT     STATE  SERVICE
 82 22/tcp   open   ssh
 83 80/tcp   open   http
 84 8080/tcp closed http-proxy
 85 
 86 Nmap scan report for bogon (172.16.96.100)
 87 Host is up (0.0016s latency).
 88 Not shown: 995 filtered ports
 89 PORT     STATE SERVICE
 90 22/tcp   open  ssh
 91 80/tcp   open  http
 92 443/tcp  open  https
 93 5988/tcp open  wbem-http
 94 5989/tcp open  wbem-https
 95 
 96 Nmap scan report for bogon (172.16.96.116)
 97 Host is up (0.0012s latency).
 98 Not shown: 985 closed ports
 99 PORT      STATE SERVICE
100 80/tcp    open  http
101 135/tcp   open  msrpc
102 139/tcp   open  netbios-ssn
103 443/tcp   open  https
104 445/tcp   open  microsoft-ds
105 593/tcp   open  http-rpc-epmap
106 3389/tcp  open  ms-term-serv
107 49152/tcp open  unknown
108 49153/tcp open  unknown
109 49154/tcp open  unknown
110 49155/tcp open  unknown
111 49156/tcp open  unknown
112 49157/tcp open  unknown
113 49159/tcp open  unknown
114 49160/tcp open  unknown
115 
116 Nmap scan report for bogon (172.16.96.117)
117 Host is up (0.00097s latency).
118 Not shown: 984 closed ports
119 PORT      STATE SERVICE
120 80/tcp    open  http
121 135/tcp   open  msrpc
122 139/tcp   open  netbios-ssn
123 443/tcp   open  https
124 445/tcp   open  microsoft-ds
125 1433/tcp  open  ms-sql-s
126 3389/tcp  open  ms-term-serv
127 49152/tcp open  unknown
128 49153/tcp open  unknown
129 49154/tcp open  unknown
130 49155/tcp open  unknown
131 49156/tcp open  unknown
132 49157/tcp open  unknown
133 49999/tcp open  unknown
134 50000/tcp open  ibm-db2
135 50002/tcp open  iiimsf
136 
137 Nmap scan report for bogon (172.16.96.119)
138 Host is up (0.00070s latency).
139 Not shown: 991 closed ports
140 PORT     STATE SERVICE
141 22/tcp   open  ssh
142 80/tcp   open  http
143 111/tcp  open  rpcbind
144 389/tcp  open  ldap
145 443/tcp  open  https
146 636/tcp  open  ldapssl
147 3306/tcp open  mysql
148 8009/tcp open  ajp13
149 8080/tcp open  http-proxy
150 
151 Nmap scan report for bogon (172.16.96.121)
152 Host is up (0.00099s latency).
153 Not shown: 995 closed ports
154 PORT     STATE SERVICE
155 21/tcp   open  ftp
156 135/tcp  open  msrpc
157 139/tcp  open  netbios-ssn
158 1025/tcp open  NFS-or-IIS
159 1433/tcp open  ms-sql-s
160 
161 Nmap scan report for bogon (172.16.96.124)
162 Host is up (0.0017s latency).
163 Not shown: 996 closed ports
164 PORT     STATE SERVICE
165 22/tcp   open  ssh
166 111/tcp  open  rpcbind
167 8009/tcp open  ajp13
168 8080/tcp open  http-proxy
169 
170 Nmap scan report for bogon (172.16.96.125)
171 Host is up (0.00084s latency).
172 Not shown: 996 closed ports
173 PORT     STATE SERVICE
174 22/tcp   open  ssh
175 111/tcp  open  rpcbind
176 8009/tcp open  ajp13
177 8080/tcp open  http-proxy
178 
179 Nmap scan report for bogon (172.16.96.126)
180 Host is up (0.0014s latency).
181 Not shown: 998 closed ports
182 PORT    STATE SERVICE
183 22/tcp  open  ssh
184 111/tcp open  rpcbind
185 
186 Nmap scan report for bogon (172.16.96.127)
187 Host is up (0.0011s latency).
188 Not shown: 995 closed ports
189 PORT     STATE SERVICE
190 22/tcp   open  ssh
191 80/tcp   open  http
192 111/tcp  open  rpcbind
193 8009/tcp open  ajp13
194 8080/tcp open  http-proxy
195 
196 Nmap scan report for bogon (172.16.96.128)
197 Host is up (0.00092s latency).
198 Not shown: 998 closed ports
199 PORT    STATE SERVICE
200 22/tcp  open  ssh
201 111/tcp open  rpcbind
202 
203 Nmap scan report for bogon (172.16.96.129)
204 Host is up (0.00092s latency).
205 Not shown: 996 closed ports
206 PORT     STATE SERVICE
207 22/tcp   open  ssh
208 111/tcp  open  rpcbind
209 8009/tcp open  ajp13
210 8080/tcp open  http-proxy
211 
212 Nmap scan report for bogon (172.16.96.130)
213 Host is up (0.0016s latency).
214 Not shown: 993 closed ports
215 PORT     STATE SERVICE
216 135/tcp  open  msrpc
217 139/tcp  open  netbios-ssn
218 445/tcp  open  microsoft-ds
219 912/tcp  open  apex-mesh
220 1026/tcp open  LSA-or-nterm
221 1044/tcp open  dcutility
222 3389/tcp open  ms-term-serv
223 
224 Nmap scan report for bogon (172.16.96.131)
225 Host is up (0.0013s latency).
226 Not shown: 995 closed ports
227 PORT     STATE SERVICE
228 22/tcp   open  ssh
229 111/tcp  open  rpcbind
230 8009/tcp open  ajp13
231 8080/tcp open  http-proxy
232 8180/tcp open  unknown
233 
234 Nmap scan report for bogon (172.16.96.133)
235 Host is up (0.0011s latency).
236 Not shown: 997 closed ports
237 PORT     STATE SERVICE
238 22/tcp   open  ssh
239 80/tcp   open  http
240 3306/tcp open  mysql
241 
242 Nmap scan report for bogon (172.16.96.135)
243 Host is up (0.00082s latency).
244 Not shown: 997 closed ports
245 PORT    STATE SERVICE
246 22/tcp  open  ssh
247 80/tcp  open  http
248 111/tcp open  rpcbind
249 
250 Nmap scan report for bogon (172.16.96.136)
251 Host is up (0.00090s latency).
252 Not shown: 995 closed ports
253 PORT     STATE SERVICE
254 22/tcp   open  ssh
255 80/tcp   open  http
256 111/tcp  open  rpcbind
257 8009/tcp open  ajp13
258 8080/tcp open  http-proxy
259 
260 Nmap scan report for bogon (172.16.96.137)
261 Host is up (0.00093s latency).
262 Not shown: 995 closed ports
263 PORT     STATE SERVICE
264 22/tcp   open  ssh
265 111/tcp  open  rpcbind
266 8009/tcp open  ajp13
267 8080/tcp open  http-proxy
268 9200/tcp open  wap-wsp
269 
270 Nmap scan report for bogon (172.16.96.138)
271 Host is up (0.00090s latency).
272 Not shown: 997 closed ports
273 PORT    STATE SERVICE
274 22/tcp  open  ssh
275 80/tcp  open  http
276 111/tcp open  rpcbind
277 
278 Nmap scan report for bogon (172.16.96.139)
279 Host is up (0.00096s latency).
280 Not shown: 998 closed ports
281 PORT   STATE SERVICE
282 22/tcp open  ssh
283 80/tcp open  http
284 
285 Nmap scan report for bogon (172.16.96.140)
286 Host is up (0.00095s latency).
287 Not shown: 998 closed ports
288 PORT     STATE SERVICE
289 22/tcp   open  ssh
290 8080/tcp open  http-proxy
291 
292 Nmap scan report for bogon (172.16.96.141)
293 Host is up (0.00091s latency).
294 Not shown: 998 closed ports
295 PORT     STATE SERVICE
296 22/tcp   open  ssh
297 3306/tcp open  mysql
298 
299 Nmap scan report for bogon (172.16.96.143)
300 Host is up (0.0012s latency).
301 Not shown: 996 filtered ports
302 PORT     STATE  SERVICE
303 22/tcp   open   ssh
304 80/tcp   open   http
305 443/tcp  closed https
306 3306/tcp open   mysql
307 
308 Nmap scan report for bogon (172.16.96.188)
309 Host is up (0.00058s latency).
310 Not shown: 991 closed ports
311 PORT      STATE SERVICE
312 22/tcp    open  ssh
313 80/tcp    open  http
314 111/tcp   open  rpcbind
315 1234/tcp  open  hotline
316 1521/tcp  open  oracle
317 2809/tcp  open  corbaloc
318 9100/tcp  open  jetdirect
319 32768/tcp open  filenet-tms
320 32776/tcp open  sometimes-rpc15
321 
322 Nmap scan report for bogon (172.16.96.200)
323 Host is up (0.00089s latency).
324 Not shown: 984 closed ports
325 PORT      STATE SERVICE
326 80/tcp    open  http
327 81/tcp    open  hosts2-ns
328 135/tcp   open  msrpc
329 139/tcp   open  netbios-ssn
330 445/tcp   open  microsoft-ds
331 1521/tcp  open  oracle
332 1688/tcp  open  nsjtp-data
333 3389/tcp  open  ms-term-serv
334 4000/tcp  open  remoteanything
335 4001/tcp  open  newoak
336 8011/tcp  open  unknown
337 49152/tcp open  unknown
338 49153/tcp open  unknown
339 49154/tcp open  unknown
340 49155/tcp open  unknown
341 49158/tcp open  unknown
342 
343 Nmap scan report for bogon (172.16.96.205)
344 Host is up (0.00089s latency).
345 Not shown: 998 closed ports
346 PORT    STATE SERVICE
347 22/tcp  open  ssh
348 111/tcp open  rpcbind
349 
350 Nmap scan report for bogon (172.16.96.222)
351 Host is up (0.00085s latency).
352 Not shown: 997 closed ports
353 PORT     STATE SERVICE
354 22/tcp   open  ssh
355 80/tcp   open  http
356 3306/tcp open  mysql
357 
358 Nmap scan report for bogon (172.16.96.235)
359 Host is up (0.00096s latency).
360 Not shown: 987 closed ports
361 PORT     STATE SERVICE
362 80/tcp   open  http
363 135/tcp  open  msrpc
364 139/tcp  open  netbios-ssn
365 445/tcp  open  microsoft-ds
366 1025/tcp open  NFS-or-IIS
367 1026/tcp open  LSA-or-nterm
368 1027/tcp open  IIS
369 1074/tcp open  warmspotMgmt
370 1433/tcp open  ms-sql-s
371 2382/tcp open  ms-olap3
372 3372/tcp open  msdtc
373 5120/tcp open  unknown
374 9001/tcp open  tor-orport
375 
376 Nmap scan report for bogon (172.16.96.236)
377 Host is up (0.00076s latency).
378 Not shown: 994 filtered ports
379 PORT      STATE SERVICE
380 21/tcp    open  ftp
381 80/tcp    open  http
382 443/tcp   open  https
383 8080/tcp  open  http-proxy
384 8088/tcp  open  radan-http
385 49154/tcp open  unknown
386 
387 Nmap scan report for bogon (172.16.96.250)
388 Host is up (0.00079s latency).
389 Not shown: 994 filtered ports
390 PORT      STATE SERVICE
391 80/tcp    open  http
392 135/tcp   open  msrpc
393 139/tcp   open  netbios-ssn
394 5120/tcp  open  unknown
395 49153/tcp open  unknown
396 49154/tcp open  unknown
397 
398 Nmap scan report for bogon (172.16.96.254)
399 Host is up (0.0016s latency).
400 Not shown: 989 closed ports
401 PORT      STATE    SERVICE
402 23/tcp    open     telnet
403 50300/tcp filtered unknown
404 50389/tcp filtered unknown
405 50500/tcp filtered unknown
406 50636/tcp filtered unknown
407 50800/tcp filtered unknown
408 51493/tcp filtered unknown
409 52673/tcp filtered unknown
410 52822/tcp filtered unknown
411 52848/tcp filtered unknown
412 52869/tcp filtered unknown
413 
414 Nmap done: 256 IP addresses (38 hosts up) scanned in 18.86 seconds
415 [root@yinzhengjie ~]#
    [root@yinzhengjie ~]# nmap 172.16.96.1/24
     
    3.扫描多个目标
      直接跟需要扫描的目标IP就好,nmap后面跟多少个IP就会去扫描你手写的这些IP
     1 #!/bin/bash
 2 #@author :yinzhengjie
 3 #Blog:http://www.cnblogs.com/yinzhengjie
 4 #EMAIL:y1053419035@qq.com
 5 
 6 [root@yinzhengjie ~]# nmap 172.16.96.1 172.16.96.200
 7 
 8 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:17 CST
 9 Nmap scan report for bogon (172.16.96.1)
10 Host is up (0.00075s latency).
11 Not shown: 997 closed ports
12 PORT     STATE SERVICE
13 22/tcp   open  ssh
14 53/tcp   open  domain
15 3306/tcp open  mysql
16 
17 Nmap scan report for bogon (172.16.96.200)
18 Host is up (0.00089s latency).
19 Not shown: 984 closed ports
20 PORT      STATE SERVICE
21 80/tcp    open  http
22 81/tcp    open  hosts2-ns
23 135/tcp   open  msrpc
24 139/tcp   open  netbios-ssn
25 445/tcp   open  microsoft-ds
26 1521/tcp  open  oracle
27 1688/tcp  open  nsjtp-data
28 3389/tcp  open  ms-term-serv
29 4000/tcp  open  remoteanything
30 4001/tcp  open  newoak
31 8011/tcp  open  unknown
32 49152/tcp open  unknown
33 49153/tcp open  unknown
34 49154/tcp open  unknown
35 49155/tcp open  unknown
36 49158/tcp open  unknown
37 
38 Nmap done: 2 IP addresses (2 hosts up) scanned in 1.28 seconds
39 [root@yinzhengjie ~]#
     
    4.扫描一个范围内的目标
      需要你指定起始范围,他只会在这个范围进行扫描。
      1 #!/bin/bash
  2 #@author :yinzhengjie
  3 #Blog:http://www.cnblogs.com/yinzhengjie
  4 #EMAIL:y1053419035@qq.com
  5 
  6 [root@yinzhengjie ~]# nmap 172.16.96.1-100
  7 
  8 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:20 CST
  9 Nmap scan report for bogon (172.16.96.1)
 10 Host is up (0.0011s latency).
 11 Not shown: 997 closed ports
 12 PORT     STATE SERVICE
 13 22/tcp   open  ssh
 14 53/tcp   open  domain
 15 3306/tcp open  mysql
 16 
 17 Nmap scan report for bogon (172.16.96.40)
 18 Host is up (0.0010s latency).
 19 Not shown: 999 filtered ports
 20 PORT   STATE SERVICE
 21 22/tcp open  ssh
 22 
 23 Nmap scan report for bogon (172.16.96.53)
 24 Host is up (0.0011s latency).
 25 Not shown: 964 filtered ports, 32 closed ports
 26 PORT     STATE SERVICE
 27 21/tcp   open  ftp
 28 80/tcp   open  http
 29 888/tcp  open  accessbuilder
 30 8888/tcp open  sun-answerbook
 31 
 32 Nmap scan report for bogon (172.16.96.60)
 33 Host is up (0.0012s latency).
 34 Not shown: 988 closed ports
 35 PORT      STATE SERVICE
 36 135/tcp   open  msrpc
 37 139/tcp   open  netbios-ssn
 38 445/tcp   open  microsoft-ds
 39 1521/tcp  open  oracle
 40 3389/tcp  open  ms-term-serv
 41 49152/tcp open  unknown
 42 49153/tcp open  unknown
 43 49154/tcp open  unknown
 44 49156/tcp open  unknown
 45 49158/tcp open  unknown
 46 49160/tcp open  unknown
 47 49161/tcp open  unknown
 48 
 49 Nmap scan report for bogon (172.16.96.61)
 50 Host is up (0.00079s latency).
 51 Not shown: 988 closed ports
 52 PORT      STATE SERVICE
 53 135/tcp   open  msrpc
 54 139/tcp   open  netbios-ssn
 55 445/tcp   open  microsoft-ds
 56 3389/tcp  open  ms-term-serv
 57 8009/tcp  open  ajp13
 58 8080/tcp  open  http-proxy
 59 49152/tcp open  unknown
 60 49153/tcp open  unknown
 61 49154/tcp open  unknown
 62 49155/tcp open  unknown
 63 49156/tcp open  unknown
 64 49159/tcp open  unknown
 65 
 66 Nmap scan report for bogon (172.16.96.80)
 67 Host is up (0.0011s latency).
 68 Not shown: 999 filtered ports
 69 PORT   STATE SERVICE
 70 22/tcp open  ssh
 71 
 72 Nmap scan report for bogon (172.16.96.90)
 73 Host is up (0.0012s latency).
 74 Not shown: 994 filtered ports
 75 PORT     STATE  SERVICE
 76 22/tcp   open   ssh
 77 80/tcp   open   http
 78 1720/tcp closed H.323/Q.931
 79 8080/tcp closed http-proxy
 80 9943/tcp open   unknown
 81 9944/tcp open   unknown
 82 
 83 Nmap scan report for bogon (172.16.96.91)
 84 Host is up (0.0015s latency).
 85 Not shown: 997 filtered ports
 86 PORT     STATE  SERVICE
 87 22/tcp   open   ssh
 88 80/tcp   open   http
 89 8080/tcp closed http-proxy
 90 
 91 Nmap scan report for bogon (172.16.96.100)
 92 Host is up (0.0011s latency).
 93 Not shown: 995 filtered ports
 94 PORT     STATE SERVICE
 95 22/tcp   open  ssh
 96 80/tcp   open  http
 97 443/tcp  open  https
 98 5988/tcp open  wbem-http
 99 5989/tcp open  wbem-https
100 
101 Nmap done: 100 IP addresses (9 hosts up) scanned in 26.18 seconds
102 [root@yinzhengjie ~]#
    5.如果你有一个ip地址列表,将这个保存为一个txt文件,和namp在同一目录下,扫描这个txt内的所有主机
     1 #!/bin/bash
 2 #@author :yinzhengjie
 3 #Blog:http://www.cnblogs.com/yinzhengjie
 4 #EMAIL:y1053419035@qq.com
 5 
 6 [root@yinzhengjie ~]# cat ip.txt
 7 172.16.96.1
 8 172.16.96.133
 9 172.16.96.51
10 172.16.96.205
11 [root@yinzhengjie ~]#
12 [root@yinzhengjie ~]# nmap -iL ip.txt
13 
14 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:36 CST
15 Nmap scan report for bogon (172.16.96.1)
16 Host is up (0.00065s latency).
17 Not shown: 997 closed ports
18 PORT     STATE SERVICE
19 22/tcp   open  ssh
20 53/tcp   open  domain
21 3306/tcp open  mysql
22 
23 Nmap scan report for bogon (172.16.96.133)
24 Host is up (0.00070s latency).
25 Not shown: 997 closed ports
26 PORT     STATE SERVICE
27 22/tcp   open  ssh
28 80/tcp   open  http
29 3306/tcp open  mysql
30 
31 Nmap scan report for bogon (172.16.96.205)
32 Host is up (0.00069s latency).
33 Not shown: 998 closed ports
34 PORT    STATE SERVICE
35 22/tcp  open  ssh
36 111/tcp open  rpcbind
37 
38 Nmap done: 4 IP addresses (3 hosts up) scanned in 1.44 seconds
39 [root@yinzhengjie ~]#
    6.扫描除过某一个ip外的所有子网主机
      1 [root@yinzhengjie ~]# 
  2 [root@yinzhengjie ~]# nmap 172.16.96.1/24-exclude 172.16.96.1
  3 
  4 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:53 CST
  5 Illegal netmask value, must be /0 - /32 .  Assuming /32 (one host)
  6 Nmap scan report for bogon (172.16.96.1)
  7 Host is up (0.00060s latency).
  8 Not shown: 997 closed ports
  9 PORT     STATE SERVICE
 10 22/tcp   open  ssh
 11 53/tcp   open  domain
 12 3306/tcp open  mysql
 13 
 14 Nmap scan report for bogon (172.16.96.1)
 15 Host is up (0.00044s latency).
 16 Not shown: 997 closed ports
 17 PORT     STATE SERVICE
 18 22/tcp   open  ssh
 19 53/tcp   open  domain
 20 3306/tcp open  mysql
 21 
 22 Nmap done: 2 IP addresses (2 hosts up) scanned in 0.10 seconds
 23 [root@yinzhengjie ~]# nmap 172.16.96.1/24 -exclude 172.16.96.1
 24 
 25 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:53 CST
 26 Nmap scan report for bogon (172.16.96.40)
 27 Host is up (0.00088s latency).
 28 Not shown: 999 filtered ports
 29 PORT   STATE SERVICE
 30 22/tcp open  ssh
 31 
 32 Nmap scan report for bogon (172.16.96.53)
 33 Host is up (0.00089s latency).
 34 Not shown: 964 filtered ports, 32 closed ports
 35 PORT     STATE SERVICE
 36 21/tcp   open  ftp
 37 80/tcp   open  http
 38 888/tcp  open  accessbuilder
 39 8888/tcp open  sun-answerbook
 40 
 41 Nmap scan report for bogon (172.16.96.60)
 42 Host is up (0.00067s latency).
 43 Not shown: 988 closed ports
 44 PORT      STATE SERVICE
 45 135/tcp   open  msrpc
 46 139/tcp   open  netbios-ssn
 47 445/tcp   open  microsoft-ds
 48 1521/tcp  open  oracle
 49 3389/tcp  open  ms-term-serv
 50 49152/tcp open  unknown
 51 49153/tcp open  unknown
 52 49154/tcp open  unknown
 53 49156/tcp open  unknown
 54 49158/tcp open  unknown
 55 49160/tcp open  unknown
 56 49161/tcp open  unknown
 57 
 58 Nmap scan report for bogon (172.16.96.61)
 59 Host is up (0.00071s latency).
 60 Not shown: 988 closed ports
 61 PORT      STATE SERVICE
 62 135/tcp   open  msrpc
 63 139/tcp   open  netbios-ssn
 64 445/tcp   open  microsoft-ds
 65 3389/tcp  open  ms-term-serv
 66 8009/tcp  open  ajp13
 67 8080/tcp  open  http-proxy
 68 49152/tcp open  unknown
 69 49153/tcp open  unknown
 70 49154/tcp open  unknown
 71 49155/tcp open  unknown
 72 49156/tcp open  unknown
 73 49159/tcp open  unknown
 74 
 75 Nmap scan report for bogon (172.16.96.80)
 76 Host is up (0.0012s latency).
 77 Not shown: 999 filtered ports
 78 PORT   STATE SERVICE
 79 22/tcp open  ssh
 80 
 81 Nmap scan report for bogon (172.16.96.90)
 82 Host is up (0.00093s latency).
 83 Not shown: 994 filtered ports
 84 PORT     STATE  SERVICE
 85 22/tcp   open   ssh
 86 80/tcp   open   http
 87 1720/tcp closed H.323/Q.931
 88 8080/tcp closed http-proxy
 89 9943/tcp open   unknown
 90 9944/tcp open   unknown
 91 
 92 Nmap scan report for bogon (172.16.96.91)
 93 Host is up (0.00091s latency).
 94 Not shown: 997 filtered ports
 95 PORT     STATE  SERVICE
 96 22/tcp   open   ssh
 97 80/tcp   open   http
 98 8080/tcp closed http-proxy
 99 
100 Nmap scan report for bogon (172.16.96.100)
101 Host is up (0.00099s latency).
102 Not shown: 995 filtered ports
103 PORT     STATE SERVICE
104 22/tcp   open  ssh
105 80/tcp   open  http
106 443/tcp  open  https
107 5988/tcp open  wbem-http
108 5989/tcp open  wbem-https
109 
110 Nmap scan report for bogon (172.16.96.116)
111 Host is up (0.00070s latency).
112 Not shown: 985 closed ports
113 PORT      STATE SERVICE
114 80/tcp    open  http
115 135/tcp   open  msrpc
116 139/tcp   open  netbios-ssn
117 443/tcp   open  https
118 445/tcp   open  microsoft-ds
119 593/tcp   open  http-rpc-epmap
120 3389/tcp  open  ms-term-serv
121 49152/tcp open  unknown
122 49153/tcp open  unknown
123 49154/tcp open  unknown
124 49155/tcp open  unknown
125 49156/tcp open  unknown
126 49157/tcp open  unknown
127 49159/tcp open  unknown
128 49160/tcp open  unknown
129 
130 Nmap scan report for bogon (172.16.96.117)
131 Host is up (0.00062s latency).
132 Not shown: 984 closed ports
133 PORT      STATE SERVICE
134 80/tcp    open  http
135 135/tcp   open  msrpc
136 139/tcp   open  netbios-ssn
137 443/tcp   open  https
138 445/tcp   open  microsoft-ds
139 1433/tcp  open  ms-sql-s
140 3389/tcp  open  ms-term-serv
141 49152/tcp open  unknown
142 49153/tcp open  unknown
143 49154/tcp open  unknown
144 49155/tcp open  unknown
145 49156/tcp open  unknown
146 49157/tcp open  unknown
147 49999/tcp open  unknown
148 50000/tcp open  ibm-db2
149 50002/tcp open  iiimsf
150 
151 Nmap scan report for bogon (172.16.96.119)
152 Host is up (0.00059s latency).
153 Not shown: 991 closed ports
154 PORT     STATE SERVICE
155 22/tcp   open  ssh
156 80/tcp   open  http
157 111/tcp  open  rpcbind
158 389/tcp  open  ldap
159 443/tcp  open  https
160 636/tcp  open  ldapssl
161 3306/tcp open  mysql
162 8009/tcp open  ajp13
163 8080/tcp open  http-proxy
164 
165 Nmap scan report for bogon (172.16.96.121)
166 Host is up (0.00071s latency).
167 Not shown: 995 closed ports
168 PORT     STATE SERVICE
169 21/tcp   open  ftp
170 135/tcp  open  msrpc
171 139/tcp  open  netbios-ssn
172 1025/tcp open  NFS-or-IIS
173 1433/tcp open  ms-sql-s
174 
175 Nmap scan report for bogon (172.16.96.124)
176 Host is up (0.00058s latency).
177 Not shown: 996 closed ports
178 PORT     STATE SERVICE
179 22/tcp   open  ssh
180 111/tcp  open  rpcbind
181 8009/tcp open  ajp13
182 8080/tcp open  http-proxy
183 
184 Nmap scan report for bogon (172.16.96.125)
185 Host is up (0.00059s latency).
186 Not shown: 996 closed ports
187 PORT     STATE SERVICE
188 22/tcp   open  ssh
189 111/tcp  open  rpcbind
190 8009/tcp open  ajp13
191 8080/tcp open  http-proxy
192 
193 Nmap scan report for bogon (172.16.96.126)
194 Host is up (0.00063s latency).
195 Not shown: 998 closed ports
196 PORT    STATE SERVICE
197 22/tcp  open  ssh
198 111/tcp open  rpcbind
199 
200 Nmap scan report for bogon (172.16.96.127)
201 Host is up (0.00057s latency).
202 Not shown: 995 closed ports
203 PORT     STATE SERVICE
204 22/tcp   open  ssh
205 80/tcp   open  http
206 111/tcp  open  rpcbind
207 8009/tcp open  ajp13
208 8080/tcp open  http-proxy
209 
210 Nmap scan report for bogon (172.16.96.128)
211 Host is up (0.00060s latency).
212 Not shown: 998 closed ports
213 PORT    STATE SERVICE
214 22/tcp  open  ssh
215 111/tcp open  rpcbind
216 
217 Nmap scan report for bogon (172.16.96.129)
218 Host is up (0.00062s latency).
219 Not shown: 996 closed ports
220 PORT     STATE SERVICE
221 22/tcp   open  ssh
222 111/tcp  open  rpcbind
223 8009/tcp open  ajp13
224 8080/tcp open  http-proxy
225 
226 Nmap scan report for bogon (172.16.96.130)
227 Host is up (0.00056s latency).
228 Not shown: 993 closed ports
229 PORT     STATE SERVICE
230 135/tcp  open  msrpc
231 139/tcp  open  netbios-ssn
232 445/tcp  open  microsoft-ds
233 912/tcp  open  apex-mesh
234 1026/tcp open  LSA-or-nterm
235 1044/tcp open  dcutility
236 3389/tcp open  ms-term-serv
237 
238 Nmap scan report for bogon (172.16.96.131)
239 Host is up (0.00059s latency).
240 Not shown: 995 closed ports
241 PORT     STATE SERVICE
242 22/tcp   open  ssh
243 111/tcp  open  rpcbind
244 8009/tcp open  ajp13
245 8080/tcp open  http-proxy
246 8180/tcp open  unknown
247 
248 Nmap scan report for bogon (172.16.96.133)
249 Host is up (0.00061s latency).
250 Not shown: 997 closed ports
251 PORT     STATE SERVICE
252 22/tcp   open  ssh
253 80/tcp   open  http
254 3306/tcp open  mysql
255 
256 Nmap scan report for bogon (172.16.96.135)
257 Host is up (0.00061s latency).
258 Not shown: 997 closed ports
259 PORT    STATE SERVICE
260 22/tcp  open  ssh
261 80/tcp  open  http
262 111/tcp open  rpcbind
263 
264 Nmap scan report for bogon (172.16.96.136)
265 Host is up (0.00064s latency).
266 Not shown: 995 closed ports
267 PORT     STATE SERVICE
268 22/tcp   open  ssh
269 80/tcp   open  http
270 111/tcp  open  rpcbind
271 8009/tcp open  ajp13
272 8080/tcp open  http-proxy
273 
274 Nmap scan report for bogon (172.16.96.137)
275 Host is up (0.00062s latency).
276 Not shown: 995 closed ports
277 PORT     STATE SERVICE
278 22/tcp   open  ssh
279 111/tcp  open  rpcbind
280 8009/tcp open  ajp13
281 8080/tcp open  http-proxy
282 9200/tcp open  wap-wsp
283 
284 Nmap scan report for bogon (172.16.96.138)
285 Host is up (0.00060s latency).
286 Not shown: 997 closed ports
287 PORT    STATE SERVICE
288 22/tcp  open  ssh
289 80/tcp  open  http
290 111/tcp open  rpcbind
291 
292 Nmap scan report for bogon (172.16.96.139)
293 Host is up (0.00062s latency).
294 Not shown: 998 closed ports
295 PORT   STATE SERVICE
296 22/tcp open  ssh
297 80/tcp open  http
298 
299 Nmap scan report for bogon (172.16.96.140)
300 Host is up (0.00072s latency).
301 Not shown: 998 closed ports
302 PORT     STATE SERVICE
303 22/tcp   open  ssh
304 8080/tcp open  http-proxy
305 
306 Nmap scan report for bogon (172.16.96.141)
307 Host is up (0.00058s latency).
308 Not shown: 998 closed ports
309 PORT     STATE SERVICE
310 22/tcp   open  ssh
311 3306/tcp open  mysql
312 
313 Nmap scan report for bogon (172.16.96.143)
314 Host is up (0.00087s latency).
315 Not shown: 996 filtered ports
316 PORT     STATE  SERVICE
317 22/tcp   open   ssh
318 80/tcp   open   http
319 443/tcp  closed https
320 3306/tcp open   mysql
321 
322 Nmap scan report for bogon (172.16.96.188)
323 Host is up (0.00064s latency).
324 Not shown: 991 closed ports
325 PORT      STATE SERVICE
326 22/tcp    open  ssh
327 80/tcp    open  http
328 111/tcp   open  rpcbind
329 1234/tcp  open  hotline
330 1521/tcp  open  oracle
331 2809/tcp  open  corbaloc
332 9100/tcp  open  jetdirect
333 32768/tcp open  filenet-tms
334 32776/tcp open  sometimes-rpc15
335 
336 Nmap scan report for bogon (172.16.96.200)
337 Host is up (0.00061s latency).
338 Not shown: 984 closed ports
339 PORT      STATE SERVICE
340 80/tcp    open  http
341 81/tcp    open  hosts2-ns
342 135/tcp   open  msrpc
343 139/tcp   open  netbios-ssn
344 445/tcp   open  microsoft-ds
345 1521/tcp  open  oracle
346 1688/tcp  open  nsjtp-data
347 3389/tcp  open  ms-term-serv
348 4000/tcp  open  remoteanything
349 4001/tcp  open  newoak
350 8011/tcp  open  unknown
351 49152/tcp open  unknown
352 49153/tcp open  unknown
353 49154/tcp open  unknown
354 49155/tcp open  unknown
355 49158/tcp open  unknown
356 
357 Nmap scan report for bogon (172.16.96.205)
358 Host is up (0.00060s latency).
359 Not shown: 998 closed ports
360 PORT    STATE SERVICE
361 22/tcp  open  ssh
362 111/tcp open  rpcbind
363 
364 Nmap scan report for bogon (172.16.96.222)
365 Host is up (0.00059s latency).
366 Not shown: 997 closed ports
367 PORT     STATE SERVICE
368 22/tcp   open  ssh
369 80/tcp   open  http
370 3306/tcp open  mysql
371 
372 Nmap scan report for bogon (172.16.96.235)
373 Host is up (0.00064s latency).
374 Not shown: 987 closed ports
375 PORT     STATE SERVICE
376 80/tcp   open  http
377 135/tcp  open  msrpc
378 139/tcp  open  netbios-ssn
379 445/tcp  open  microsoft-ds
380 1025/tcp open  NFS-or-IIS
381 1026/tcp open  LSA-or-nterm
382 1027/tcp open  IIS
383 1074/tcp open  warmspotMgmt
384 1433/tcp open  ms-sql-s
385 2382/tcp open  ms-olap3
386 3372/tcp open  msdtc
387 5120/tcp open  unknown
388 9001/tcp open  tor-orport
389 
390 Nmap scan report for bogon (172.16.96.236)
391 Host is up (0.00099s latency).
392 Not shown: 994 filtered ports
393 PORT      STATE SERVICE
394 21/tcp    open  ftp
395 80/tcp    open  http
396 443/tcp   open  https
397 8080/tcp  open  http-proxy
398 8088/tcp  open  radan-http
399 49154/tcp open  unknown
400 
401 Nmap scan report for bogon (172.16.96.250)
402 Host is up (0.00098s latency).
403 Not shown: 994 filtered ports
404 PORT      STATE SERVICE
405 80/tcp    open  http
406 135/tcp   open  msrpc
407 139/tcp   open  netbios-ssn
408 5120/tcp  open  unknown
409 49153/tcp open  unknown
410 49154/tcp open  unknown
411 
412 Nmap scan report for bogon (172.16.96.254)
413 Host is up (0.0014s latency).
414 Not shown: 989 closed ports
415 PORT      STATE    SERVICE
416 23/tcp    open     telnet
417 50300/tcp filtered unknown
418 50389/tcp filtered unknown
419 50500/tcp filtered unknown
420 50636/tcp filtered unknown
421 50800/tcp filtered unknown
422 51493/tcp filtered unknown
423 52673/tcp filtered unknown
424 52822/tcp filtered unknown
425 52848/tcp filtered unknown
426 52869/tcp filtered unknown
427 
428 Nmap done: 255 IP addresses (37 hosts up) scanned in 55.17 seconds
429 [root@yinzhengjie ~]#
    [root@yinzhengjie ~]# nmap 172.16.96.1/24 -exclude 172.16.96.1
    7.扫描除过某一个文件中的ip外的子网主机命令
      1 [root@yinzhengjie ~]# nmap 172.16.96.1/24 -excludefile ip.txt 
  2 
  3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:57 CST
  4 Nmap scan report for bogon (172.16.96.40)
  5 Host is up (0.00089s latency).
  6 Not shown: 999 filtered ports
  7 PORT   STATE SERVICE
  8 22/tcp open  ssh
  9 
 10 Nmap scan report for bogon (172.16.96.53)
 11 Host is up (0.00087s latency).
 12 Not shown: 964 filtered ports, 32 closed ports
 13 PORT     STATE SERVICE
 14 21/tcp   open  ftp
 15 80/tcp   open  http
 16 888/tcp  open  accessbuilder
 17 8888/tcp open  sun-answerbook
 18 
 19 Nmap scan report for bogon (172.16.96.60)
 20 Host is up (0.00054s latency).
 21 Not shown: 988 closed ports
 22 PORT      STATE SERVICE
 23 135/tcp   open  msrpc
 24 139/tcp   open  netbios-ssn
 25 445/tcp   open  microsoft-ds
 26 1521/tcp  open  oracle
 27 3389/tcp  open  ms-term-serv
 28 49152/tcp open  unknown
 29 49153/tcp open  unknown
 30 49154/tcp open  unknown
 31 49156/tcp open  unknown
 32 49158/tcp open  unknown
 33 49160/tcp open  unknown
 34 49161/tcp open  unknown
 35 
 36 Nmap scan report for bogon (172.16.96.61)
 37 Host is up (0.00064s latency).
 38 Not shown: 988 closed ports
 39 PORT      STATE SERVICE
 40 135/tcp   open  msrpc
 41 139/tcp   open  netbios-ssn
 42 445/tcp   open  microsoft-ds
 43 3389/tcp  open  ms-term-serv
 44 8009/tcp  open  ajp13
 45 8080/tcp  open  http-proxy
 46 49152/tcp open  unknown
 47 49153/tcp open  unknown
 48 49154/tcp open  unknown
 49 49155/tcp open  unknown
 50 49156/tcp open  unknown
 51 49159/tcp open  unknown
 52 
 53 Nmap scan report for bogon (172.16.96.80)
 54 Host is up (0.00089s latency).
 55 Not shown: 999 filtered ports
 56 PORT   STATE SERVICE
 57 22/tcp open  ssh
 58 
 59 Nmap scan report for bogon (172.16.96.90)
 60 Host is up (0.00082s latency).
 61 Not shown: 994 filtered ports
 62 PORT     STATE  SERVICE
 63 22/tcp   open   ssh
 64 80/tcp   open   http
 65 1720/tcp closed H.323/Q.931
 66 8080/tcp closed http-proxy
 67 9943/tcp open   unknown
 68 9944/tcp open   unknown
 69 
 70 Nmap scan report for bogon (172.16.96.91)
 71 Host is up (0.00089s latency).
 72 Not shown: 997 filtered ports
 73 PORT     STATE  SERVICE
 74 22/tcp   open   ssh
 75 80/tcp   open   http
 76 8080/tcp closed http-proxy
 77 
 78 Nmap scan report for bogon (172.16.96.100)
 79 Host is up (0.00092s latency).
 80 Not shown: 995 filtered ports
 81 PORT     STATE SERVICE
 82 22/tcp   open  ssh
 83 80/tcp   open  http
 84 443/tcp  open  https
 85 5988/tcp open  wbem-http
 86 5989/tcp open  wbem-https
 87 
 88 Nmap scan report for bogon (172.16.96.116)
 89 Host is up (0.00070s latency).
 90 Not shown: 985 closed ports
 91 PORT      STATE SERVICE
 92 80/tcp    open  http
 93 135/tcp   open  msrpc
 94 139/tcp   open  netbios-ssn
 95 443/tcp   open  https
 96 445/tcp   open  microsoft-ds
 97 593/tcp   open  http-rpc-epmap
 98 3389/tcp  open  ms-term-serv
 99 49152/tcp open  unknown
100 49153/tcp open  unknown
101 49154/tcp open  unknown
102 49155/tcp open  unknown
103 49156/tcp open  unknown
104 49157/tcp open  unknown
105 49159/tcp open  unknown
106 49160/tcp open  unknown
107 
108 Nmap scan report for bogon (172.16.96.117)
109 Host is up (0.00082s latency).
110 Not shown: 984 closed ports
111 PORT      STATE SERVICE
112 80/tcp    open  http
113 135/tcp   open  msrpc
114 139/tcp   open  netbios-ssn
115 443/tcp   open  https
116 445/tcp   open  microsoft-ds
117 1433/tcp  open  ms-sql-s
118 3389/tcp  open  ms-term-serv
119 49152/tcp open  unknown
120 49153/tcp open  unknown
121 49154/tcp open  unknown
122 49155/tcp open  unknown
123 49156/tcp open  unknown
124 49157/tcp open  unknown
125 49999/tcp open  unknown
126 50000/tcp open  ibm-db2
127 50002/tcp open  iiimsf
128 
129 Nmap scan report for bogon (172.16.96.119)
130 Host is up (0.00065s latency).
131 Not shown: 991 closed ports
132 PORT     STATE SERVICE
133 22/tcp   open  ssh
134 80/tcp   open  http
135 111/tcp  open  rpcbind
136 389/tcp  open  ldap
137 443/tcp  open  https
138 636/tcp  open  ldapssl
139 3306/tcp open  mysql
140 8009/tcp open  ajp13
141 8080/tcp open  http-proxy
142 
143 Nmap scan report for bogon (172.16.96.121)
144 Host is up (0.00083s latency).
145 Not shown: 995 closed ports
146 PORT     STATE SERVICE
147 21/tcp   open  ftp
148 135/tcp  open  msrpc
149 139/tcp  open  netbios-ssn
150 1025/tcp open  NFS-or-IIS
151 1433/tcp open  ms-sql-s
152 
153 Nmap scan report for bogon (172.16.96.124)
154 Host is up (0.00060s latency).
155 Not shown: 996 closed ports
156 PORT     STATE SERVICE
157 22/tcp   open  ssh
158 111/tcp  open  rpcbind
159 8009/tcp open  ajp13
160 8080/tcp open  http-proxy
161 
162 Nmap scan report for bogon (172.16.96.125)
163 Host is up (0.00075s latency).
164 Not shown: 996 closed ports
165 PORT     STATE SERVICE
166 22/tcp   open  ssh
167 111/tcp  open  rpcbind
168 8009/tcp open  ajp13
169 8080/tcp open  http-proxy
170 
171 Nmap scan report for bogon (172.16.96.126)
172 Host is up (0.00073s latency).
173 Not shown: 998 closed ports
174 PORT    STATE SERVICE
175 22/tcp  open  ssh
176 111/tcp open  rpcbind
177 
178 Nmap scan report for bogon (172.16.96.127)
179 Host is up (0.00060s latency).
180 Not shown: 995 closed ports
181 PORT     STATE SERVICE
182 22/tcp   open  ssh
183 80/tcp   open  http
184 111/tcp  open  rpcbind
185 8009/tcp open  ajp13
186 8080/tcp open  http-proxy
187 
188 Nmap scan report for bogon (172.16.96.128)
189 Host is up (0.00055s latency).
190 Not shown: 998 closed ports
191 PORT    STATE SERVICE
192 22/tcp  open  ssh
193 111/tcp open  rpcbind
194 
195 Nmap scan report for bogon (172.16.96.129)
196 Host is up (0.00065s latency).
197 Not shown: 996 closed ports
198 PORT     STATE SERVICE
199 22/tcp   open  ssh
200 111/tcp  open  rpcbind
201 8009/tcp open  ajp13
202 8080/tcp open  http-proxy
203 
204 Nmap scan report for bogon (172.16.96.130)
205 Host is up (0.00067s latency).
206 Not shown: 993 closed ports
207 PORT     STATE SERVICE
208 135/tcp  open  msrpc
209 139/tcp  open  netbios-ssn
210 445/tcp  open  microsoft-ds
211 912/tcp  open  apex-mesh
212 1026/tcp open  LSA-or-nterm
213 1044/tcp open  dcutility
214 3389/tcp open  ms-term-serv
215 
216 Nmap scan report for bogon (172.16.96.131)
217 Host is up (0.00066s latency).
218 Not shown: 995 closed ports
219 PORT     STATE SERVICE
220 22/tcp   open  ssh
221 111/tcp  open  rpcbind
222 8009/tcp open  ajp13
223 8080/tcp open  http-proxy
224 8180/tcp open  unknown
225 
226 Nmap scan report for bogon (172.16.96.135)
227 Host is up (0.00061s latency).
228 Not shown: 997 closed ports
229 PORT    STATE SERVICE
230 22/tcp  open  ssh
231 80/tcp  open  http
232 111/tcp open  rpcbind
233 
234 Nmap scan report for bogon (172.16.96.136)
235 Host is up (0.00061s latency).
236 Not shown: 995 closed ports
237 PORT     STATE SERVICE
238 22/tcp   open  ssh
239 80/tcp   open  http
240 111/tcp  open  rpcbind
241 8009/tcp open  ajp13
242 8080/tcp open  http-proxy
243 
244 Nmap scan report for bogon (172.16.96.137)
245 Host is up (0.00057s latency).
246 Not shown: 995 closed ports
247 PORT     STATE SERVICE
248 22/tcp   open  ssh
249 111/tcp  open  rpcbind
250 8009/tcp open  ajp13
251 8080/tcp open  http-proxy
252 9200/tcp open  wap-wsp
253 
254 Nmap scan report for bogon (172.16.96.138)
255 Host is up (0.00056s latency).
256 Not shown: 997 closed ports
257 PORT    STATE SERVICE
258 22/tcp  open  ssh
259 80/tcp  open  http
260 111/tcp open  rpcbind
261 
262 Nmap scan report for bogon (172.16.96.139)
263 Host is up (0.00066s latency).
264 Not shown: 998 closed ports
265 PORT   STATE SERVICE
266 22/tcp open  ssh
267 80/tcp open  http
268 
269 Nmap scan report for bogon (172.16.96.140)
270 Host is up (0.00073s latency).
271 Not shown: 998 closed ports
272 PORT     STATE SERVICE
273 22/tcp   open  ssh
274 8080/tcp open  http-proxy
275 
276 Nmap scan report for bogon (172.16.96.141)
277 Host is up (0.00060s latency).
278 Not shown: 998 closed ports
279 PORT     STATE SERVICE
280 22/tcp   open  ssh
281 3306/tcp open  mysql
282 
283 Nmap scan report for bogon (172.16.96.143)
284 Host is up (0.00086s latency).
285 Not shown: 996 filtered ports
286 PORT     STATE  SERVICE
287 22/tcp   open   ssh
288 80/tcp   open   http
289 443/tcp  closed https
290 3306/tcp open   mysql
291 
292 Nmap scan report for bogon (172.16.96.188)
293 Host is up (0.00064s latency).
294 Not shown: 991 closed ports
295 PORT      STATE SERVICE
296 22/tcp    open  ssh
297 80/tcp    open  http
298 111/tcp   open  rpcbind
299 1234/tcp  open  hotline
300 1521/tcp  open  oracle
301 2809/tcp  open  corbaloc
302 9100/tcp  open  jetdirect
303 32768/tcp open  filenet-tms
304 32776/tcp open  sometimes-rpc15
305 
306 Nmap scan report for bogon (172.16.96.200)
307 Host is up (0.00062s latency).
308 Not shown: 984 closed ports
309 PORT      STATE SERVICE
310 80/tcp    open  http
311 81/tcp    open  hosts2-ns
312 135/tcp   open  msrpc
313 139/tcp   open  netbios-ssn
314 445/tcp   open  microsoft-ds
315 1521/tcp  open  oracle
316 1688/tcp  open  nsjtp-data
317 3389/tcp  open  ms-term-serv
318 4000/tcp  open  remoteanything
319 4001/tcp  open  newoak
320 8011/tcp  open  unknown
321 49152/tcp open  unknown
322 49153/tcp open  unknown
323 49154/tcp open  unknown
324 49155/tcp open  unknown
325 49158/tcp open  unknown
326 
327 Nmap scan report for bogon (172.16.96.222)
328 Host is up (0.00064s latency).
329 Not shown: 997 closed ports
330 PORT     STATE SERVICE
331 22/tcp   open  ssh
332 80/tcp   open  http
333 3306/tcp open  mysql
334 
335 Nmap scan report for bogon (172.16.96.235)
336 Host is up (0.00070s latency).
337 Not shown: 987 closed ports
338 PORT     STATE SERVICE
339 80/tcp   open  http
340 135/tcp  open  msrpc
341 139/tcp  open  netbios-ssn
342 445/tcp  open  microsoft-ds
343 1025/tcp open  NFS-or-IIS
344 1026/tcp open  LSA-or-nterm
345 1027/tcp open  IIS
346 1074/tcp open  warmspotMgmt
347 1433/tcp open  ms-sql-s
348 2382/tcp open  ms-olap3
349 3372/tcp open  msdtc
350 5120/tcp open  unknown
351 9001/tcp open  tor-orport
352 
353 Nmap scan report for bogon (172.16.96.236)
354 Host is up (0.00097s latency).
355 Not shown: 994 filtered ports
356 PORT      STATE SERVICE
357 21/tcp    open  ftp
358 80/tcp    open  http
359 443/tcp   open  https
360 8080/tcp  open  http-proxy
361 8088/tcp  open  radan-http
362 49154/tcp open  unknown
363 
364 Nmap scan report for bogon (172.16.96.250)
365 Host is up (0.00090s latency).
366 Not shown: 994 filtered ports
367 PORT      STATE SERVICE
368 80/tcp    open  http
369 135/tcp   open  msrpc
370 139/tcp   open  netbios-ssn
371 5120/tcp  open  unknown
372 49153/tcp open  unknown
373 49154/tcp open  unknown
374 
375 Nmap scan report for bogon (172.16.96.254)
376 Host is up (0.0016s latency).
377 Not shown: 989 closed ports
378 PORT      STATE    SERVICE
379 23/tcp    open     telnet
380 50300/tcp filtered unknown
381 50389/tcp filtered unknown
382 50500/tcp filtered unknown
383 50636/tcp filtered unknown
384 50800/tcp filtered unknown
385 51493/tcp filtered unknown
386 52673/tcp filtered unknown
387 52822/tcp filtered unknown
388 52848/tcp filtered unknown
389 52869/tcp filtered unknown
390 
391 Nmap done: 252 IP addresses (35 hosts up) scanned in 55.38 seconds
392 [root@yinzhengjie ~]#
    [root@yinzhengjie ~]# nmap 172.16.96.1/24 -excludefile ip.txt
     
    8.扫描特定主机上的端口
     1 [root@yinzhengjie ~]# nmap -p80,20,21,23 172.16.96.205
 2 
 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 14:01 CST
 4 Nmap scan report for bogon (172.16.96.205)
 5 Host is up (0.00064s latency).
 6 PORT   STATE  SERVICE
 7 20/tcp closed ftp-data
 8 21/tcp open   ftp
 9 23/tcp closed telnet
10 80/tcp closed http
11 
12 Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds
13 [root@yinzhengjie ~]#
    四.Nmap的高逼格使用方法
    1.Tcp SYN Scan (sS) 这是一个基本的扫描方式,它被称为半开放扫描,因为这种技术使得Nmap不需要通过完整的握手,就能获得远程主机的信息。Nmap发送SYN包到远程主机,但是它不会产生任何会话.因此不会在目标主机上产生任何日志记录,因为没有形成会话。这个就是SYN扫描的优势.如果Nmap命令中没有指出扫描类型,默认的就是Tcp SYN.但是它需要root/administrator权限.
     1 [root@yinzhengjie ~]# nmap -sS 172.16.96.133
 2 
 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 14:05 CST
 4 Nmap scan report for bogon (172.16.96.133)
 5 Host is up (0.00048s latency).
 6 Not shown: 997 closed ports
 7 PORT     STATE SERVICE
 8 22/tcp   open  ssh
 9 80/tcp   open  http
10 3306/tcp open  mysql
11 
12 Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
13 [root@yinzhengjie ~]#

    2.想要通过Nmap准确的检测到远程操作系统是比较困难的,需要使用到Nmap的猜测功能选项,–osscan-guess猜测认为最接近目标的匹配操作系统类型。

     1 [root@yinzhengjie ~]# nmap -O --osscan-guess 172.16.96.205
 2 
 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 14:11 CST
 4 Nmap scan report for bogon (172.16.96.205)
 5 Host is up (0.00097s latency).
 6 Not shown: 997 closed ports
 7 PORT    STATE SERVICE
 8 21/tcp  open  ftp
 9 22/tcp  open  ssh
10 111/tcp open  rpcbind
11 Device type: WAP|general purpose|firewall|webcam|specialized|storage-misc
12 Running (JUST GUESSING): Netgear embedded (96%), Linux 2.6.X|2.4.X (93%), Check Point embedded (91%), AXIS Linux 2.6.X (91%), Crestron 2-Series (89%), Citrix Linux 2.6.X (89%), IBM embedded (88%), Linksys embedded (88%)
13 Aggressive OS guesses: Netgear DG834G WAP (96%), Linux 2.6.24 - 2.6.35 (93%), Linux 2.6.32 (92%), Linux 2.6.9 - 2.6.18 (92%), Check Point VPN-1 UTM appliance (91%), Linux 2.4.26 (Slackware 10.0.0) (91%), AXIS 211A Network Camera (Linux 2.6) (91%), AXIS 211A Network Camera (Linux 2.6.20) (91%), Linux 2.6.24 (90%), Linux 2.6.17 - 2.6.35 (90%)
14 No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
15 TCP/IP fingerprint:
16 OS:SCAN(V=5.51%D=8/11%OT=21%CT=1%CU=31252%PV=Y%DS=1%DC=I%G=Y%TM=598D4AB9%P=
17 OS:x86_64-redhat-linux-gnu)SEQ(SP=105%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)OPS
18 OS:(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST1
19 OS:1NW7%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN
20 OS:(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=A
21 OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R
22 OS:=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F
23 OS:=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%
24 OS:T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD
25 OS:=S)
26 
27 Network Distance: 1 hop
28 
29 OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
30 Nmap done: 1 IP address (1 host up) scanned in 11.94 seconds
31 [root@yinzhengjie ~]#
     
     更多详情可参考:http://jingyan.baidu.com/article/47a29f24312010c0142399f1.html
     
     
     
     

     
  • 相关阅读:
    nginx配置ssl双向验证 nginx https ssl证书配置
    查看nginx cache命中率
    nginx 直接在配置文章中设置日志分割
    tomcat配置文件server.xml详解
    nagios服务端安装
    nagios客户端安装
    nagios原理及配置详解
    Nagios 监控系统架设全攻略
    nginx日志配置
    为MySQL选择合适的备份方式
  • 原文地址:https://www.cnblogs.com/yinzhengjie/p/7345022.html
Copyright © 2020-2023  润新知