10.21 nmap:网络探测工具和安全/端口扫描器
生活随笔
收集整理的這篇文章主要介紹了
10.21 nmap:网络探测工具和安全/端口扫描器
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
nmap命令
是一款開放源代碼的網絡探測和安全審核工具,是Network Mapper的縮寫。其設計目標是快速地掃描大型網絡。nmap可以發現網絡上有哪些主機,主機提供了什么服務(應用程序名稱和版本號),并探測操作系統的類型及版本信息。 如果系統沒有nmap命令,則可以使用下面的命令來安裝: nmap [Scan Type]?[option]?(target specification)? 掃描目標可以為IP地址、子網地址等,如192.168.1.2或10.0.0.0/24。nmap命令的參數選項及說明
-sS?? ?TCP同步掃描(TCP SYN) -ST?? ?TCP連接掃描 -sn?? ?不進行端口掃描,只檢查主機正在運行。該選項與老版本的-sP相同 -sU?? ?掃描UDP端口 -sV?? ?探測服務版本信息 -Pn?? ?只進行掃描,不ping主機 -PS?? ?使用SYN包對目標主機進行掃描。默認是80端口,也可以指定端口,格式為-PS22或-PS22-25,80,113,1050,35000,記住PS和端口號之間不要有空格 -PU?? ?使用udp ping掃描端口 -O? ? ?激活對TCP/IP指紋特征(fingerprinting)的掃描,獲得遠程主機的標志,也就是操作系統類型 -V?? ??顯示掃描過程中的詳細信息* -S<IP> ?? ?? ? ?設置掃描的源IP地址 -g port?? ?? ? ?設置掃描的源端口 -oN?? ??? ?? ? ?把掃描的結果重定向到文件中 -iL filename?? ?從文件中讀取掃描的目標 -p<端口>?? ?? ??指定要掃描的端口,可以是一個單獨的端口,也可以用逗號分隔開多個端口,或者使用“-”表示端口范圍 -n?? ??? ????? ?不進行DNS解析,加快掃描速度 -exclude?? ??? ?排除指定主機 -excludefile?? ?排除指定文件中的主機查看主機當前開放的端口
[root@cs6 ~]# nmap 10.0.0.100Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 16:49 CST Nmap scan report for 10.0.0.100 Host is up (0.0000040s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open httpNmap done: 1 IP address (1 host up) scanned in 6.83 seconds掃描主機的指定端口
[root@cs6 ~]# nmap -p 1024-65535 10.0.0.100Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:01 CST Nmap scan report for 10.0.0.100 Host is up (0.0000040s latency). All 64512 scanned ports on 10.0.0.100 are closedNmap done: 1 IP address (1 host up) scanned in 7.18 seconds掃描局域網內所有的IP
[root@cs6 ~]# nmap 10.0.0.0/24Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:02 CST Nmap scan report for 10.0.0.1 Host is up (0.00023s latency). Not shown: 999 filtered ports PORT STATE SERVICE 3306/tcp open mysql MAC Address: 00:50:56:C0:00:08 (VMware)Nmap scan report for 10.0.0.2 Host is up (0.00013s latency). Not shown: 999 closed ports PORT STATE SERVICE 53/tcp filtered domain MAC Address: 00:50:56:F4:FB:52 (VMware)Nmap scan report for 10.0.0.100 Host is up (0.0000040s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open httpNmap done: 256 IP addresses (3 hosts up) scanned in 25.94 seconds [root@cs6 ~]# nmap -sn 10.0.0.0/24 #<==使用-sn選項不掃描端口。Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:03 CST Nmap scan report for 10.0.0.1 Host is up (0.000089s latency). MAC Address: 00:50:56:C0:00:08 (VMware) Nmap scan report for 10.0.0.2 Host is up (0.00013s latency). MAC Address: 00:50:56:F4:FB:52 (VMware) Nmap scan report for 10.0.0.100 Host is up. Nmap done: 256 IP addresses (3 hosts up) scanned in 21.05 seconds[root@cs6 ~]# nmap -sn 10.0.0.1-10 #<=可以使用這種地進范圍進行掃描。 Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:04 CST Nmap scan report for 10.0.0.1 Host is up (0.000034s latency). MAC Address: 00:50:56:C0:00:08 (VMware) Nmap scan report for 10.0.0.2 Host is up (0.00015s latency). MAC Address: 00:50:56:F4:FB:52 (VMware) Nmap done: 10 IP addresses (2 hosts up) scanned in 6.77 seconds探測目標主機的服務和操作系統的版本
[root@cs6 ~]# nmap -O -sV 10.0.0.100Starting Nmap 5.51 ( http://nmap.org ) at 2019-05-07 17:05 CST Nmap scan report for 10.0.0.100 Host is up (0.000090s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.3 (protocol 2.0) 80/tcp open http? 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port80-TCP:V=5.51%I=7%D=5/7%Time=5CD14A57%P=x86_64-redhat-linux-gnu%r(N SF:ULL,1D,"I\x20love\x20linux\x20www\.wenyule\.top\n"); No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=5.51%D=5/7%OT=22%CT=1%CU=35109%PV=Y%DS=0%DC=L%G=Y%TM=5CD14A63%P=x OS:86_64-redhat-linux-gnu)SEQ(SP=106%GCD=1%ISR=109%TI=Z%CI=Z%II=I%TS=A)OPS( OS:O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD OS:7ST11NW7%O6=MFFD7ST11)WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=FFC OS:B)ECN(R=Y%DF=Y%T=40%W=FFD7%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A= OS:S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q OS:=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A OS:%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y OS:%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T OS:=40%CD=S) #<= -O 顯示系統版本,但是nmap命令是根據探測的TCP/IP指紋與自己的指紋庫進行對比的。如果不在指紋庫之內的系統就會無法識別。 Network Distance: 0 hopsOS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 18.61 seconds? ? ?上面的輸出信息中不僅包含了端口號,而且還包括了服務的版本號。在網絡安全性要求較高的主機上,最好能夠屏蔽服務版本號,以防止黑客利用特定版本的服務漏洞進行攻擊。
總結
以上是生活随笔為你收集整理的10.21 nmap:网络探测工具和安全/端口扫描器的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 10.6 ip:网络配置工具
- 下一篇: 10.15 wget:命令行下载工具