nmap命令使用

  • A+
所属分类:OS基础 网络基础

一、说明

Nmap (网络映射器)是Gordon Lyon最初编写的一种安全扫描器,用于发现计算机网络上的主机和服务,从而创建网络的“映射”。为了实现其目标,Nmap将特定数据包发送到目标主机,然后分析响应.NMAP强大的网络工具,用于枚举和测试网络。

NMAP的功能包括:

  • 1.主机发现 - 识别网络上的主机。例如,列出响应TCP和/或ICMP请求或打开特定端口的主机。
  • 2.端口扫描 - 枚举目标主机上的开放端口。
  • 3.版本检测 - 询问远程设备上的网络服务以确定应用程序名称和版本号。
  • 4.OS检测 - 确定网络设备的操作系统和硬件特性。
  • 5.可与脚本进行脚本交互 - 使用Nmap脚本引擎(NSE)和Lua编程语言。
    NMAP可以提供有关目标的更多信息,包括反向DNS名称,设备类型和MAC地址.Nmap的典型用途:

通过识别可以进行的或通过它的网络连接来审计设备或防火墙的安全性。

识别目标主机上的开放端口以准备审计。

网络库存,网络映射,维护和资产管理。

通过识别新服务器来审计网络的安全性。

二、安装与使用

2.1、nmap安装

# yum install -y nmap

2.2、使用nmap命令对端口进行扫描

默认情况下,nmap会发出一个arp ping扫描(如果交换机是ommited,则为-sP),并且它还会扫描特定目标的打开端口,范围为1-10000
示例一:默认端口扫描:

# nmap 125.254.156.188

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-05 08:38 CST
Nmap scan report for 125.254.156.166
Host is up (0.000013s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
80/tcp   open  http
3306/tcp open  mysql

Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds

示例二:指定端口范围扫描

# nmap -p 1-65535 125.254.156.188    #-p指定扫描的端口范围

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-05 08:40 CST
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Nmap scan report for 125.254.156.166
Host is up (-660s latency).
Not shown: 65530 closed ports
PORT      STATE SERVICE
80/tcp    open  http
3306/tcp  open  mysql
3307/tcp  open  opsession-prxy
3308/tcp  open  unknown

Nmap done: 1 IP address (1 host up) scanned in 13.93 seconds

示例三:指定某几个端口进行扫描

# nmap -p22,80,443 125.254.156.166

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-05 08:44 CST
Nmap scan report for 125.254.156.166
Host is up (0.000091s latency).
PORT    STATE  SERVICE
22/tcp  closed ssh
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 13.07 seconds

2.3、nmap ping

在nmap中,您也可以使用-sP开关(Arp ping)执行PING命令,这与windows / linux ping命令类似

# nmap -sP baidu.com

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-05 08:48 CST
Nmap scan report for baidu.com (220.181.38.148)
Host is up (0.0021s latency).
Other addresses for baidu.com (not scanned): 123.125.114.144
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds      #ping成功示例
# nmap -sP baidu

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-05 08:48 CST
Failed to resolve "baidu".
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.02 seconds      #ping失败示例

2.4、nmap traceroute

跟踪路由用于检测您的计算机数据包从路由器到ISP的路由到互联网直至其特定目的地。

# nmap --traceroute 8.8.8.8       #路由下谷歌dns

Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-05 08:54 CST
Nmap scan report for dns.google (8.8.8.8)
Host is up (0.046s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
53/tcp open  domain

TRACEROUTE (using port 53/tcp)
HOP RTT      ADDRESS
1   0.42 ms  125.254.156.161
2   0.83 ms  10.7.13.129
3   1.48 ms  124.243.213.105
4   ... 7
8   3.44 ms  220.181.177.73
9   5.36 ms  202.97.53.14
10  7.88 ms  202.97.27.138
11  46.98 ms 202.97.89.50
12  41.67 ms 202.97.62.214
13  39.35 ms 108.170.241.65
14  36.63 ms 172.253.69.225
15  48.59 ms dns.google (8.8.8.8)

Nmap done: 1 IP address (1 host up) scanned in 34.26 seconds

2.5、nmap 操作系统检测

操作系统检测,以了解何种操作系统当前的目标是非常有用running.Aside从打开的端口,这是因为信息收集的最重要的数据是concerned.It将帮助您寻找易受攻击的服务基于端口的特定操作系统目前已开放。
操作系统检测用到了-O参数示例如下图:
1.windows检测
nmap命令使用
2.linux检测
nmap命令使用

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: