Linux 系统扫描技术及安全防范之 nmap（批量主机服务扫描命令）

最新推荐文章于 2023-04-22 11:47:13 发布

andrewgb

最新推荐文章于 2023-04-22 11:47:13 发布

阅读量978

点赞数

分类专栏：扫描路由 Linux 网络

本文链接：https://blog.csdn.net/andrewgb/article/details/46846181

版权

Linux 同时被 3 个专栏收录

13 篇文章 0 订阅

订阅专栏

网络

6 篇文章 0 订阅

订阅专栏

路由

3 篇文章 0 订阅

订阅专栏

一、安装nmap

[root@hadoop Desktop]# yum install nmap

二、使用nmap

[root@hadoop Desktop]# nmap localhost

Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 22:53 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000060s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
25/tcp open  smtp

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

ps：nmap localhost #查看主机当前开放的端口

[root@hadoop Desktop]# nmap -p 1024-65535 localhost

Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 22:59 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000060s latency).
Other addresses for localhost (not scanned): 127.0.0.1
All 64512 scanned ports on localhost (127.0.0.1) are closed

Nmap done: 1 IP address (1 host up) scanned in 0.94 seconds

ps：nmap -p 1024-65535 localhost #查看主机端口（1024-65535）中开放的端口

[root@hadoop Desktop]#  nmap -PS 192.168.137.163 

Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 23:04 CST
Nmap scan report for 192.168.137.163
Host is up (0.0000060s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

ps：nmap -PS 192.168.21.163 #探测目标主机开放的端口
目标地址还可以换成主机段（192.168.21.163/24），或者跟上两个目标地址，一个是目标起始地址另一个是目标结束地址，作用是在这个范围内的地址都将被扫描

[root@hadoop Desktop]# nmap -sP 115.239.211.112/24

Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 23:40 CST
Nmap scan report for 115.239.211.251
Host is up (0.015s latency).
Nmap scan report for 115.239.211.252
Host is up (0.019s latency).
Nmap scan report for 115.239.211.253
Host is up (0.0099s latency).
Nmap scan report for 115.239.211.254
Host is up (0.018s latency).
Nmap done: 4 IP addresses (205 hosts up) scanned in 18.89 seconds

ps：nmap -sP 115.239.211.112/24 #这里的s是小写的s，探测主机段中哪些主机时存活的

[root@hadoop Desktop]# nmap -PS22,80,3306  192.168.21.163

Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 23:13 CST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.07 seconds

ps：nmap -PS22,80,3306 192.168.21.163 #探测所列出的目标主机端口

[root@hadoop Desktop]# nmap -O 192.168.137.163

Starting Nmap 5.51 ( http://nmap.org ) at 2015-07-11 23:18 CST
Nmap scan report for 192.168.137.163
Host is up (0.000067s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.51%D=7/11%OT=22%CT=1%CU=43501%PV=Y%DS=0%DC=L%G=Y%TM=55A133CE%P=
OS:i386-redhat-linux-gnu)SEQ(SP=104%GCD=1%ISR=10B%TI=Z%CI=Z%II=I%TS=A)OPS(O
OS:1=M400CST11NW6%O2=M400CST11NW6%O3=M400CNNT11NW6%O4=M400CST11NW6%O5=M400C
OS:ST11NW6%O6=M400CST11)WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000
OS:)ECN(R=Y%DF=Y%T=40%W=8018%O=M400CNNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S
OS:+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=
OS:)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%
OS:A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%
OS:DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=
OS:40%CD=S)

Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.38 seconds

ps：nmap -O 192.168.21.163 #探测目标主机操作系统类型

三、总结扩展

扫描类型	描述	特点
ICMP协议（-P）	ping扫描	简单、快速、有效
TCP SYN扫描（-sS）	TCP半开放扫描	高效、不易被检测、通用
TCP connect()扫描（-sT）	TCP全开放扫描	真实、结果可靠
UDP扫描（-sU）	UDP协议扫描	有效透过防火墙策略