学习使用nmap(一)

最新推荐文章于 2024-08-22 22:35:54 发布

breaksss

最新推荐文章于 2024-08-22 22:35:54 发布

阅读量2w

点赞数 2

分类专栏：网络文章标签： service microsoft windows character cisco

本文链接：https://blog.csdn.net/breakback/article/details/7455356

版权

网络专栏收录该内容

22 篇文章 0 订阅

订阅专栏

参考网页：

http://nmap.org/man/zh/

前提知识：
nmap将端口分为open(开放的)，filtered(被过滤的)， closed(关闭的)，或者unfiltered(未被过滤的)。
open意味着目标主机的应用程序在监听(listen)
closed意味着端口没有监听，但随时可能打开。
filtered意味着firewall,阻碍了端口访问。
unfiltered表示无法确定开放与否。

查看版本；

zoo@zoo:~$ nmap -v

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 21:16 CST
NSE: Loaded 0 scripts for scanning.
Read data files from: /usr/share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.18 seconds

第一次扫描：

zoo@zoo:~$ nmap -A -T4 115.158.81.1 115.158.81.58

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 20:46 CST
Interesting ports on 115.158.81.1:
Not shown: 991 closed ports
PORT STATE SERVICE VERSION
23/tcp open telnet Cisco router
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
Service Info: OS: IOS; Device: router

All 1000 scanned ports on 115.158.81.58 are closed

-A 表示操作系统及其版本的探测
-T4 可以加快执行速度

第一个是一个路由器,可以看出来运行了很多协议，只有telnet 是开放的,还有一些filtered的端口

第二个是我的主机,没有开启任何端口(还是linux安全啊...不像MS开一些135，139,你要办移动公司啊？！)

使用目标地址输入重定向：

zoo@zoo:~/桌面$ nmap -iL addr

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 20:54 CST
Interesting ports on 115.158.81.30:
Not shown: 992 closed ports
PORT      STATE SERVICE
135/tcp   open msrpc
139/tcp   open netbios-ssn
445/tcp   open microsoft-ds
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown

-iL 定向了一个文本文件

135/tcp   open msrpc
139/tcp   open netbios-ssn
445/tcp   open microsoft-ds

可以看出这个童鞋使用MS,开启了一个移动公司...

-iR 随机扫描：

zoo@zoo:~$ nmap -iR 3

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 21:13 CST
Nmap done: 3 IP addresses (0 hosts up) scanned in 3.17 seconds

够无聊的

排除我的主机扫描:

zoo@zoo:~$ nmap 115.158.81.0/24 --exclude 115.158.81.1

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 21:32 CST
Interesting ports on 115.158.81.3:
Not shown: 987 closed ports
PORT      STATE    SERVICE
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
49152/tcp open     unknown
49153/tcp open     unknown
49154/tcp open     unknown
49156/tcp open     unknown
49157/tcp open     unknown

Interesting ports on 115.158.81.11:
Not shown: 991 closed ports
PORT      STATE SERVICE
135/tcp   open msrpc
139/tcp   open netbios-ssn
445/tcp   open microsoft-ds
3389/tcp open ms-term-serv
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown

Interesting ports on 115.158.81.25:
Not shown: 991 closed ports
PORT      STATE SERVICE
135/tcp   open msrpc
139/tcp   open netbios-ssn
445/tcp   open microsoft-ds
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49156/tcp open unknown
49158/tcp open unknown
49159/tcp open unknown

Interesting ports on 115.158.81.43:
Not shown: 995 closed ports
PORT     STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-term-serv
6112/tcp open dtspc

Interesting ports on 115.158.81.46:
Not shown: 990 closed ports
PORT      STATE SERVICE
135/tcp   open msrpc
139/tcp   open netbios-ssn
445/tcp   open microsoft-ds
3389/tcp open ms-term-serv
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49157/tcp open unknown

All 1000 scanned ports on 115.158.81.58 are closed

Interesting ports on 115.158.81.75:
Not shown: 989 closed ports
PORT      STATE SERVICE
135/tcp   open msrpc
139/tcp   open netbios-ssn
445/tcp   open microsoft-ds
6000/tcp open X11
6001/tcp open X11:1
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49157/tcp open unknown

Interesting ports on 115.158.81.105:
Not shown: 995 closed ports
PORT     STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
843/tcp open unknown
2100/tcp open unknown
9000/tcp open cslistener

Interesting ports on 115.158.81.114:
Not shown: 983 closed ports
PORT      STATE    SERVICE
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
2100/tcp open     unknown
4444/tcp filtered krb524
6000/tcp open     X11
6112/tcp open     dtspc
49152/tcp open     unknown
49153/tcp open     unknown
49154/tcp open     unknown
49156/tcp open     unknown
49157/tcp open     unknown
49158/tcp open     unknown

Interesting ports on 115.158.81.136:
Not shown: 988 closed ports
PORT      STATE    SERVICE
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
843/tcp   open     unknown
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
6000/tcp open     X11
9000/tcp open     cslistener
16000/tcp open     unknown

Interesting ports on 115.158.81.137:
Not shown: 998 closed ports
PORT    STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn

Interesting ports on 115.158.81.142:
Not shown: 998 closed ports
PORT    STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn

Interesting ports on 115.158.81.145:
Not shown: 993 closed ports
PORT     STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
912/tcp open unknown
2100/tcp open unknown
6001/tcp open X11:1
6112/tcp open dtspc

Interesting ports on 115.158.81.146:
Not shown: 987 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
912/tcp open     unknown
1039/tcp open     unknown
1068/tcp filtered instl_bootc
1433/tcp open     ms-sql-s
1723/tcp filtered pptp
2383/tcp open     ms-olap4
4444/tcp filtered krb524
8080/tcp open     http-proxy

Interesting ports on 115.158.81.147:
Not shown: 996 closed ports
PORT    STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
843/tcp open unknown

Interesting ports on 115.158.81.159:
Not shown: 996 closed ports
PORT    STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
912/tcp open unknown

Interesting ports on 115.158.81.164:
Not shown: 998 closed ports
PORT    STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn

Interesting ports on 115.158.81.165:
Not shown: 991 closed ports
PORT      STATE SERVICE
135/tcp   open msrpc
139/tcp   open netbios-ssn
445/tcp   open microsoft-ds
912/tcp   open unknown
3389/tcp open ms-term-serv
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49157/tcp open unknown

Interesting ports on 115.158.81.174:
Not shown: 988 closed ports
PORT      STATE    SERVICE
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
443/tcp   open     https
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
843/tcp   open     unknown
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
9000/tcp open     cslistener
16000/tcp open     unknown

Interesting ports on 115.158.81.178:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.181:
Not shown: 991 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
8080/tcp open     http-proxy

Interesting ports on 115.158.81.182:
Not shown: 991 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
443/tcp open     https
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.187:
Not shown: 997 closed ports
PORT    STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds

Interesting ports on 115.158.81.189:
Not shown: 990 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
843/tcp open     unknown
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
9000/tcp open     cslistener

Interesting ports on 115.158.81.192:
Not shown: 991 closed ports
PORT      STATE SERVICE
135/tcp   open msrpc
139/tcp   open netbios-ssn
445/tcp   open microsoft-ds
843/tcp   open unknown
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown

Interesting ports on 115.158.81.198:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.199:
Not shown: 993 closed ports
PORT     STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
843/tcp open unknown
912/tcp open unknown
2383/tcp open ms-olap4
3306/tcp open mysql

Interesting ports on 115.158.81.200:
Not shown: 992 closed ports
PORT      STATE SERVICE
135/tcp   open msrpc
139/tcp   open netbios-ssn
445/tcp   open microsoft-ds
902/tcp   open iss-realsecure
912/tcp   open unknown
3389/tcp open ms-term-serv
9000/tcp open cslistener
16000/tcp open unknown

Interesting ports on 115.158.81.207:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.208:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.211:
Not shown: 997 closed ports
PORT    STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds

Interesting ports on 115.158.81.235:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.248:
Not shown: 990 closed ports
PORT     STATE    SERVICE
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
256/tcp filtered fw1-secureremote
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
6000/tcp open     X11
6001/tcp open     X11:1

Nmap done: 255 IP addresses (33 hosts up) scanned in 15.38 seconds

还可以排除某些主机

例如：

nmap 115.158.81.0/24 --exclude 115.158.81.1-10

就是不扫描1-10这10个地址

深度扫描：

zoo@zoo:~$ nmap -A 115.158.81.3

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 21:38 CST
Interesting ports on 115.158.81.3:
Not shown: 987 closed ports
PORT      STATE    SERVICE          VERSION
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
49152/tcp open     msrpc            Microsoft Windows RPC
49153/tcp open     msrpc            Microsoft Windows RPC
49154/tcp open     msrpc            Microsoft Windows RPC
49156/tcp open     msrpc            Microsoft Windows RPC
49157/tcp open     msrpc            Microsoft Windows RPC
Service Info: OS: Windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 53.82 seconds
zoo@zoo:~$ telnet 115.158.81.3 49152
Trying 115.158.81.3...
Connected to 115.158.81.3.
Escape character is '^]'.

我扫描一个可怜的童鞋，并使用telnet登录了那个端口49152

zoo@zoo:~$ netstat -a | grep 115.158.81.3
tcp 0 0 zoo.local:52722 115.158.81.3:49152 ESTABLISHED

可以看出链接已经建立了...

貌似有点意思，但是我也不知道有啥用，以后再说吧。。。

-6参数

扫描IP6地址:

nmap -6 fe80::29aa:9db9:4164:d80e

以后学习使用不同参数。