学习使用nmap(一)

参考网页:

http://nmap.org/man/zh/



前提知识:
nmap将端口分为open(开放的),filtered(被过滤的), closed(关闭的),或者unfiltered(未被过滤的)。
open意味着目标主机的应用程序在监听(listen)
closed意味着端口没有监听,但随时可能打开。
filtered意味着firewall,阻碍了端口访问。
unfiltered表示无法确定开放与否。


查看版本;


zoo@zoo:~$ nmap -v

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 21:16 CST
NSE: Loaded 0 scripts for scanning.
Read data files from: /usr/share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.18 seconds





第一次扫描:


zoo@zoo:~$ nmap -A -T4 115.158.81.1 115.158.81.58

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 20:46 CST
Interesting ports on 115.158.81.1:
Not shown: 991 closed ports
PORT     STATE    SERVICE          VERSION
23/tcp   open     telnet           Cisco router
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
Service Info: OS: IOS; Device: router

All 1000 scanned ports on 115.158.81.58 are closed

-A 表示操作系统及其版本的探测
-T4 可以加快执行速度

第一个是一个路由器,可以看出来运行了很多协议,只有telnet 是开放的,还有一些filtered的端口

第二个是我的主机,没有开启任何端口(还是linux安全啊...不像MS开一些135,139,你要办移动公司啊?!)


使用目标地址输入重定向:


zoo@zoo:~/桌面$ nmap -iL addr

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 20:54 CST
Interesting ports on 115.158.81.30:
Not shown: 992 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown

-iL 定向了一个文本文件

135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds

可以看出这个童鞋使用MS,开启了一个移动公司...


-iR  随机扫描:


zoo@zoo:~$ nmap -iR 3

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 21:13 CST
Nmap done: 3 IP addresses (0 hosts up) scanned in 3.17 seconds


够无聊的


排除我的主机扫描:


zoo@zoo:~$ nmap 115.158.81.0/24 --exclude 115.158.81.1

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 21:32 CST
Interesting ports on 115.158.81.3:
Not shown: 987 closed ports
PORT      STATE    SERVICE
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
1068/tcp  filtered instl_bootc
1723/tcp  filtered pptp
4444/tcp  filtered krb524
49152/tcp open     unknown
49153/tcp open     unknown
49154/tcp open     unknown
49156/tcp open     unknown
49157/tcp open     unknown

Interesting ports on 115.158.81.11:
Not shown: 991 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3389/tcp  open  ms-term-serv
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown

Interesting ports on 115.158.81.25:
Not shown: 991 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49156/tcp open  unknown
49158/tcp open  unknown
49159/tcp open  unknown

Interesting ports on 115.158.81.43:
Not shown: 995 closed ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-term-serv
6112/tcp open  dtspc

Interesting ports on 115.158.81.46:
Not shown: 990 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3389/tcp  open  ms-term-serv
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown
49157/tcp open  unknown

All 1000 scanned ports on 115.158.81.58 are closed

Interesting ports on 115.158.81.75:
Not shown: 989 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
6000/tcp  open  X11
6001/tcp  open  X11:1
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown
49157/tcp open  unknown

Interesting ports on 115.158.81.105:
Not shown: 995 closed ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
843/tcp  open  unknown
2100/tcp open  unknown
9000/tcp open  cslistener

Interesting ports on 115.158.81.114:
Not shown: 983 closed ports
PORT      STATE    SERVICE
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
1068/tcp  filtered instl_bootc
1723/tcp  filtered pptp
2100/tcp  open     unknown
4444/tcp  filtered krb524
6000/tcp  open     X11
6112/tcp  open     dtspc
49152/tcp open     unknown
49153/tcp open     unknown
49154/tcp open     unknown
49156/tcp open     unknown
49157/tcp open     unknown
49158/tcp open     unknown

Interesting ports on 115.158.81.136:
Not shown: 988 closed ports
PORT      STATE    SERVICE
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
843/tcp   open     unknown
1068/tcp  filtered instl_bootc
1723/tcp  filtered pptp
4444/tcp  filtered krb524
6000/tcp  open     X11
9000/tcp  open     cslistener
16000/tcp open     unknown

Interesting ports on 115.158.81.137:
Not shown: 998 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn

Interesting ports on 115.158.81.142:
Not shown: 998 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn

Interesting ports on 115.158.81.145:
Not shown: 993 closed ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
912/tcp  open  unknown
2100/tcp open  unknown
6001/tcp open  X11:1
6112/tcp open  dtspc

Interesting ports on 115.158.81.146:
Not shown: 987 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
912/tcp  open     unknown
1039/tcp open     unknown
1068/tcp filtered instl_bootc
1433/tcp open     ms-sql-s
1723/tcp filtered pptp
2383/tcp open     ms-olap4
4444/tcp filtered krb524
8080/tcp open     http-proxy

Interesting ports on 115.158.81.147:
Not shown: 996 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
843/tcp open  unknown

Interesting ports on 115.158.81.159:
Not shown: 996 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
912/tcp open  unknown

Interesting ports on 115.158.81.164:
Not shown: 998 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn

Interesting ports on 115.158.81.165:
Not shown: 991 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
912/tcp   open  unknown
3389/tcp  open  ms-term-serv
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49157/tcp open  unknown

Interesting ports on 115.158.81.174:
Not shown: 988 closed ports
PORT      STATE    SERVICE
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
443/tcp   open     https
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
843/tcp   open     unknown
1068/tcp  filtered instl_bootc
1723/tcp  filtered pptp
4444/tcp  filtered krb524
9000/tcp  open     cslistener
16000/tcp open     unknown

Interesting ports on 115.158.81.178:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.181:
Not shown: 991 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
8080/tcp open     http-proxy

Interesting ports on 115.158.81.182:
Not shown: 991 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
443/tcp  open     https
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.187:
Not shown: 997 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds

Interesting ports on 115.158.81.189:
Not shown: 990 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
843/tcp  open     unknown
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
9000/tcp open     cslistener

Interesting ports on 115.158.81.192:
Not shown: 991 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
843/tcp   open  unknown
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown

Interesting ports on 115.158.81.198:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.199:
Not shown: 993 closed ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
843/tcp  open  unknown
912/tcp  open  unknown
2383/tcp open  ms-olap4
3306/tcp open  mysql

Interesting ports on 115.158.81.200:
Not shown: 992 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
902/tcp   open  iss-realsecure
912/tcp   open  unknown
3389/tcp  open  ms-term-serv
9000/tcp  open  cslistener
16000/tcp open  unknown

Interesting ports on 115.158.81.207:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.208:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.211:
Not shown: 997 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds

Interesting ports on 115.158.81.235:
Not shown: 992 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524

Interesting ports on 115.158.81.248:
Not shown: 990 closed ports
PORT     STATE    SERVICE
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
256/tcp  filtered fw1-secureremote
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
1068/tcp filtered instl_bootc
1723/tcp filtered pptp
4444/tcp filtered krb524
6000/tcp open     X11
6001/tcp open     X11:1

Nmap done: 255 IP addresses (33 hosts up) scanned in 15.38 seconds

还可以排除某些主机

例如:

nmap 115.158.81.0/24 --exclude 115.158.81.1-10

就是不扫描1-10这10个地址



深度扫描:






zoo@zoo:~$ nmap -A 115.158.81.3

Starting Nmap 5.00 ( http://nmap.org ) at 2012-04-12 21:38 CST
Interesting ports on 115.158.81.3:
Not shown: 987 closed ports
PORT      STATE    SERVICE          VERSION
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
256/tcp   filtered fw1-secureremote
445/tcp   filtered microsoft-ds
593/tcp   filtered http-rpc-epmap
1068/tcp  filtered instl_bootc
1723/tcp  filtered pptp
4444/tcp  filtered krb524
49152/tcp open     msrpc            Microsoft Windows RPC
49153/tcp open     msrpc            Microsoft Windows RPC
49154/tcp open     msrpc            Microsoft Windows RPC
49156/tcp open     msrpc            Microsoft Windows RPC
49157/tcp open     msrpc            Microsoft Windows RPC
Service Info: OS: Windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 53.82 seconds
zoo@zoo:~$ telnet 115.158.81.3 49152
Trying 115.158.81.3...
Connected to 115.158.81.3.
Escape character is '^]'.

我扫描一个可怜的童鞋,并使用telnet登录了那个端口49152

zoo@zoo:~$ netstat -a | grep 115.158.81.3
tcp        0      0 zoo.local:52722         115.158.81.3:49152      ESTABLISHED

可以看出链接已经建立了...

貌似有点意思,但是我也不知道有啥用,以后再说吧。。。


-6参数

扫描IP6地址:

nmap -6 fe80::29aa:9db9:4164:d80e

以后学习使用不同参数。



评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值