一 下载
https://nmap.org/download.html
二 nmap简单扫描
nmap默认发送一个ARP的PING数据包,来探测目标主机1-10000范围内所开放的所有端口。
命令语法:
nmap <target ip address>
其中:target ip address是扫描的目标主机的ip地址
例子:
nmap 220.181.57.216
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:18 ?D1ú±ê×?ê±??
Nmap scan report for 220.181.57.216
Host is up (0.044s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 28.62 seconds三 nmap简单扫描,并对结果返回详细的描述输出
命令语法:
namp -vv <target ip address>
介绍:
-vv参数设置对结果的详细输出
例子:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:23 ?D1ú±ê×?ê±??
Initiating Ping Scan at 15:23
Scanning 220.181.57.216 [4 ports]
Completed Ping Scan at 15:23, 3.54s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:23
Completed Parallel DNS resolution of 1 host. at 15:24, 5.51s elapsed
Initiating SYN Stealth Scan at 15:24
Scanning 220.181.57.216 [1000 ports]
Discovered open port 443/tcp on 220.181.57.216
Discovered open port 80/tcp on 220.181.57.216
Completed SYN Stealth Scan at 15:24, 9.15s elapsed (1000 total ports)
Nmap scan report for 220.181.57.216
Host is up, received echo-reply ttl 54 (0.040s latency).
Scanned at 2019-05-02 15:23:46 ?D1ú±ê×?ê±?? for 27s
Not shown: 998 filtered ports
Reason: 998 no-responses
PORT STATE SERVICE REASON
80/tcp open http syn-ack ttl 54
443/tcp open https syn-ack ttl 54
Read data files from: D:\Program Files (x86)\Nmap
Nmap done: 1 IP address (1 host up) scanned in 28.11 seconds
Raw packets sent: 2008 (88.328KB) | Rcvd: 9 (380B)四 nmap自定义扫描
命令语法:
nmap -p(range) <target IP>
介绍:(range)为要扫描的端口范围,端口大小不能超过65535
例子:扫描目标主机的1-500号端口
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:26 ?D1ú±ê×?ê±??
Nmap scan report for 220.181.57.216
Host is up (0.036s latency).
Not shown: 498 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 24.99 seconds五 nmap 指定端口扫描
命令语法:
nmap -p(port1,port2,…) <target IP>
介绍:port1,port2…为想要扫描的端口号
例子:扫描目标主机的80,443,801端口
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:29 ?D1ú±ê×?ê±??
Nmap scan report for 220.181.57.216
Host is up (0.026s latency).
PORT STATE SERVICE
80/tcp open http
443/tcp open https
801/tcp filtered device
Nmap done: 1 IP address (1 host up) scanned in 20.28 seconds六 nmap ping 扫描
nmap可以利用类似windows/linux系统下的ping 方式进行扫描
命令语法:
nmap -sP <target ip>
例子:nmap -sP 220.181.57.216
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:31 ?D1ú±ê×?ê±??
Nmap scan report for 220.181.57.216
Host is up (0.025s latency).
Nmap done: 1 IP address (1 host up) scanned in 19.09 seconds七 nmap 路由跟踪
路由器追踪功能,能够帮助网络管理员了解网络通行情况,同时也是网络管理人员很好的辅助工具,通过路由器追踪可以轻松的查处从我们电脑所在地到目的地之间所经常的网络节点,并可以看到通过各个结点所花费的时间。
命令语法:
nmap –traceroute <target IP>
例子:namp –traceroute 220.181.57.216
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:35 ?D1ú±ê×?ê±??
Nmap scan report for 220.181.57.216
Failed to resolve "鈥搕raceroute".
Host is up (0.039s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 31.27 seconds八 nmap设置扫描一个网段下的ip
命令语法:
nmap -sP <network address> </CIDR>
介绍:CIDR为设置的子网掩码(/24,/16,/8等)
例子:nmap -sP 192.168.0.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:39 ?D1ú±ê×?ê±??
Nmap scan report for 192.168.0.1
Host is up (0.0020s latency).
MAC Address: 44:97:5A:49:31:2A (Shenzhen Fast Technologies)
Nmap scan report for 192.168.0.100
Host is up (0.91s latency).
MAC Address: 78:DA:07:2D:00:A7 (Unknown)
Nmap scan report for 192.168.0.101
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 29.10 seconds九 nmap 操作系统类型的探测
命令语法:
nmap -O <target IP>
例子:nmap -O 192.168.0.101
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:45 ?D1ú±ê×?ê±??
Nmap scan report for 192.168.0.101
Host is up (0.000011s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
25/tcp open smtp
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
808/tcp open ccproxy-http
1080/tcp open socks
3306/tcp open mysql
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.70%E=4%D=5/2%OT=25%CT=1%CU=43194%PV=Y%DS=0%DC=L%G=Y%TM=5CCAA02D
OS:%P=i686-pc-windows-windows)SEQ(SP=105%GCD=1%ISR=10B%TI=I%CI=I%II=I%SS=S%
OS:TS=U)OPS(O1=M5B4NW8NNS%O2=M5B4NW8NNS%O3=M5B4NW8%O4=M5B4NW8NNS%O5=M5B4NW8
OS:NNS%O6=M5B4NNS)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)ECN(R
OS:=Y%DF=Y%T=80%W=FFFF%O=M5B4NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%
OS:RD=0%Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y%T=80%W=
OS:0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5
OS:(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=80%W=0%S=A%A=O
OS:%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=
OS:N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%
OS:CD=Z)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 29.34 seconds十 nmap万能开关
包含了1-10000端口ping扫描,操作系统扫描,脚本扫描,路由跟踪,服务探测
命令语法:
nmap -A <target ip>
例子:nmap -A 220.181.57.216
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:48 ?D1ú±ê×?ê±??
Nmap scan report for 220.181.57.216
Host is up (0.028s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd
| http-robots.txt: 8 disallowed entries
|_/baidu /s? /ulink? /link? /shifen/ /homepage/ /cpro /
|_http-server-header: Apache
|_http-title: Site doesn't have a title (text/html).
443/tcp open ssl/http Baidu Front End httpd 1.0.8.18
|_http-server-header: bfe/1.0.8.18
|_http-title: 405 Not Allowed
| ssl-cert: Subject: commonName=www.baidu.cn/organizationName=BeiJing Baidu Netcom Science Technology Co., Ltd/countryName=CN
| Subject Alternative Name: DNS:baidu.cn, DNS:baidu.com, DNS:baidu.com.cn, DNS:w.baidu.com, DNS:ww.baidu.com, DNS:www.baidu.com.cn, DNS:www.baidu.com.hk, DNS:www.baidu.hk, DNS:www.baidu.net.au, DNS:www.baidu.net.ph, DNS:www.baidu.net.tw, DNS:www.baidu.net.vn, DNS:wwww.baidu.com, DNS:wwww.baidu.com.cn, DNS:www.baidu.cn
| Not valid before: 2019-03-18T00:00:00
|_Not valid after: 2020-03-17T12:00:00
|_ssl-date: TLS randomness does not represent time
| tls-alpn:
|_ http/1.1
| tls-nextprotoneg:
| spdy/3.1
|_ http/1.1
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|proxy server|webcam|terminal
Running (JUST GUESSING): AVtech embedded (89%), Blue Coat embedded (88%), Polycom pSOS 1.X (86%), Wyse ThinOS 5.X (86%)
OS CPE: cpe:/h:bluecoat:packetshaper cpe:/o:polycom:psos:1.0.4 cpe:/o:wyse:thinos:5.2
Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (89%), Blue Coat PacketShaper appliance (88%), Polycom MGC-25 videoconferencing system (pSOS 1.0.4) (86%), Wyse ThinOS 5.2 (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 12 hops
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 3.00 ms 192.168.0.1
2 7.00 ms 100.64.128.1
3 12.00 ms 10.224.21.41
4 ... 8
9 31.00 ms 220.181.17.94
10 ... 11
12 25.00 ms 220.181.57.216
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 71.25 seconds十一 nmap命令混合式扫描
可以做到类似参数-A所完成的功能,但又能细化我们的需求要求
命令语法:
nmap -vv -p1-100 -O <target ip>
例子:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 15:52 ?D1ú±ê×?ê±??
Initiating Ping Scan at 15:52
Scanning 220.181.57.216 [4 ports]
Completed Ping Scan at 15:52, 3.50s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:52
Completed Parallel DNS resolution of 1 host. at 15:52, 5.51s elapsed
Initiating SYN Stealth Scan at 15:52
Scanning 220.181.57.216 [100 ports]
Discovered open port 80/tcp on 220.181.57.216
Completed SYN Stealth Scan at 15:52, 2.45s elapsed (100 total ports)
Initiating OS detection (try #1) against 220.181.57.216
Retrying OS detection (try #2) against 220.181.57.216
Nmap scan report for 220.181.57.216
Host is up, received echo-reply ttl 54 (0.026s latency).
Scanned at 2019-05-02 15:52:03 ?D1ú±ê×?ê±?? for 24s
Not shown: 99 filtered ports
Reason: 99 no-responses
PORT STATE SERVICE REASON
80/tcp open http syn-ack ttl 54
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
TCP/IP fingerprint:
SCAN(V=7.70%E=4%D=5/2%OT=80%CT=%CU=%PV=N%G=N%TM=5CCAA1BB%P=i686-pc-windows-windows)
SEQ(SP=106%GCD=1%ISR=10B%TI=RD%II=RI%TS=U)
OPS(O1=W5NM5A0NNNNNNNNNNS%O2=M578W5SNNNNNNNNNNL%O3=NNNNNNNNNNNNW5NM280%O4=SNNNNNNNNNNW5L%O5=M218SNNNNNNNNNNW5L%O6=M109SNNNNNNNNNN)
WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
ECN(R=Y%DF=N%TG=40%W=2000%O=W5NM5A0SNN%CC=S%Q=RU)
T1(R=Y%DF=N%TG=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=N)
IE(R=Y%DFI=S%TG=40%CD=S)
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: Randomized
Read data files from: D:\Program Files (x86)\Nmap
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.69 seconds
Raw packets sent: 278 (15.916KB) | Rcvd: 21 (1.576KB)十二 SSL算法扫描
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-02 16:00 ?D1ú±ê×?ê±??
Nmap scan report for 220.181.57.216
Host is up (0.025s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| Broken cipher RC4 is deprecated by RFC 7465
| CBC-mode cipher in SSLv3 (CVE-2014-3566)
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| Broken cipher RC4 is deprecated by RFC 7465
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| Broken cipher RC4 is deprecated by RFC 7465
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| Broken cipher RC4 is deprecated by RFC 7465
|_ least strength: C
Nmap done: 1 IP address (1 host up) scanned in 23.29 seconds
扫一扫
2968
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
