计算机网络实用工具之nbtscan

简介

nbscan是一个用于扫描IP网络的NetBIOS名称信息的程序。它向提供范围内的每个地址发送NetBIOS状态查询，并以人类可读的形式列出接收到的信息。对于每个响应的主机，它列出了IP地址、NetBIOS计算机名、登录用户名和MAC地址。

对于安全检查、网络发现和取证调查非常有用。

官网

GitHub - resurrecting-open-source-projects/nbtscan: Scan networks searching for NetBIOS information

安装

# ubuntu 22.04
sudo apt install nbtscan

使用帮助

ubuntu:~$ nbtscan -h
"Human-readable service names" (-h) option cannot be used without verbose (-v) option.
Usage:
nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>)
        -v              verbose output. Print all names received
                        from each host
        -d              dump packets. Print whole packet contents.
        -e              Format output in /etc/hosts format.
        -l              Format output in lmhosts format.
                        Cannot be used with -v, -s or -h options.
        -t timeout      wait timeout milliseconds for response.
                        Default 1000.
        -b bandwidth    Output throttling. Slow down output
                        so that it uses no more that bandwidth bps.
                        Useful on slow links, so that ougoing queries
                        don't get dropped.
        -r              use local port 137 for scans. Win95 boxes
                        respond to this only.
                        You need to be root to use this option on Unix.
        -q              Suppress banners and error messages,
        -s separator    Script-friendly output. Don't print
                        column and record headers, separate fields with separator.
        -h              Print human-readable names for services.
                        Can only be used with -v option.
        -m retransmits  Number of retransmits. Default 0.
        -f filename     Take IP addresses to scan from file filename.
                        -f - makes nbtscan take IP addresses from stdin.
        <scan_range>    what to scan. Can either be single IP
                        like 192.168.1.1 or
                        range of addresses in one of two forms:
                        xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.
Examples:
        nbtscan -r 192.168.1.0/24
                Scans the whole C-class network.
        nbtscan 192.168.1.25-137
                Scans a range from 192.168.1.25 to 192.168.1.137
        nbtscan -v -s : 192.168.1.0/24
                Scans C-class network. Prints results in script-friendly
                format using colon as field separator.
                Produces output like that:
                192.168.0.1:NT_SERVER:00U
                192.168.0.1:MY_DOMAIN:00G
                192.168.0.1:ADMINISTRATOR:03U
                192.168.0.2:OTHER_BOX:00U
                ...
        nbtscan -f iplist
                Scans IP addresses specified in file iplist.

使用示例

root@ubuntu:~# nbtscan 192.168.21.1
Doing NBT name scan for addresses from 192.168.21.1

IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------
192.168.21.1     DESKTOP-EPH9F2T  <server>  <unknown>        00:50:56:c0:00:08

在上述示例中，ubuntu主机的ip为192.168.21.132，目标主机192.168.21.1为一台windows主机

通过在192.168.21.1的windows主机上抓包可以发现，ubuntu主机向windows主机发送了一个访问137(UDP)端口的名称查询请求

然后windows主机向ubuntu主机发送了一个回应，告诉了自己的主机名称等信息

种草

本文为"计算机网络实用工具系列"的内容之一，会持续更新其它相关博文。

我的博文内容主要针对“计算机网络”、“安全”、“运维”和“云计算”方向，感兴趣朋友的请关注我，我将不定期发布新的博文并不断改进已发布博文。

后期依据大家对博文的评论，点赞及关注情况，针对大家感兴趣的内容我也会录制视频并整理出成套的学习资料免费分享给大家，期待能和大家一起交流学习。