nmap简单使用

最新推荐文章于 2024-09-13 11:25:21 发布

明镜居士

最新推荐文章于 2024-09-13 11:25:21 发布

阅读量3.6k

点赞数

文章标签： http https 安全

本文链接：https://blog.csdn.net/m0_37694033/article/details/122242395

版权

先通过 ifconfig 查到本机内网地址:172.1.3.220

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether f0:18:98:0b:3e:51
	inet6 fe80::5d:3fa1:4e2f:f8b%en0 prefixlen 64 secured scopeid 0x7
	inet 172.1.3.220 netmask 0xffffff00 broadcast 172.1.3.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active

通过百度查到外网ip：211.99.156.*
nmap 嗅探一下本机内网IP地址端口开放情况，closed代表只是端口没有被占用，filtered才是被防火墙ban了，nmap自己肯定是不会出现被ban的情况

nmap -p 8080,80,22,23 localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-30 17:49 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00012s latency).
Other addresses for localhost (not scanned): ::1

PORT     STATE  SERVICE
22/tcp   closed ssh
23/tcp   closed telnet
80/tcp   closed http
8080/tcp closed http-proxy

再嗅探一下本局域网内其他ip地址的端口占用情况

nmap -p 8080,80,21,22,23 172.1.3.240-254
Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-30 17:52 CST
Nmap scan report for 172-1-3-240.lightspeed.hstntx.sbcglobal.net (172.1.3.240)
Host is up (0.022s latency).

PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
23/tcp   open   telnet
80/tcp   open   http
8080/tcp closed http-proxy

Nmap scan report for 172-1-3-242.lightspeed.hstntx.sbcglobal.net (172.1.3.242)
Host is up (0.026s latency).

PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
23/tcp   open   telnet
80/tcp   open   http
8080/tcp closed http-proxy

Nmap scan report for 172-1-3-245.lightspeed.hstntx.sbcglobal.net (172.1.3.245)
Host is up (0.026s latency).

PORT     STATE  SERVICE
21/tcp   closed ftp
22/tcp   open   ssh
23/tcp   open   telnet
80/tcp   open   http
8080/tcp closed http-proxy

Nmap scan report for 172-1-3-254.lightspeed.hstntx.sbcglobal.net (172.1.3.254)
Host is up (0.021s latency).

PORT     STATE    SERVICE
21/tcp   closed   ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
8080/tcp closed   http-proxy

Nmap done: 15 IP addresses (4 hosts up) scanned in 2.67 seconds

172.1.3.254这台机子在内网组策略里禁用了ssh和telnet的端口
telnet 172.1.3.254 试一下:

telnet 172.1.3.254 80
Trying 172.1.3.254...
Connected to 172-1-3-254.lightspeed.hstntx.sbcglobal.net.
Escape character is '^]'.

telnet 172.1.3.254 23
Trying 172.1.3.254...
telnet: connect to address 172.1.3.254: Operation timed out
telnet: Unable to connect to remote host

telnet 172.1.3.254 22
Trying 172.1.3.254...
telnet: connect to address 172.1.3.254: Operation timed out
telnet: Unable to connect to remote host

可以看到 22 23 都是不通的，80是通的

再嗅探一下外网地址:

nmap -p 8080,80,21,22,23 211.99.156.*
Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-30 17:56 CST
Nmap scan report for 211.99.156.254
Host is up (0.024s latency).

PORT     STATE    SERVICE
21/tcp   filtered ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   filtered http
8080/tcp filtered http-proxy

对外策略是封了所有常用端口

最后再玩一下百度

nmap -p 8080,80,21,22,23,443 www.baidu.com
Starting Nmap 7.80 ( https://nmap.org ) at 2021-12-30 18:00 CST
Nmap scan report for www.baidu.com (110.242.68.4)
Host is up (0.030s latency).
Other addresses for www.baidu.com (not scanned): 110.242.68.3

PORT     STATE    SERVICE
21/tcp   filtered ftp
22/tcp   filtered ssh
23/tcp   filtered telnet
80/tcp   open     http
443/tcp  open     https
8080/tcp filtered http-proxy

Nmap done: 1 IP address (1 host up) scanned in 1.30 seconds

80,443还是开的因为要提供http,https服务

ping 百度得到真实ip

ping www.baidu.com
PING www.a.shifen.com (110.242.68.3): 56 data bytes
64 bytes from 110.242.68.3: icmp_seq=0 ttl=45 time=15.046 ms
64 bytes from 110.242.68.3: icmp_seq=1 ttl=45 time=21.799 ms
64 bytes from 110.242.68.3: icmp_seq=2 ttl=45 time=16.552 ms
64 bytes from 110.242.68.3: icmp_seq=3 ttl=45 time=20.529 ms
:64 bytes from 110.242.68.3: icmp_seq=4 ttl=45 time=17.078 ms
64 bytes from 110.242.68.3: icmp_seq=5 ttl=45 time=27.897 ms

带着这个110.242.68.3去浏览器访问110.242.68.3:80或者110.242.68.3（浏览器默认访问80）

还有很不能理解宽带公司封80端口换个端口搭建网站不就得了，唯一的缺点就是在访问时要加上指定的端口。