nmap工具

一枚不正经的程序猿

于 2024-09-23 10:22:33 发布

阅读量297

点赞数 1

分类专栏：攻击脚本开发文章标签：网络服务器 linux

本文链接：https://blog.csdn.net/qq_58981141/article/details/142451746

版权

攻击脚本开发专栏收录该内容

9 篇文章 0 订阅

订阅专栏

回顾一下:

1.python os库 socket库

2.scapy库发送ICMP,ARP,TCP协议等

3.nmap工具

一.概述

namp扫描3种类型的信息:发现主机,发现端口(哪些程序运行+版本),操作系统信息(版本)

Nmap (“Network Mapper(网络映射器)”) 是一款开放源代码的网络探测和安全审核的工具。它的设计目标是快速地扫描大型网络，当然用它扫描单个主机也没有问题。Nmap以新颖的方式使用原始IP报文来发现网络上有哪些主机，那些主机提供什么服务(应用程序名和版本)，那些服务运行在什么操作系统(包括版本信息)，它们使用什么类型的报文过滤器/防火墙，以及一堆其它功能。虽然Nmap通常用于安全审核，许多系统管理员和网络管理员也用它来做一些日常的工作，比如查看整个网络的信息，管理服务升级计划，以及监视主机和服务的运行。

二.使用

1.GUI图形界面使用直接双击桌面图标

2.交互式界面使用打开cmd,输入nmap,显示各种参数

三.主机发现

-sL 列表扫描
C:\Users\Administrator>nmap -sL www.woniuxy.com
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 11:11 中国标准时间
Nmap scan report for www.woniuxy.com (101.37.65.91)
Nmap done: 1 IP address (0 hosts up) scanned in 5.63 seconds

-sP ping扫描
C:\Users\Administrator>nmap -sP 192.168.2.0/24
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 11:16 中国标准时间
Nmap scan report for 192.168.2.1
Host is up (0.027s latency).
MAC Address: 80:05:88:E9:45:11 (Ruijie Networks)
Nmap scan report for 192.168.2.5
Host is up (0.080s latency).
MAC Address: 5C:E5:0C:55:AF:4B (Beijing Xiaomi Mobile Software)
Nmap scan report for 192.168.2.6
Host is up (0.095s latency).
MAC Address: 90:CC:DF:5E:FE:9D (Intel Corporate)
Nmap scan report for 192.168.2.9
Host is up (0.12s latency).
MAC Address: 80:38:FB:B0:39:25 (Intel Corporate)
Nmap scan report for 192.168.2.10
Host is up (0.080s latency).
MAC Address: 80:30:49:03:FD:A1 (Liteon Technology)
Nmap scan report for 192.168.2.11
Host is up (0.077s latency).
MAC Address: 42:9F:B6:DF:8D:52 (Unknown)
Nmap scan report for 192.168.2.12
Host is up (0.077s latency).
MAC Address: B2:45:27:1C:43:5C (Unknown)
Nmap scan report for 192.168.2.13
Host is up (0.077s latency).
MAC Address: CC:6B:1E:95:70:03 (Cloud Network Technology Singapore PTE.)
Nmap scan report for 192.168.2.16
Host is up (0.090s latency).
MAC Address: F8:54:F6:61:07:80 (Unknown)
Nmap scan report for 192.168.2.19
Host is up (0.099s latency).
MAC Address: 2A:C2:54:CD:DF:64 (Unknown)
Nmap scan report for 192.168.2.21
Host is up.
MAC Address: 5C:3A:45:0F:92:A7 (Chongqing Fugui Electronics)
Nmap scan report for 192.168.2.22
Host is up (0.11s latency).
MAC Address: 02:D2:8B:FE:04:8B (Unknown)
Nmap scan report for 192.168.2.26
Host is up (0.089s latency).
MAC Address: A2:10:28:AA:03:B2 (Unknown)
Nmap scan report for 192.168.2.28
Host is up (0.044s latency).
MAC Address: C2:D1:40:DA:6E:B5 (Unknown)
Nmap scan report for 192.168.2.29
Host is up (0.054s latency).
MAC Address: E0:CC:F8:A1:D9:07 (Xiaomi Communications)
Nmap scan report for 192.168.2.31
Host is up (0.083s latency).
MAC Address: 24:41:8C:67:8D:74 (Intel Corporate)
Nmap scan report for 192.168.2.3
Host is up.
Nmap done: 256 IP addresses (17 hosts up) scanned in 24.81 seconds

-P0 扫描目标主机信息
C:\Users\Administrator>nmap -P0 192.168.2.21
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 11:26 中国标准时间
Nmap scan report for 192.168.2.21
Host is up (0.037s latency).
Not shown: 996 filtered tcp ports (no-response)
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
5357/tcp open  wsdapi
MAC Address: 5C:3A:45:0F:92:A7 (Chongqing Fugui Electronics)

Nmap done: 1 IP address (1 host up) scanned in 16.82 seconds

C:\Users\Administrator>nmap -PE www.woniuxy.com
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 11:36 中国标准时间
Nmap scan report for www.woniuxy.com (101.37.65.91)
Host is up (0.025s latency).
Not shown: 987 filtered tcp ports (no-response)
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
90/tcp   closed dnsix
443/tcp  open   https
3306/tcp open   mysql
3389/tcp closed ms-wbt-server
3690/tcp closed svn
8000/tcp closed http-alt
8080/tcp closed http-proxy
8088/tcp closed radan-http
8443/tcp closed https-alt
9000/tcp closed cslistener
9009/tcp closed pichat

Nmap done: 1 IP address (1 host up) scanned in 4.97 seconds

四.端口状态分类

Nmap所识别的6个端口状态。

open(开放的)

    应用程序正在该端口接收TCP 连接或者UDP报文。发现这一点常常是端口扫描 的主要目标。安全意识强的人们知道每个开放的端口 都是攻击的入口。攻击者或者入侵测试者想要发现开放的端口。 而管理员则试图关闭它们或者用防火墙保护它们以免妨碍了合法用户。 非安全扫描可能对开放的端口也感兴趣，因为它们显示了网络上那些服务可供使用。 
closed(关闭的)

    关闭的端口对于Nmap也是可访问的(它接受Nmap的探测报文并作出响应)， 但没有应用程序在其上监听。 它们可以显示该IP地址上(主机发现，或者ping扫描)的主机正在运行up 也对部分操作系统探测有所帮助。 因为关闭的关口是可访问的，也许过会儿值得再扫描一下，可能一些又开放了。 系统管理员可能会考虑用防火墙封锁这样的端口。 那样他们就会被显示为被过滤的状态，下面讨论。 
filtered(被过滤的)

    由于包过滤阻止探测报文到达端口， Nmap无法确定该端口是否开放。过滤可能来自专业的防火墙设备，路由器规则 或者主机上的软件防火墙。这样的端口让攻击者感觉很挫折，因为它们几乎不提供 任何信息。有时候它们响应ICMP错误消息如类型3代码13 (无法到达目标: 通信被管理员禁止)，但更普遍的是过滤器只是丢弃探测帧， 不做任何响应。 这迫使Nmap重试若干次以访万一探测包是由于网络阻塞丢弃的。 这使得扫描速度明显变慢。 
unfiltered(未被过滤的)

    未被过滤状态意味着端口可访问，但Nmap不能确定它是开放还是关闭。 只有用于映射防火墙规则集的ACK扫描才会把端口分类到这种状态。 用其它类型的扫描如窗口扫描，SYN扫描，或者FIN扫描来扫描未被过滤的端口可以帮助确定 端口是否开放。 
open|filtered(开放或者被过滤的)

    当无法确定端口是开放还是被过滤的，Nmap就把该端口划分成 这种状态。开放的端口不响应就是一个例子。没有响应也可能意味着报文过滤器丢弃 了探测报文或者它引发的任何响应。因此Nmap无法确定该端口是开放的还是被过滤的。 UDP，IP协议， FIN，Null，和Xmas扫描可能把端口归入此类。
closed|filtered(关闭或者被过滤的)

    该状态用于Nmap不能确定端口是关闭的还是被过滤的。 它只可能出现在IPID Idle扫描中。

-sS TCP SYN扫描
C:\Users\Administrator>nmap -sS 192.172.0.100
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 12:20 中国标准时间
Nmap scan report for 192.172.0.100
Host is up (0.0054s latency).
Not shown: 996 closed tcp ports (reset)
PORT     STATE SERVICE
22/tcp   open  ssh
3306/tcp open  mysql
8080/tcp open  http-proxy
8088/tcp open  radan-http

Nmap done: 1 IP address (1 host up) scanned in 12.13 seconds

-sT TCP connect()扫描
C:\Users\Administrator>nmap -sT www.woniuxy.com
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 13:52 中国标准时间
Nmap scan report for www.woniuxy.com (101.37.65.91)
Host is up (0.014s latency).
Not shown: 994 filtered tcp ports (no-response)
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
443/tcp  open  https
3306/tcp open  mysql

Nmap done: 1 IP address (1 host up) scanned in 5.66 seconds

-sU UDP扫描




-p 扫描指定端口(可以写单独一个端口,几个端口用逗号隔开,连续端口用-)

C:\Users\Administrator>nmap -p 8080 192.172.0.100
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 14:29 中国标准时间
Nmap scan report for 192.172.0.100
Host is up (0.0039s latency).

PORT     STATE SERVICE
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 15.93 seconds

-F 快速扫描端口

C:\Users\Administrator>nmap -F 192.172.0.100
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 14:31 中国标准时间
Nmap scan report for 192.172.0.100
Host is up (0.0055s latency).
Not shown: 97 closed tcp ports (reset)
PORT     STATE SERVICE
22/tcp   open  ssh
3306/tcp open  mysql
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 15.18 seconds


-sV 探测版本
C:\Users\Administrator>nmap -sV 192.172.0.100
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-28 14:36 中国标准时间
Nmap scan report for 192.172.0.100
Host is up (0.0040s latency).
Not shown: 996 closed tcp ports (reset)
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 7.4 (protocol 2.0)
3306/tcp open  mysql   MySQL 5.6.46
8080/tcp open  http    Apache Tomcat 9.0.37
8088/tcp open  http    Apache httpd

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.80 seconds

-0 操作系统扫描
-A 扫描操作系统和版本探测

参考:https://blog.csdn.net/aspirationflow/article/details/7694274