nmap xx.xx.x.x
Host is up (0.0012s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy- 一次性的扫描多个网站
nmap 192.168.1.1 192.168.1.2,192.168.1.3
nmap 192.168.1.1,2,3,4
nmap 192.168.1.1-3
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49160/tcp open unknown
Nmap scan report for 119.29.166.39
Host is up (0.0018s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
3306/tcp open mysql
3.扫描整个网络:
nmap 192.168.1.1/24
80/tcp open http
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
8800/tcp open sunwebadmin
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
Nmap scan report for 119.29.166.15
Host is up (0.00076s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
1723/tcp open pptp
3306/tcp filtered mysql
4.将要扫描的ip,全部写入到一个文件中,使用nmap,一次性扫描
我们这次要扫描的网站是119.29.166.15;119.29.166.10;119.29.166.13
nmap -iL list.txt
扫描完成后的信息:
tarting Nmap 6.40 ( http://nmap.org ) at 2016-10-18 11:42 CST
Nmap scan report for 119.29.166.15
Host is up (0.00093s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
1723/tcp open pptp
3306/tcp filtered mysql
Nmap scan report for 119.29.166.13
Host is up (0.00068s latency).
Not shown: 990 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49157/tcp open unknown
Nmap scan report for 119.29.166.19
Host is up (0.00056s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
80/tcp open http
3306/tcp open mysql
8080/tcp open http-proxy
5.描网络并排除特定的目标
nmap 119.29.166.1/24 --exclude 119.29.166.39
scan report for 119.29.166.40
Host is up (0.00037s latency).
Not shown: 986 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49161/tcp open unknown
49167/tcp open unknown
Nmap scan report for 119.29.166.42
Host is up (0.00030s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49157/tcp open unknown
49158/tcp open unknown
Nmap scan report for 119.29.166.43
Host is up (0.00043s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
80/tcp open http
Nmap scan report for 119.29.166.44
Host is up (0.00039s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
3389/tcp open ms-wbt-server
使用第二种方法,排除不想要扫描的ip
list.txt 中写入119.29.166.39,因此结果中只有一个ip被扫描
nmap 119.29.166.39-41 --excludefile list.txt
[root@VM_185_235_centos ~]# nmap 119.29.166.39-40 --excludefile list.txt
Starting Nmap 6.40 ( http://nmap.org ) at 2016-10-18 12:10 CST
Nmap scan report for 119.29.166.40
Host is up (0.00040s latency).
Not shown: 986 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-wbt-server
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49161/tcp open unknown
49167/tcp open unknown
6.使用nmap随机扫描
使用nmap随机扫描3个网络
nmap -iR 3
但是自己感觉这个现在并没有什么卵用
7.扫描开放的网络端口
使用nmap扫描开放的网络端口,使用这个参数将得到非常详细的结果
nmap -A 119.29.166.39
Starting Nmap 6.40 ( http://nmap.org ) at 2016-10-18 13:32 CST
Nmap scan report for 119.29.166.39
Host is up (0.00037s latency).
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0)
| ssh-hostkey: 2048 a6:8d:6f:f2:b5:a9:49:34:07:18:cd:73:49:84:a0:c4 (RSA)
|_256 22:49:b2:5c:7c:8f:73:56:89:29:8a:bd:56:49:74:66 (ECDSA)
80/tcp open http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 mod_perl/2.0.9dev Perl/v5.16.3)
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Apache HTTP Server Test Page powered by CentOS
443/tcp open ssl/http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 mod_perl/2.0.9dev Perl/v5.16.3)
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Apache HTTP Server Test Page powered by CentOS
| ssl-cert: Subject: commonName=VM_185_235_centos/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
| Not valid before: 2016-10-07T07:06:54+00:00
|_Not valid after: 2017-10-07T07:06:54+00:00
|_ssl-date: 2016-10-18T05:33:09+00:00; 0s from local time.
3306/tcp open mysql MySQL (unauthorized)
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
|_ajp-methods: Failed to get a valid response for the OPTION request
8080/tcp open http-proxy?
|_http-favicon: Apache Tomcat
|_http-methods: No Allow or Public header in OPTIONS response (status code 405)
|_http-open-proxy: Proxy might be redirecting requests
|_http-title: Apache Tomcat/8.5.6
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8080-TCP:V=6.40%I=7%D=10/18%Time=5805B401%P=x86_64-redhat-linux-gnu
SF:%r(GetRequest,2C4C,"HTTP/1\.1\x20200\x20\r\nContent-Type:\x20text/html;
SF:charset=UTF-8\r\nDate:\x20Tue,\x2018\x20Oct\x202016\x2005:32:49\x20GMT\
SF:r\nConnection:\x20close\r\n\r\n\n\n\n<!DOCTYPE\x20html>\n<html\x20lang=
SF:\"en\">\n\x20\x20\x20\x20<head>\n\x20\x20\x20\x20\x20\x20\x20\x20<meta\
SF:x20charset=\"UTF-8\"\x20/>\n\x20\x20\x20\x20\x20\x20\x20\x20<title>Apac
SF:he\x20Tomcat/8\.5\.6</title>\n\x20\x20\x20\x20\x20\x20\x20\x20<link\x20
SF:href=\"favicon\.ico\"\x20rel=\"icon\"\x20type=\"image/x-icon\"\x20/>\n\
SF:x20\x20\x20\x20\x20\x20\x20\x20<link\x20href=\"favicon\.ico\"\x20rel=\"
SF:shortcut\x20icon\"\x20type=\"image/x-icon\"\x20/>\n\x20\x20\x20\x20\x20
SF:\x20\x20\x20<link\x20href=\"tomcat\.css\"\x20rel=\"stylesheet\"\x20type
SF:=\"text/css\"\x20/>\n\x20\x20\x20\x20</head>\n\n\x20\x20\x20\x20<body>\
SF:n\x20\x20\x20\x20\x20\x20\x20\x20<div\x20id=\"wrapper\">\n\x20\x20\x20\
SF:x20\x20\x20\x20\x20\x20\x20\x20\x20<div\x20id=\"navigation\"\x20class=\
SF:"curved\x20container\">\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
SF:20\x20\x20\x20\x20<span\x20id=\"nav-home\"><a\x20href=\"http://tomcat\.
SF:apache\.org/\">Home</a></span>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20<span\x20id=\"nav-hosts\"><a\x20href=\"/docs/\
SF:">Documentation</a></span>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20<span\x20id=\"nav-config\"><a\x20href=\"/docs/conf
SF:ig/\">Configuration</a></span>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
SF:0\x20\x20\x20\x20\x20\x20<span\x20id=\"nav-examples\"><a\x20href=\"/exa
SF:mples/\">Examples</a></span>\n\x20\x20\x20\x20\x20\x20\x20\x20\x20")%r(
SF:HTTPOptions,4D8,"HTTP/1\.1\x20405\x20\r\nContent-Type:\x20text/html;cha
SF:rset=utf-8\r\nContent-Language:\x20en\r\nContent-Length:\x201084\r\nDat
SF:e:\x20Tue,\x2018\x20Oct\x202016\x2005:32:49\x20GMT\r\nConnection:\x20cl
SF:ose\r\n\r\n<!DOCTYPE\x20html><html><head><title>Apache\x20Tomcat/8\.5\.
SF:6\x20-\x20Error\x20report</title><style\x20type=\"text/css\">H1\x20{fon
SF:t-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;f
SF:ont-size:22px;}\x20H2\x20{font-family:Tahoma,Arial,sans-serif;color:whi
SF:te;background-color:#525D76;font-size:16px;}\x20H3\x20{font-family:Taho
SF:ma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px
SF:;}\x20BODY\x20{font-family:Tahoma,Arial,sans-serif;color:black;backgrou
SF:nd-color:white;}\x20B\x20{font-family:Tahoma,Arial,sans-serif;color:whi
SF:te;background-color:#525D76;}\x20P\x20{font-family:Tahoma,Arial,sans-se
SF:rif;background:white;color:black;font-size:12px;}A\x20{color\x20:\x20bl
SF:ack;}A\.name\x20{color\x20:\x20black;}\.line\x20{height:\x201px;\x20bac
SF:kground-color:\x20#525D76;\x20border:\x20none;}</style>\x20</head><bod"
SF:);
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.40%E=4%D=10/18%OT=22%CT=1%CU=36658%PV=N%DS=2%DC=T%G=Y%TM=5805B4
OS:16%P=x86_64-redhat-linux-gnu)SEQ(SP=107%GCD=1%ISR=10D%TI=Z%CI=I%II=I%TS=
OS:A)OPS(O1=M590ST11NW7%O2=M590ST11NW7%O3=M590NNT11NW7%O4=M590ST11NW7%O5=M5
OS:90ST11NW7%O6=M590ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=712
OS:0)ECN(R=Y%DF=Y%T=40%W=7210%O=M590NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S
OS:+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=
OS:)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%
OS:A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%
OS:DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=
OS:40%CD=S)
Network Distance: 2 hops
TRACEROUTE (using port 587/tcp)
HOP RTT ADDRESS
1 ...
2 0.44 ms 119.29.166.39
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 28.31 seconds
8.扫描一个网络 中在线的主机:
nmap -sP 192.168.20.0/24
Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-19 12:44 CST
Nmap scan report for 192.168.20.3
Host is up (0.00048s latency).
Nmap scan report for 192.168.20.4
Host is up (0.0018s latency).
Nmap scan report for 192.168.20.6
Host is up (0.0011s latency).
Nmap scan report for 192.168.20.7
Host is up (0.0018s latency).
Nmap scan report for 192.168.20.18
Host is up (0.00086s latency).
Nmap scan report for 192.168.20.22
Host is up (0.00068s latency).
Nmap scan report for 192.168.20.24
Host is up (0.00062s latency).
Nmap scan report for 192.168.20.35
Host is up (0.0022s latency).
Nmap scan report for 192.168.20.39
Host is up (0.00092s latency).
Nmap scan report for 192.168.20.43
Host is up (0.00067s latency).
Nmap scan report for 192.168.20.44
Host is up (0.00064s latency).
Nmap scan report for 192.168.20.52
Host is up (0.0019s latency).
Nmap scan report for 192.168.20.53
Host is up (0.00051s latency).
Nmap scan report for 192.168.20.54
Host is up (0.00098s latency).
Nmap scan report for 192.168.20.63
Host is up (0.00066s latency).
Nmap scan report for 192.168.20.67
Host is up (0.0061s latency).
Nmap scan report for 192.168.20.71
Host is up (0.00055s latency).
Nmap scan report for 192.168.20.79
Host is up (0.00050s latency).
Nmap scan report for 192.168.20.84
Host is up (0.00081s latency).
Nmap scan report for 192.168.20.92
Host is up (0.0011s latency).
Nmap scan report for 192.168.20.94
Host is up (0.00051s latency).
Nmap scan report for 192.168.20.111
Host is up (0.011s latency).
Nmap scan report for 192.168.20.112
Host is up (0.00095s latency).
Nmap scan report for 192.168.20.113
Host is up (0.000062s latency).
Nmap scan report for 192.168.20.116
Host is up (0.0014s latency).
Nmap scan report for 192.168.20.129
Host is up (0.0016s latency).
Nmap scan report for 192.168.20.130
Host is up (0.00084s latency).
Nmap scan report for 192.168.20.132
Host is up (0.00042s latency).
Nmap scan report for 192.168.20.133
Host is up (0.00057s latency).
Nmap scan report for 192.168.20.135
Host is up (0.0015s latency).
Nmap scan report for 192.168.20.138
Host is up (0.00080s latency).
Nmap scan report for 192.168.20.142
Host is up (0.0015s latency).
Nmap scan report for 192.168.20.143
Host is up (0.00023s latency).
Nmap scan report for 192.168.20.149
Host is up (0.0017s latency).
Nmap scan report for 192.168.20.151
Host is up (0.00040s latency).
Nmap scan report for 192.168.20.153
Host is up (0.0051s latency).
Nmap scan report for 192.168.20.189
Host is up (0.0012s latency).
Nmap scan report for 192.168.20.213
Host is up (0.0010s latency).
Nmap scan report for 192.168.20.219
Host is up (0.00030s latency).
Nmap scan report for 192.168.20.224
Host is up (0.00041s latency).
Nmap scan report for 192.168.20.228
Host is up (0.00031s latency).
Nmap scan report for 192.168.20.234
Host is up (0.00052s latency).
Nmap scan report for 192.168.20.241
Host is up (0.00097s latency).
Nmap scan report for 192.168.20.242
Host is up (0.00094s latency).
Nmap scan report for 192.168.20.247
Host is up (0.0014s latency).
Nmap scan report for 192.168.20.254
Host is up (0.0011s latency).
Nmap done: 256 IP addresses (46 hosts up) scanned in 1.94 seconds
在1.94 秒中扫完,存活的主机有46个
9.使用可选包扫描网络
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
nmap -PO1,2,4 xxx.xxx.xx.xx
nmap -sP xxx.xxx.xxx.xxx 有多少主机存活