nmap 基础操作

最新推荐文章于 2024-05-07 09:25:14 发布

python_xm

最新推荐文章于 2024-05-07 09:25:14 发布

阅读量7.1k

点赞数 2

分类专栏： python

本文链接：https://blog.csdn.net/weixin_41204736/article/details/79447944

版权

python 专栏收录该内容

4 篇文章 1 订阅

订阅专栏

nmap 主要功能：

主机探测
端口扫描
版本检测
系统检测
支持探测脚本的编写

nmap 实际应用场合

通过对设备或或者防火墙的探测来审计它的安全性
探测目标主机所开放的端口
通过识别新的服务器审计网络的安全性

探测网络上的主机

使用

ping scan 只进行主机发现，不进行端口扫描

#nmap -sn <target>

例1、

(ics) python@ubuntu:~/ics/pt/ics-server2.1$ nmap -sn 192.168.10.7

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-02 11:49 CST
Nmap scan report for 192.168.10.7
Host is up (0.0015s latency).
Nmap done: 1 IP address (1 host up) scanned in 13.01 seconds

检测某网段内正使用的ip及mac
#nmap -sn --script broadcast-ping <target>

例2、

root@ubuntu:~# nmap -sn --script broadcast-ping 192.168.0.1/24

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-02 13:59 CST
Pre-scan script results:
.......
Nmap done: 256 IP addresses (0 hosts up) scanned in 209.82 seconds

跟踪目标路由器信息使用参数 --traceroute
#nmap -sn --traceroute <target>

例3、

root@ubuntu:/home/python/ics/pt/ics-server2.1# nmap -sn --traceroute google.com microsoft.com

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-02 13:48 CST
Nmap scan report for microsoft.com (191.239.213.197)
.......
TRACEROUTE (using port 443/tcp)
HOP RTT     ADDRESS
1   ... 2
3   1.64 ms 124.205.209.9
4   ... 30

Nmap done: 2 IP addresses (1 host up) scanned in 26.66 seconds

扫描目标主机所有的信息比如ipv4、反向dns名字、网络服务端口及运行状态等

#nmap scanme.nmap.org

例4、

root@ubuntu:~# nmap scanme.nmap.org
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.19s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 991 closed ports
PORT      STATE    SERVICE
22/tcp    open     ssh
.......
31337/tcp open     Elite

Nmap done: 1 IP address (1 host up) scanned in 582.61 seconds

端口状态：

open 表示服务正在监听这个端口上的连接
close 表示已经收到探测，但是这个端口没有服务运行
filterd 表示没有收到探测信息，无法建立连接，同时表明探针可能被一些过滤器（防火墙）终止了
unfiltered 表示端口对探测做出相应，但是nmap无法确定它们是关闭还是开发。
open/filtered 端口被过滤或者开放的，nmap无法做出判断。
close/filtered 端口被过滤或者是关闭，nmap无法做判断。

端口扫描

# nmap -p <port/name> <target>

例5、

root@ubuntu:~# nmap -p smtp 127.0.0.1

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-02 17:07 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000031s latency).
PORT   STATE  SERVICE
25/tcp closed smtp
Nmap done: 1 IP address (1 host up) scanned in 0.26 seconds

root@ubuntu:~# nmap nmap -p 80 127.0.0.1

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-02 17:05 CST
Failed to resolve "nmap".
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000089s latency).
PORT   STATE  SERVICE
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds

root@ubuntu:~# nmap nmap -pT:25,U:53 127.0.0.1

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-02 17:10 CST
Failed to resolve "nmap".
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000038s latency).
PORT   STATE  SERVICE
25/tcp closed smtp
Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds

nmap -p- localhost# 全部端口
nmap -p[1-65535] <target># 只扫在nmap中注册的端口

版本探测

#nmap -sV <target>

例6、

root@ubuntu:~# nmap -sV scanme.nmap.org
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.19s latency).
Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f
Not shown: 991 closed ports
PORT      STATE    SERVICE        VERSION
.......

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 507.51 seconds

-sV: 指定让Nmap进行版本侦测  
  
--version-intensity <level>: 指定版本侦测强度（0-9），默认为7。数值越高，探测出的服务越准确，但是运行时间会比较长。  
  
--version-light: 指定使用轻量侦测方式 (intensity 2)  
  
--version-all: 尝试使用所有的probes进行侦测 (intensity 9)  
  
--version-trace: 显示出详细的版本侦测过程信息。

操作系统检测

# nmap -O <target>

例7、

root@ubuntu:~# nmap -O 127.0.0.1

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-02 17:56 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000020s latency).
.......
OS details: Linux 3.12 - 3.19, Linux 3.8 - 3.19
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 4.20 seconds

-O: 指定Nmap进行OS侦测。  
  
--osscan-limit: 限制Nmap只对确定的主机的进行OS探测（至少需确知该主机分别有一个open和closed的端口）。  
  
--osscan-guess: 大胆猜测对方的主机的系统类型。由此准确性会下降不少，但会尽可能多为用户提供潜在的操作系统。

详细模式的系统查询
# nmap -O -v <target>

例8、

root@ubuntu:/home/python/ics/pt/ics-server2.1# nmap -O -v 127.0.0.1
Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-05 09:39 CST
Initiating SYN Stealth Scan at 09:39
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 21/tcp on 127.0.0.1
.......
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 4.25 seconds
           Raw packets sent: 1108 (51.328KB) | Rcvd: 2239 (99.112KB)

使用NSE脚本扫描目标主机检测漏洞

# nmap -sC <target>

例9、

root@ubuntu:~# nmap -sC 127.0.0.1

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-05 09:49 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000070s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE
.......
|_  Salt: aC\x1DK\x0C{Upr\x0CFM\x16\x013t\x06		4
5432/tcp open  postgresql

Nmap done: 1 IP address (1 host up) scanned in 6.71 seconds

读取文件中的目标 #nmap -il <file>

例 10、


python@ubuntu:~$ nmap -iL target.txt 

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-06 18:07 CST
Nmap scan report for 192.168.100.7
.......

Nmap done: 2 IP addresses (2 hosts up) scanned in 13.48 seconds

扫描随机数目互联网主机
# nmap -iR 数目

例11、

python@ubuntu:~$ nmap -iR 100

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-06 18:09 CST
Stats: 0:00:31 elapsed; 100 hosts completed (2 up), 2 undergoing Connect Scan
Connect Scan Timing: About 36.64% done; ETC: 18:10 (0:00:12 remaining)
Nmap scan report for 118.56.39.58
.......
17877/tcp open     unknown

Nmap done: 102 IP addresses (2 hosts up) scanned in 45.27 seconds

强烈扫描

#nmap -A <target>

例12、

root@ubuntu:~# nmap -A 192.168.1.7
Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-06 18:48 CST
Stats: 0:00:14 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan
Parallel DNS resolution of 1 host. Timing: About 0.00% done
Nmap scan report for 192.168.100.7
Host is up (0.00058s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
.......
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 41.23 seconds

组合查询：

精准查询：nmap -T4 -A -v
UDP 强烈扫描： nmap -sS -sU -T4 -A -v
强烈扫描所有tcp端口：nmap -p 1-65535 -T4 -A -v
强烈扫描不ping :nmap -T4 -A -v -Pn
ping 扫描：nmap -sn
快速扫描：nmap -T4 -F
快速路由追踪：nmap -sn -traceroute

python_xm

关注

2
点赞
踩
14

收藏

觉得还不错? 一键收藏
0
评论
nmap 基础操作

nmap 主要功能：主机探测端口扫描版本检测系统检测支持探测脚本的编写nmap 实际应用场合通过对设备或或者防火墙的探测来审计它的安全性探测目标主机所开放的端口通过识别新的服务器审计网络的安全性探测网络上的主机使用ping scan 只进行主机发现，不进行端口扫描#nmap -sn &lt;target&gt;例1、(ics) p...
复制链接

扫一扫

专栏目录