Nmap網(wǎng)絡安全掃描器說明(5) 作者：作者：Fyodor 譯者：quack發(fā)布日期：2002-2-6上傳日期：2002-2-6來源：不詳掃描范例--------*這里是一些運用nmap的掃描范例，從最簡單普通的到有一些復雜的例子都有。注意這里有真實的數(shù)字以及一些真實的域名——這樣可以讓掃描行為看起來更具體。在這里你可以用自己的網(wǎng)絡里的名稱代替其中的addresses/names。雖然端口掃描的結果分析可能會使某些人容易攻擊，但我不認為它是不合法的,我曾經(jīng)掃描過成百上千的機器但只收到一次抱怨。但我不是律師而一些（anal)人們對nmap探測覺得煩惱，所以最好在取得允許后掃描或者——冒險，后果由你自己承擔。nmap -v target.example.com這樣對target.example.com上所有的保留TCP端口做了一次掃描，-v表示用詳細模式。nmap -sS -O target.example.com/24這將開始一次SYN的半開掃描，針對的目標是target.example.com所在的C類子網(wǎng)，它還試圖確定在其上運行的是什么系統(tǒng)。這需要root權限，因為用到了半開掃描以及系統(tǒng)偵測。nmap -sX -p 22,53,110,143,4564 128.210.*.1-127發(fā)送一個Xmas tree掃描到B類128.210所在子網(wǎng)的一半范圍內(nèi)，我們將檢測系統(tǒng)是否運行sshd, DNS, pop3d, imapd, 或者端口4564。要注意由于微軟TCP堆棧的不完善，Xmas掃描將不能在其平臺上運行成功，同樣的問題可能存在于CISCO, IRIX, HP/UX, 和BSDI。nmap -v -p 80 '*.*.2.3-5'這是定位一個網(wǎng)域（將整個網(wǎng)絡分隔成許多小部份）再進行掃描的方式，這里掃描的是所有以.2.3,.2.4, 或.2.5結束的IP地址。如果你是ROOT的話也可以用-sS。同樣的你可以從127開始搜尋更多有趣的機器，你可以用'127-222'替代前面的星號——恕我直言，那個區(qū)域有著大量有趣的機器。host -l company.com | cut '-d ' -f 4 | ./nmap -v -i -做一個DNS zone transfer來尋找在company.com進而的主機并且將IP地址送至nmap(feed the IP addresses to nmap)。這個命令是在我的GNU/Linux平臺下運行的，你可能需要用不同的選項參數(shù)或者不同的操作系統(tǒng)。臭蟲----*臭蟲？有什么臭蟲？如果你找到了，請告訴我，修訂版將會更完善:)，記住要連同OS的“指印”一起給我，這樣我才能有足夠的數(shù)據(jù)進行修改……作者----*Fyodor <fyodor@dhp.com>發(fā)放----*最新版本的nmap可以從以下URL獲得（以下為版權信息）http://www.insecure.org/nmap/nmap is (C) 1997,1998,1999 by Fyodor (fyodor@dhp.com, fyodor@insecure.org)libpcap is also distributed along with nmap. It is copy-righted by Van Jacobson, Craig Leres and Steven McCanne,all of the Lawrence Berkeley National Laboratory, University of California, Berkeley, CA.The Version distributed with nmap may be modified,pristine sources are available from ftp://ftp.ee.lbl.gov/libpcap.tar.Z .This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Version 2. This guarantees your right to use, modify, and redistribute Nmap under certain conditions. If this license is unacceptable to you, Insecure.Org may be willing to sell alternative licenses (contact fyodor@dhp.com).This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details (it is in the COPYING file of the nmap distribution).It should also be noted that Nmap has been known to crash certain poorly written applications, TCP/IP stacks, and even operating systems. Nmap should never be run against mission critical systems unless you are prepared to suffer downtime. We acknowledge here that Nmap may crash your systems or networks and we disclaim all liability for any damage or problems Nmap could cause.All versions of Nmap equal to or greater than 2.0 are believed (through informal testing) to be Year 2000 (Y2K) compliant in all respects. That being said, we reiterate that Nmap comes with no warranty. There is no reason to believe versions earlier than 2.0 are susceptible to problems, but we have not tested them.附：nmap的運行平臺--------------*可移植性NMAP發(fā)展于LINUX下，但現(xiàn)在可以在許多平臺上運行。這得感謝Lamont Granquist <lamontg@u.washington.edu>他為NMAP自動控制臺運行于許多我無法存取的平臺做出了巨大的幫助。下面是支持NAMP運行的系統(tǒng)的簡表：OS Compiles TCP scan (-sT) SYN scan (-sS) FIN scan (-sF) Frag scan (-f) OS Detection (-O) Linux Yes! Yes! Yes! Yes! Yes! Yes! FreeBSD Yes! Yes! Yes! Yes! Yes! Yes! OpenBSD Yes! Yes! Yes! Yes! Yes! Yes! NetBSD Yes! Yes! Yes! Yes! Yes! Yes! Solaris 2.4-7 Yes! Yes! Yes! Yes! No :( Yes! SunOS4.1.4 w/gcc Yes! Yes! Yes! Yes! No :( Yes! IRIX 5.3-6.4 Yes! Yes! Yes! Yes! No :( Yes! HP/UX 10.20 Yes! Yes! Yes! Yes! Yes! Unknown BSDI 2.1 and up Yes! Yes! Yes! Yes! Unknown Yes! AIX(use cc,not gcc) Yes! Yes! No :( No :( No :( No :( Digital UNIX/Alpha Yes! Yes! POSSIBLE KERNEL PANIC! Cray UNICOS 10.0 Yes! Yes! No :( No :( No :( No :(

最新評論