欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

nmap命令 基礎(chǔ)用法附官方手冊(cè)

  發(fā)布時(shí)間:2019-03-16 15:42:01   作者:佚名   我要評(píng)論
Nmap是一款網(wǎng)絡(luò)掃描和主機(jī)檢測(cè)的非常有用的工具。Nmap是不局限于僅僅收集信息和枚舉,同時(shí)可以用來(lái)作為一個(gè)漏洞探測(cè)器或安全掃描器。它可以適用于winodws,linux,mac等操作系統(tǒng)

nmap系統(tǒng)漏洞掃描之王,也就是Network Mapper,是Linux下常用的網(wǎng)絡(luò)掃描和嗅探工具包,現(xiàn)在支持多個(gè)平臺(tái)。

其基本功能有三個(gè):
(1)是掃描主機(jī)端口,嗅探所提供的網(wǎng)絡(luò)服務(wù)
(2)是探測(cè)一組主機(jī)是否在線
(3)還可以推斷主機(jī)所用的操作系統(tǒng),到達(dá)主機(jī)經(jīng)過(guò)的路由,系統(tǒng)已開(kāi)放端口的軟件版本
 

nmap端口狀態(tài)解析

open : 應(yīng)用程序在該端口接收 TCP 連接或者 UDP 報(bào)文。
closed :關(guān)閉的端口對(duì)于nmap也是可訪問(wèn)的, 它接收nmap探測(cè)報(bào)文并作出響應(yīng)。但沒(méi)有應(yīng)用程序在其上監(jiān)聽(tīng)。
filtered :由于包過(guò)濾阻止探測(cè)報(bào)文到達(dá)端口,nmap無(wú)法確定該端口是否開(kāi)放。過(guò)濾可能來(lái)自專(zhuān)業(yè)的防火墻設(shè)備,路由規(guī)則 或者主機(jī)上的軟件防火墻。
unfiltered :未被過(guò)濾狀態(tài)意味著端口可訪問(wèn),但是nmap無(wú)法確定它是開(kāi)放還是關(guān)閉。 只有用于映射防火墻規(guī)則集的 ACK 掃描才會(huì)把端口分類(lèi)到這個(gè)狀態(tài)。
open | filtered :無(wú)法確定端口是開(kāi)放還是被過(guò)濾, 開(kāi)放的端口不響應(yīng)就是一個(gè)例子。沒(méi)有響應(yīng)也可能意味著報(bào)文過(guò)濾器丟棄了探測(cè)報(bào)文或者它引發(fā)的任何反應(yīng)。UDP,IP協(xié)議,FIN, Null 等掃描會(huì)引起。
closed|filtered:(關(guān)閉或者被過(guò)濾的):無(wú)法確定端口是關(guān)閉的還是被過(guò)濾的

nmap有windows和linux

Nmap是一款網(wǎng)絡(luò)掃描和主機(jī)檢測(cè)的非常有用的工具。Nmap是不局限于僅僅收集信息和枚舉,同時(shí)可以用來(lái)作為一個(gè)漏洞探測(cè)器或安全掃描器。它可以適用于winodws,linux,mac等操作系統(tǒng)
從下面官網(wǎng)可以下載exe程序包和zip包

https://nmap.org/download.html#windows

nmap常用參數(shù)

nmap掃描速度要比nc快
面是一些基本的命令和它們的用法的例子:掃描單一的一個(gè)主機(jī),命令如下:

前期準(zhǔn)備

準(zhǔn)備兩臺(tái)機(jī)器
主機(jī)A:ip地址 10.0.1.161
主機(jī)B:ip地址 10.0.1.162

B機(jī)器安裝nmap的包(這個(gè)工具比較強(qiáng)大,習(xí)慣上每臺(tái)機(jī)器都安裝)

yum install nmap -y  

端口掃描部分

前期準(zhǔn)備
B機(jī)器使用nmap去掃描A機(jī)器,掃描之前,A機(jī)器先查看自己上面有哪些端口在被占用

A機(jī)器上查看本地ipv4的監(jiān)聽(tīng)端口

netstat參數(shù)解釋?zhuān)?br /> -l (listen) 僅列出 Listen (監(jiān)聽(tīng)) 的服務(wù)
-t (tcp) 僅顯示tcp相關(guān)內(nèi)容
-n (numeric) 直接顯示ip地址以及端口,不解析為服務(wù)名或者主機(jī)名
-p (pid) 顯示出socket所屬的進(jìn)程PID 以及進(jìn)程名字
--inet 顯示ipv4相關(guān)協(xié)議的監(jiān)聽(tīng)
 

查看IPV4端口上的tcp的監(jiān)聽(tīng)

netstat -lntp --inet

[root@A ~]# netstat -lntp --inet
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2157/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1930/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2365/master
tcp 0 0 0.0.0.0:13306 0.0.0.0:* LISTEN 21699/mysqld
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 2640/rsync
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 21505/rpcbind
[root@A ~]#

過(guò)濾掉監(jiān)控在127.0.0.1的端口

[root@A ~]# netstat -lntp --inet | grep -v 127.0.0.1
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2157/sshd
tcp 0 0 0.0.0.0:13306 0.0.0.0:* LISTEN 21699/mysqld
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 2640/rsync
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 21505/rpcbind
[root@A ~]#

掃描tcp端口

B機(jī)器上使用nmap掃描A機(jī)器所有端口(-p后面也可以跟空格)
下面表示掃描A機(jī)器的1到65535所有在監(jiān)聽(tīng)的tcp端口。
nmap 10.0.1.161 -p1-65535
指定端口范圍使用-p參數(shù),如果不指定要掃描的端口,Nmap默認(rèn)掃描從1到1024再加上nmap-services列出的端口
nmap-services是一個(gè)包含大約2200個(gè)著名的服務(wù)的數(shù)據(jù)庫(kù),Nmap通過(guò)查詢?cè)摂?shù)據(jù)庫(kù)可以報(bào)告那些端口可能對(duì)應(yīng)于什么服務(wù)器,但不一定正確。
所以正確掃描一個(gè)機(jī)器開(kāi)放端口的方法是上面命令。-p1-65535
注意,nmap有自己的庫(kù),存放一些已知的服務(wù)和對(duì)應(yīng)端口號(hào),假如有的服務(wù)不在nmap-services,可能nmap就不會(huì)去掃描,這就是明明一些端口已經(jīng)是處于監(jiān)聽(tīng)狀態(tài),nmap默認(rèn)沒(méi)掃描出來(lái)的原因,需要加入-p參數(shù)讓其掃描所有端口。
雖然直接使用nmap 10.0.1.161也可以掃描出開(kāi)放的端口,但是使用-p1-65535 能顯示出最多的端口
區(qū)別在于不加-p 時(shí),顯示的都是已知協(xié)議的端口,對(duì)于未知協(xié)議的端口沒(méi)顯示

[root@B ~]# nmap 10.0.1.161 -p1-65535

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:11 CST
Nmap scan report for 10.0.1.161
Host is up (0.00017s latency).
Not shown: 65531 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
873/tcp open rsync
13306/tcp open unknown
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 2.49 seconds
[root@B ~]#

如果不加-p1-65535,對(duì)于未知服務(wù)的端口(A機(jī)器的13306端口)就沒(méi)法掃描到

[root@B ~]# nmap 10.0.1.161

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:12 CST
Nmap scan report for 10.0.1.161
Host is up (0.000089s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
873/tcp open rsync
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds
[root@B ~]#

掃描一個(gè)IP的多個(gè)端口

連續(xù)的端口可以使用橫線連起來(lái),端口之間可以使用逗號(hào)隔開(kāi)
A機(jī)器上再啟動(dòng)兩個(gè)tcp的監(jiān)聽(tīng),分別占用7777和8888端口,用于測(cè)試,加入&符號(hào)可以放入后臺(tái)

[root@A ~]# nc -l 7777&
[1] 21779
[root@A ~]# nc -l 8888&
[2] 21780
[root@A ~]#

[root@B ~]# nmap 10.0.1.161 -p20-200,7777,8888

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:32 CST
Nmap scan report for 10.0.1.161
Host is up (0.00038s latency).
Not shown: 179 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
7777/tcp open cbt
8888/tcp open sun-answerbook
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
[root@B ~]#

掃描udp端口

先查看哪些ipv4的監(jiān)聽(tīng),使用grep -v排除回環(huán)接口上的監(jiān)聽(tīng)
netstat -lnup --inet |grep -v 127.0.0.1 

[root@A ~]# netstat -lnup --inet |grep -v 127.0.0.1
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:111 0.0.0.0:* 21505/rpcbind
udp 0 0 0.0.0.0:631 0.0.0.0:* 1930/cupsd
udp 0 0 10.0.1.161:123 0.0.0.0:* 2261/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 2261/ntpd
udp 0 0 0.0.0.0:904 0.0.0.0:* 21505/rpcbind
[root@A ~]#

-sU:表示udp scan , udp端口掃描
-Pn:不對(duì)目標(biāo)進(jìn)行ping探測(cè)(不判斷主機(jī)是否在線)(直接掃描端口)
對(duì)于udp端口掃描比較慢,掃描完6萬(wàn)多個(gè)端口需要20分鐘左右

[root@B ~]# nmap -sU 10.0.1.161 -Pn

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:16 CST
Stats: 0:12:54 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 75.19% done; ETC: 10:33 (0:04:16 remaining)
Stats: 0:12:55 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 75.29% done; ETC: 10:33 (0:04:15 remaining)
Nmap scan report for 10.0.1.161
Host is up (0.0011s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
111/udp open rpcbind
123/udp open ntp
631/udp open|filtered ipp
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1081.27 seconds
[root@B ~]#

 掃描多個(gè)IP用法

中間用空格分開(kāi)

[root@B ~]# nmap 10.0.1.161 10.0.1.162

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:18 CST
Nmap scan report for 10.0.1.161
Host is up (0.000060s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
873/tcp open rsync
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap scan report for 10.0.1.162
Host is up (0.0000070s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind

Nmap done: 2 IP addresses (2 hosts up) scanned in 0.26 seconds
[root@B ~]#

也可以采用下面方式逗號(hào)隔開(kāi)
nmap 10.0.1.161,162

[root@B ~]# nmap 10.0.1.161,162

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:19 CST
Nmap scan report for 10.0.1.161
Host is up (0.00025s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
873/tcp open rsync
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap scan report for 10.0.1.162
Host is up (0.0000080s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind

Nmap done: 2 IP addresses (2 hosts up) scanned in 0.81 seconds
[root@B ~]#

掃描連續(xù)的ip地址

[root@B ~]# nmap 10.0.1.161-162

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:20 CST
Nmap scan report for 10.0.1.161
Host is up (0.00011s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
873/tcp open rsync
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap scan report for 10.0.1.162
Host is up (0.0000030s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind

Nmap done: 2 IP addresses (2 hosts up) scanned in 0.25 seconds
[root@B ~]#

掃描一個(gè)子網(wǎng)網(wǎng)段所有IP

[root@B ~]# nmap 10.0.3.0/24

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:21 CST
Nmap scan report for 10.0.3.1
Host is up (0.020s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
6666/tcp open irc
8888/tcp open sun-answerbook

Nmap scan report for 10.0.3.2
Host is up (0.012s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp open telnet

Nmap scan report for 10.0.3.3
Host is up (0.018s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp open telnet

Nmap done: 256 IP addresses (3 hosts up) scanned in 14.91 seconds
[root@B ~]#

掃描文件里的IP

如果你有一個(gè)ip地址列表,將這個(gè)保存為一個(gè)txt文件,和namp在同一目錄下,掃描這個(gè)txt內(nèi)的所有主機(jī),用法如下

[root@B ~]# cat ip.txt
10.0.1.161
10.0.1.162
[root@B ~]# nmap -iL ip.txt

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:23 CST
Nmap scan report for 10.0.1.161
Host is up (0.00030s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
873/tcp open rsync
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap scan report for 10.0.1.162
Host is up (0.0000070s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind

Nmap done: 2 IP addresses (2 hosts up) scanned in 0.68 seconds
[root@B ~]#

掃描地址段是排除某個(gè)IP地址
 

nmap 10.0.1.161-162 --exclude 10.0.1.162
用法如下

[root@B ~]# nmap 10.0.1.161-162 --exclude 10.0.1.162

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:24 CST
Nmap scan report for 10.0.1.161
Host is up (0.0022s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
873/tcp open rsync
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds
[root@B ~]#

掃描時(shí)排除多個(gè)IP地址

排除連續(xù)的,可以使用橫線連接起來(lái)
nmap 10.0.1.161-163 --exclude 10.0.1.162-163

[root@B ~]# nmap 10.0.1.161-163 --exclude 10.0.1.162-163

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:25 CST
Nmap scan report for 10.0.1.161
Host is up (0.00023s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
873/tcp open rsync
MAC Address: 00:0C:29:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds
[root@B ~]#

排除分散的,使用逗號(hào)隔開(kāi)

nmap 10.0.1.161-163 --exclude 10.0.1.161,10.0.1.163

[root@B ~]# nmap 10.0.1.161-163 --exclude 10.0.1.161,10.0.1.163

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:27 CST
Nmap scan report for 10.0.1.162
Host is up (0.0000030s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
[root@B ~]#

掃描多個(gè)地址時(shí)排除文件里的IP地址

(可以用來(lái)排除不連續(xù)的IP地址)
把10.0.1.161和10.0.1.163添加到一個(gè)文件里,文件名可以隨意取
下面掃描10.0.1.161到10.0.1.163 這3個(gè)IP地址,排除10.0.1.161和10.0.1.163這兩個(gè)IP
nmap 10.0.1.161-163 --excludefile ex.txt

[root@B ~]# cat ex.txt
10.0.1.161
10.0.1.163
[root@B ~]# nmap 10.0.1.161-163 --excludefile ex.txt

Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:29 CST
Nmap scan report for 10.0.1.162
Host is up (0.0000050s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
[root@B ~]#

好了,這篇文章就介紹到這,這里推薦大家下載這個(gè)非官方翻譯的手冊(cè),幫助大家更加深入的了解。

相關(guān)文章

最新評(píng)論