Nmap-基础介绍与使用

NMAP介绍

Nmap(“Network Mapper”)是一个用于网络发现和安全审计的免费开源实用程序。许多系统和网络管理员还发现它对于诸如网络资源清册、管理服务升级计划、监视主机或服务正常运行时间等任务非常有用。Nmap以新颖的方式使用原始IP包来确定网络上可用的主机、这些主机提供的服务(应用程序名称和版本)、它们运行的操作系统(和操作系统版本)、正在使用的包过滤器/防火墙的类型以及许多其他特征。它设计用于快速扫描大型网络,但对单个主机运行良好。Nmap运行在所有主要的计算机操作系统上,官方二进制软件包可用于Linux、Windows和Mac OS X。除了经典的命令行Nmap可执行文件外,Nmap套件还包括一个高级GUI和结果查看器(Zenmap)、一个灵活的数据传输、重定向和调试工具(Ncat)、一个用于比较扫描的实用程序结果(Ndiff)和包生成和响应分析工具(Nping)。

 

NMAP安装

Ubuntu

apt-get install nmap

Centos

yum install nmap

Windows

前往官网下载最新安装包

https://nmap.org/download.html

 

NMAP语法

nmap -参数 -参数 IP/域名
nmap -参数 -参数 网段

 

NMAP常用命令

nmap -A 

Nmap全面扫描

nmap -A 目标IP
root@localhost:~# nmap -A 192.168.2.81
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-09 15:53 CST
Service scan Timing: About 40.00% done; ETC: 15:55 (0:01:05 remaining)
Nmap scan report for 192.168.2.81
Host is up (0.00043s latency).
Not shown: 990 closed ports
PORT      STATE SERVICE      VERSION
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
5357/tcp  open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Service Unavailable
49152/tcp open  msrpc        Microsoft Windows RPC
49153/tcp open  msrpc        Microsoft Windows RPC
49154/tcp open  msrpc        Microsoft Windows RPC
49155/tcp open  msrpc        Microsoft Windows RPC
49156/tcp open  msrpc        Microsoft Windows RPC
49158/tcp open  msrpc        Microsoft Windows RPC
MAC Address: 00:0C:29:7B:42:52 (VMware)
Device type: general purpose
Running: Microsoft Windows 7|2008|8.1
OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_8.1
OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, Windows Server 2008 R2, Windows 8, or Windows 8.1 Update 1
Network Distance: 1 hop
Service Info: Host: ADMIN-PC; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: mean: -2h40m01s, deviation: 4h37m07s, median: -2s
|_nbstat: NetBIOS name: ADMIN-PC, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:7b:42:52 (VMware)
| smb-os-discovery: 
|   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
|   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
|   Computer name: admin-PC
|   NetBIOS computer name: ADMIN-PC\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2020-05-09T15:54:53+08:00
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb2-security-mode: 
|   2.02: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2020-05-09T07:54:53
|_  start_date: 2020-05-09T07:51:16

TRACEROUTE
HOP RTT     ADDRESS
1   0.43 ms 192.168.2.81

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 71.68 seconds
扫描结果

 

nmap -v -sS -A -T4

Nmap详细扫描,运行同步隐身,T4定时(在局域网上应该可以),操作系统和服务版本信息,针对服务的traceroute和脚本

nmap -v -sS -A -T4 目标IP
root@localhost:~# nmap -v -sS -A -T4 192.168.2.81
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-09 15:57 CST
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 15:57
Completed NSE at 15:57, 0.00s elapsed
Initiating NSE at 15:57
Completed NSE at 15:57, 0.00s elapsed
Initiating NSE at 15:57
Completed NSE at 15:57, 0.00s elapsed
Initiating ARP Ping Scan at 15:57
Scanning 192.168.2.81 [1 port]
Completed ARP Ping Scan at 15:57, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:57
Completed Parallel DNS resolution of 1 host. at 15:57, 2.56s elapsed
Initiating SYN Stealth Scan at 15:57
Scanning 192.168.2.81 [1000 ports]
Discovered open port 445/tcp on 192.168.2.81
Discovered open port 49156/tcp on 192.168.2.81
Discovered open port 49155/tcp on 192.168.2.81
Discovered open port 49154/tcp on 192.168.2.81
Discovered open port 139/tcp on 192.168.2.81
Discovered open port 135/tcp on 192.168.2.81
Discovered open port 49158/tcp on 192.168.2.81
Discovered open port 5357/tcp on 192.168.2.81
Discovered open port 49153/tcp on 192.168.2.81
Discovered open port 49152/tcp on 192.168.2.81
Completed SYN Stealth Scan at 15:57, 1.40s elapsed (1000 total ports)
Initiating Service scan at 15:57
Scanning 10 services on 192.168.2.81
Service scan Timing: About 50.00% done; ETC: 15:58 (0:00:53 remaining)
Completed Service scan at 15:58, 58.56s elapsed (10 services on 1 host)
Initiating OS detection (try #1) against 192.168.2.81
NSE: Script scanning 192.168.2.81.
Initiating NSE at 15:58
Completed NSE at 15:58, 5.69s elapsed
Initiating NSE at 15:58
Completed NSE at 15:58, 0.01s elapsed
Initiating NSE at 15:58
Completed NSE at 15:58, 0.00s elapsed
Nmap scan report for 192.168.2.81
Host is up (0.00037s latency).
Not shown: 990 closed ports
PORT      STATE SERVICE      VERSION
135/tcp   open  msrpc        Microsoft Windows RPC
139/tcp   open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
5357/tcp  open  http         Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Service Unavailable
49152/tcp open  msrpc        Microsoft Windows RPC
49153/tcp open  msrpc        Microsoft Windows RPC
49154/tcp open  msrpc        Microsoft Windows RPC
49155/tcp open  msrpc        Microsoft Windows RPC
49156/tcp open  msrpc        Microsoft Windows RPC
49158/tcp open  msrpc        Microsoft Windows RPC
MAC Address: 00:0C:29:7B:42:52 (VMware)
Device type: general purpose
Running: Microsoft Windows 7|2008|8.1
OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_8.1
OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, Windows Server 2008 R2, Windows 8, or Windows 8.1 Update 1
Uptime guess: 0.005 days (since Sat May  9 15:51:01 2020)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=257 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: ADMIN-PC; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: mean: -2h40m01s, deviation: 4h37m07s, median: -2s
| nbstat: NetBIOS name: ADMIN-PC, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:7b:42:52 (VMware)
| Names:
|   ADMIN-PC<20>         Flags: <unique><active>
|   ADMIN-PC<00>         Flags: <unique><active>
|   WORKGROUP<00>        Flags: <group><active>
|_  WORKGROUP<1e>        Flags: <group><active>
| smb-os-discovery: 
|   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
|   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
|   Computer name: admin-PC
|   NetBIOS computer name: ADMIN-PC\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2020-05-09T15:58:07+08:00
| smb-security-mode: 
|   account_used: <blank>
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb2-security-mode: 
|   2.02: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2020-05-09T07:58:07
|_  start_date: 2020-05-09T07:51:16

TRACEROUTE
HOP RTT     ADDRESS
1   0.37 ms 192.168.2.81

NSE: Script Post-scanning.
Initiating NSE at 15:58
Completed NSE at 15:58, 0.00s elapsed
Initiating NSE at 15:58
Completed NSE at 15:58, 0.00s elapsed
Initiating NSE at 15:58
Completed NSE at 15:58, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 69.82 seconds
           Raw packets sent: 1135 (50.638KB) | Rcvd: 1017 (41.398KB)
扫描结果

 

nmap -v -sS -p–A -T4

扫描信息如上,但是扫描所有TCP端口(花费更长的时间)

nmap -v -sS -p –A -T4 目标IP

 

nmap -v -sU -sS -p- -A -T4

扫描信息如上,但是扫描所有TCP端口和UDP扫描(需要更长的时间)

nmap -v -sU -sS -p- -A -T4 目标IP

 

posted @ 2020-05-09 16:06  AlexANSO  阅读(782)  评论(0编辑  收藏  举报