Nmap工具使用

Nmap是一款网络扫描和主机检测的非常有用的工具。 Nmap是不局限于仅仅收集信息和枚举,同时可以用来作为一个漏洞探测器或安全扫描器。它可以适用于winodws,linux,mac等操作系统。Nmap是一款非常强大的实用工具。
 
官网地址:https://nmap.org
 
一、Nmap安装
 
1:下载安装包,解压
[root@host1 ]# wget http://nmap.org/dist/nmap-7.01.tar.bz2
[root@host1 ]# tar -xvf nmap-7.01.tar.bz2
2:开始编译安装
[root@host1 ]# cd nmap-7.01
[root@host1 nmap-7.01]# ./configure
checking lua5.2/lua.h presence... no
checking for lua5.2/lua.h... no
checking for lua version >= 502... checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
no
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
            .       .
            \`-"'"-'/
             } 6 6 {
            ==. Y ,==
              /^^^\  .
             /     \  )  Ncat: A modern interpretation of classic Netcat
            (  )-(  )/
            -""---""---   /
           /   Ncat    \_/
          (     ____
           \_.=|____E
Configuration complete.
   (  )   /\   _                 (
    \ |  (  \ ( \.(               )                      _____
  \  \ \  `  `   ) \             (  ___                 / _   \
 (_`    \+   . x  ( .\            \/   \____-----------/ (o)   \_
- .-               \+  ;          (  O                           \____
(__                +- .( -'.- <.   \_____________  `              \  /
(_____            ._._: <_ - <- _- _  VVVVVVV VV V\                \/
  .    /./.+-  . .- /  +--  - .    (--_AAAAAAA__A_/                |
  (__ ' /x  / x _/ (                \______________//_              \_______
 , x / ( '  . / .  /                                  \___'          \     /
    /  /  _/ /    +                                       |           \   /
   '  (__/                                               /              \/
                                                       /                  \
  NMAP IS A POWERFUL TOOL -- USE CAREFULLY AND RESPONSIBLY
Configured with: ndiff zenmap nping lua ncat
Configured without: localdirs openssl nmap-update
Type make (or gmake on some *BSD machines) to compile.
WARNING: You are compiling without OpenSSL

[root@host1 nmap-7.01]#  make && make install
/usr/bin/install -c -c -m 644 docs/ncat.1 /usr/local/share/man/man1/ncat.1
make[1]: 离开目录“/data/nmap-7.01/ncat”
cd ndiff && /usr/bin/python2 setup.py install --prefix "/usr/local" 
running install
running build
running build_py
running build_scripts
running install_lib
copying build/lib/ndiff.py -> /usr/local/lib/python2.7/site-packages
byte-compiling /usr/local/lib/python2.7/site-packages/ndiff.py to ndiff.pyc
running install_scripts
copying build/scripts-2.7/ndiff -> /usr/local/bin
changing mode of /usr/local/bin/ndiff to 755
running install_data
copying docs/ndiff.1 -> /usr/local/share/man/man1
running install_egg_info
make[1]: 进入目录“/data/nmap-7.01/nping”
/usr/bin/install -c -d /usr/local/bin /usr/local/share/man/man1
/usr/bin/install -c -c -m 755 nping /usr/local/bin/nping
/usr/bin/strip -x /usr/local/bin/nping
/usr/bin/install -c -c -m 644 docs/nping.1 /usr/local/share/man/man1/
NPING SUCCESSFULLY INSTALLED
make[1]: 离开目录“/data/nmap-7.01/nping”
NMAP SUCCESSFULLY INSTALLED
3:检验是否安装成功
[root@host1 ~]# nmap -v

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:46 CST
Read data files from: /usr/local/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.03 seconds
           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
 
 
二、Nmap端口扫描使用
 
命令详解
nmap -sS -P0 -sV -O <target>
这里的 < target > 可以是单一 IP, 或主机名,或域名,或子网
-sS TCP SYN 扫描 (又称半开放,或隐身扫描)
-P0 允许你关闭 ICMP pings.
-sV 打开系统版本检测
-O 尝试识别远程操作系统
其它选项:
-A 同时打开操作系统指纹和版本检测
-v 详细输出扫描情况
 
1:扫描单个主机地址 
[root@host1 ~]# nmap 192.168.1.101

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:48 CST
Nmap scan report for 192.168.1.101
Host is up (0.000012s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
2:扫描一个子网内主机 
[root@host1 ~]# nmap 192.168.1.1/24

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST
Nmap scan report for 192.168.1.1
Host is up (0.00088s latency).
Not shown: 941 filtered ports, 56 closed ports
PORT    STATE SERVICE
23/tcp  open  telnet
80/tcp  open  http
443/tcp open  https
MAC Address: DC:DA:80:83:C2:A6 (Unknown)

Nmap scan report for 192.168.1.2
Host is up (0.00080s latency).
Not shown: 992 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49157/tcp open  unknown
MAC Address: F0:DE:F1:A5:64:10 (Wistron InfoComm (Kunshan)Co)

Nmap scan report for 192.168.1.3
Host is up (0.00086s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 04:D9:F5:20:11:36 (Unknown)

Nmap scan report for 192.168.1.5
Host is up (0.0040s latency).
All 1000 scanned ports on 192.168.1.5 are filtered
MAC Address: 04:D9:F5:20:10:83 (Unknown)

Nmap scan report for 192.168.1.8
Host is up (0.0018s latency).
Not shown: 999 filtered ports
PORT     STATE SERVICE
1080/tcp open  socks
MAC Address: 04:D4:C4:1F:F8:3A (Unknown)

Nmap scan report for 192.168.1.9
Host is up (0.0038s latency).
All 1000 scanned ports on 192.168.1.9 are filtered
MAC Address: A8:5E:45:D0:D1:94 (Unknown)

Nmap scan report for 192.168.1.10
Host is up (0.00075s latency).
Not shown: 996 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
10010/tcp open  rxapi
MAC Address: B4:2E:99:8F:7A:42 (Unknown)

Nmap scan report for 192.168.1.11
Host is up (0.00034s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
5357/tcp open  wsdapi
MAC Address: 10:E7:C6:E0:ED:CB (Unknown)

Nmap scan report for 192.168.1.15
Host is up (0.0018s latency).
Not shown: 998 filtered ports
PORT     STATE SERVICE
5357/tcp open  wsdapi
8002/tcp open  teradataordbms
MAC Address: 18:C0:4D:27:3E:5A (Unknown)

Nmap scan report for 192.168.1.16
Host is up (0.0017s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
88/tcp  open  kerberos-sec
445/tcp open  microsoft-ds
631/tcp open  ipp
MAC Address: 68:FE:F7:09:EC:B7 (Unknown)

Nmap scan report for 192.168.1.17
Host is up (0.0022s latency).
Not shown: 996 filtered ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
5357/tcp open  wsdapi
MAC Address: 00:E0:4C:36:03:5A (Realtek Semiconductor)

Nmap scan report for 192.168.1.108
Host is up (0.0052s latency).
Not shown: 999 filtered ports
PORT     STATE SERVICE
5357/tcp open  wsdapi
MAC Address: 80:FA:5B:48:7A:E9 (Clevo)

Nmap scan report for 192.168.1.101
Host is up (0.0000090s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
8080/tcp open  http-proxy

Nmap done: 256 IP addresses (13 hosts up) scanned in 916.18 seconds
3:扫描某个范围主机 
[root@host1 ~]# nmap 192.168.1.1-100

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST
4:扫描多个主机地址 
[root@host1 ~]# nmap 192.168.1.100  192.168.1.101

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:48 CST
5:ping扫描存活IP主机 
[root@host1 ~]# nmap -sP 192.168.1.0/24

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST
6:指定扫描端口 
[root@host1 ~]# nmap -p80,443,1433 192.168.1.1

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST
7:常用扫描命令 
[root@host1 ~]#  nmap -sV -Pn 192.168.1.1 -v -n

Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-29 22:52 CST
posted @ 2020-08-24 14:16  一颗小豆子  阅读(929)  评论(0编辑  收藏  举报