记录nmap常用的命令

  刚开始接触nmap,现慢慢记录几条自己常用的命令,后期慢慢增删。

  1、nmap -sS -P0 -A -v < target >

测试一台服务器,显示结果如下:

C:\>nmap -sS -P0 -A -v 192.168.33.10

Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-20 08:49 中国标准时间
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Parallel DNS resolution of 1 host. at 08:49
Completed Parallel DNS resolution of 1 host. at 08:49, 0.01s elapsed
Initiating SYN Stealth Scan at 08:49
Scanning 192.168.33.10 [1000 ports]
Discovered open port 3389/tcp on 192.168.33.10
Discovered open port 3306/tcp on 192.168.33.10
Discovered open port 139/tcp on 192.168.33.10
Discovered open port 80/tcp on 192.168.33.10
Discovered open port 135/tcp on 192.168.33.10
Discovered open port 445/tcp on 192.168.33.10
Discovered open port 49152/tcp on 192.168.33.10
Discovered open port 49157/tcp on 192.168.33.10
Discovered open port 49156/tcp on 192.168.33.10
Discovered open port 49155/tcp on 192.168.33.10
Discovered open port 49153/tcp on 192.168.33.10
Discovered open port 49154/tcp on 192.168.33.10
Completed SYN Stealth Scan at 08:50, 1.80s elapsed (1000 total ports)
Initiating Service scan at 08:50
Scanning 12 services on 192.168.33.10
Service scan Timing: About 58.33% done; ETC: 08:51 (0:00:35 remaining)
Completed Service scan at 08:50, 53.73s elapsed (12 services on 1 host)
Initiating OS detection (try #1) against 192.168.33.10
Initiating Traceroute at 08:50
Completed Traceroute at 08:50, 1.02s elapsed
Initiating Parallel DNS resolution of 5 hosts. at 08:50
Completed Parallel DNS resolution of 5 hosts. at 08:50, 0.01s elapsed
NSE: Script scanning 192.168.33.10.
Initiating NSE at 08:50
Completed NSE at 08:51, 27.28s elapsed
Nmap scan report for 192.168.33.10
Host is up (0.0054s latency).
Not shown: 988 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.7 ((Win32) OpenSSL/1.0.1e PHP/5.
5.10)
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
| http-robots.txt: 9 disallowed entries
|_/admi /temp /in /php /js /up /co /edit /css
|_http-title: \xE4\xB8\xAD\xE5\x9B\xBD\xE4\xBA\xBA\xE6\xB0\x91\xE6\x94\xBF\xE6\x
B2\xBB\xE5\x8D\x8F\xE5\x95\x86\xE4\xBC\x9A\xE8\xAE\xAE\xE5\xB1\xB1\xE4\xB8\x9C\x
E7\x9C\x81\xE5\xA7\x94\xE5\x91\x98\xE4\xBC\x9A
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open netbios-ssn
3306/tcp open mysql MySQL (unauthorized)
3389/tcp open ms-wbt-server?
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
Device type: general purpose
Running: Microsoft Windows 2008|7
OS CPE: cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_7::-
cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8
OS details: Microsoft Windows Server 2008 SP2, Microsoft Windows 7 SP0 - SP1, Wi
ndows Server 2008 SP1, or Windows 8
Uptime guess: 1.944 days (since Tue Mar 18 10:12:03 2014)
Network Distance: 5 hops
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: Busy server or unknown class
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| nbstat:
| NetBIOS name: WWW-SERVER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:8e:
63:7a (VMware)
| Names
| WWW-SERVER<00> Flags: <unique><active>
| WORKGROUP<00> Flags: <group><active>
|_ WWW-SERVER<20> Flags: <unique><active>
| smb-os-discovery:
| OS: Windows Server 2008 R2 Enterprise 7601 Service Pack 1 (Windows Server 20
08 R2 Enterprise 6.1)
| OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
| Computer name: www-server
| NetBIOS computer name: WWW-SERVER
| Workgroup: WORKGROUP
|_ System time: 2014-03-20T08:50:59+08:00
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server supports SMBv2 protocol

TRACEROUTE (using port 22/tcp)
HOP RTT ADDRESS
1 2.00 ms 192.168.152.1
2 2.00 ms 192.168.5.5
3 26.00 ms 192.168.5.206
4 8.00 ms 192.168.5.9
5 3.00 ms 192.168.33.10

NSE: Script Post-scanning.
Read data files from: D:\Program Files (x86)\nmap
OS and Service detection performed. Please report any incorrect results at http:
//nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 89.22 seconds
Raw packets sent: 1031 (46.390KB) | Rcvd: 1031 (42.196KB)

posted on 2014-03-20 09:08  dudemonkey  阅读(1734)  评论(0编辑  收藏  举报

导航