108月

nmap命令—–基础用法 – nmap

nmap港口限制解析
open : 在该港口收执应用程式 TCP 衔接或 UDP 通信。  
closed :完全关闭的港口属于nmap亦可要求的, 它收执nmap探测通信并作出答案。再无监控应用程式。 
filtered :包过滤转移检测音讯抵达港口,nmap无法决定该港口条件吐艳。过滤可能性源自专业用作防火墙稳固,路由有规律的 或许使干燥上的软件用作防火墙。
unfiltered :非过滤限制平均数港口是可要求的。,再nmap无法决定它是吐艳不断地完全关闭。 仅用于映照用作防火墙有规律的集 ACK 扫描将港口分类学为该限制。。
open | filtered :无法决定港口条件翻开或过滤。, 吐艳港口无答案是一事例。无答案也可能性平均数包渗透戒除了探测音讯。。UDP,IP协定,FIN, Null 等扫描将惹起。
闭滤波:(完全关闭或过滤):不可能的性决定港口条件被完全关闭或过滤。

nmap有windows和linux

NMAP是一难得的使对某人有利的网状物扫描和使干燥检测器。。NMAP不限于仅搜集通信和细目,它还可以用作进洞侦察器或牢固的扫描设备。。可应用于WiODWS,linux,MAC和如此等等执行系统

EXE包和zip包可以从下面的下载中下载

nmap经用限制因素

nmap扫描爆炸要比nc快

人脸是稍微根本命令的事例及其用法:扫描隐居的使干燥,命令如次:

早期预备

预备两台机具

主持节目A:ip地址

主持节目B:ip地址 10.0.1.162

B机具勃起的nmap的包(这么地器比较地权力大的,勃起的每台机具是会议。

早期预备

B机具应用nmap去扫描A机具,扫描前,机具率先反省孰港口被使从事。

在当地人机具上检查当地人IPv4的监听港口

NETSTAT限制因素解说:

-l  (听) 仅列出 Listen (监控人员) 的维修

-t  (TCP) 只显示TCP有关主题

-n (数字) IP地址和港口的直觉的显示,不解析为维修名或使干燥名

-p (PID) 显示套接字所属的促进PID 列队行进的著名的人物

–inet 监控IPv4互插协定

在IPv4港口上检查TCP的侦听器

netstat -lntp –inet

[根] A ~]# netstat   -lntp    --inet
Active Internet connections (仅) 维修器)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2157/sshd           
tcp        0      0 :631               0.0.0.0:*                   LISTEN      1930/cupsd          
tcp        0      0 :25                0.0.0.0:*                   LISTEN      2365/master         
tcp        0      0 0.0.0.0:13306               0.0.0.0:*                   LISTEN      21699/mysqld        
tcp        0      0 0.0.0.0:873                 0.0.0.0:*                   LISTEN      2640/rsync          
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      21505/rpcbind       
[根] A ~]# 

 过滤监控港口

[根] A ~]# netstat   -lntp    --inet | grep -v 
Active Internet connections (仅) 维修器)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2157/sshd           
tcp        0      0 0.0.0.0:13306               0.0.0.0:*                   LISTEN      21699/mysqld        
tcp        0      0 0.0.0.0:873                 0.0.0.0:*                   LISTEN      2640/rsync          
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      21505/rpcbind       
[根] A ~]# 

扫描TCP港口

B机具上应用nmap扫描A机具各种的港口(-p前面也可以跟空格)

下面表现扫描A机具的1到65535各种的在监听的tcp港口。

nmap  -p1-65535

详述应用-p限制因素的港口眼界,以防未详述要扫描的港口,Nmap默许扫描从1到1024添加nmap-services列出的港口

nmap-services是一包住大概2200个著名的维修的数据库,NMAP可以经过查询TH来报道那些的港口可能性对应的维修器。,但不稳定的本来的。

呼应地,扫描机具的吐艳港口的本来的方式是应用下面的命令。。-p1-65535

注意到,nmap有本人的库,希腊字母第12字稍微已知的维修和呼应的港口号,假设非常维修不在意的nmap-services,可能性nmap就不熟练的去扫描,这平均数稍微港口曾经在监听。,nmap默许没扫描出狱的理智,必要添加-p限制因素来扫描各种的港口。。

憎恨直觉的应用nmap 吐艳港口也可以被扫描。,再应用-P1-655 35 可以显示至多的港口

拆移依赖无添加-p。 时,展开是已知协定的港口。,未知协定的港口不显示

 

[根] B ~]# nmap    -p1-65535

Starting Nmap 5.51 (  ) at 2016-12-29 10:11 CST
Nmap scan report for 
Host is up (0.00017s 骤退)
Not shown: 65531 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
111/tcp   open  rpcbind
873/tcp   open  rsync
13306/tcp open  unknown
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host 爬坡) scanned in 2.49 seconds
[根] B ~]# 

  以防无-P1-655 35被添加,属于未知维修的港口(A机具的13306港口)就没治扫描到

[根] B ~]# nmap  

Starting Nmap 5.51 (  ) at 2016-12-29 10:12 CST
Nmap scan report for 
Host is up (0.000089s 骤退)
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
873/tcp open  rsync
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host 爬坡) scanned in 0.43 seconds
[根] B ~]# 

 

 

扫描一IP的多个港口

延续港口可以与穿插线衔接。,港口可以用逗号切断。

在一台机具上重新开始两个TCP侦听器,拆移使从事7777个港口和8888个港口,用于受试验,添加和署名可以放在配乐

[根] A ~]# nc -l 7777&
[1] 21779
[根] A ~]# nc -l 8888&
[2] 21780
[根] A ~]# 
[根] B ~]# nmap     -p20-200,7777,8888

Starting Nmap 5.51 (  ) at 2016-12-29 10:32 CST
Nmap scan report for 
Host is up (0.00038s 骤退)
Not shown: 179 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
7777/tcp open  cbt
8888/tcp open  sun-answerbook
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host 爬坡) scanned in 0.17 seconds
[根] B ~]# 

扫描UDP港口

 看一眼哪个IPv4率先监控,应用GRIP v干掉环路代言人上的监控人员

netstat -lnup --inet |grep -v 
[根] A ~]# netstat -lnup --inet |grep -v 
Active Internet connections (仅) 维修器)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               21505/rpcbind       
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               1930/cupsd          
udp        0      0 :123              0.0.0.0:*                               2261/ntpd           
udp        0      0 0.0.0.0:123                 0.0.0.0:*                               2261/ntpd           
udp        0      0 0.0.0.0:904                 0.0.0.0:*                               21505/rpcbind       
[根] A ~]# 

-sU:代表UDP scan , 港口扫描

-Pn:不要ping目的(不决定使干燥条件联机)(直觉的)

属于港口扫描比较地慢,扫描超越6万个港口大概必要20分钟。

[根] B ~]# nmap  -sU    -Pn

Starting Nmap 5.51 (  ) at 2016-12-29 10:16 CST
Stats: 0:12:54 elapsed; 0 hosts completed (1 爬坡), 1 undergoing UDP Scan
UDP Scan Timing: About 75.19% done; ETC: 10:33 (0:04:16 顺差的)
Stats: 0:12:55 elapsed; 0 hosts completed (1 爬坡), 1 undergoing UDP Scan
UDP Scan Timing: About 75.29% done; ETC: 10:33 (0:04:15 顺差的)
Nmap scan report for 
Host is up (0.0011s 骤退)
Not shown: 997 closed ports
PORT    STATE         SERVICE
111/udp open          rpcbind
123/udp open          ntp
631/udp 开滤波 ipp
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host 爬坡) scanned in 1081.27 seconds
[根] B ~]# 

扫描多IP应用

中心区分居

[根] B ~]# nmap   10.0.1.162

Starting Nmap 5.51 (  ) at 2016-12-29 10:18 CST
Nmap scan report for 
Host is up (0.000060s 骤退)
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
873/tcp open  rsync
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap scan report for 10.0.1.162
Host is up (0.0000070s 骤退)
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind

Nmap done: 2 IP addresses (2 hosts 爬坡) scanned in 0.26 seconds
[根] B ~]# 

它也可以用以下逗号切断

nmap ,162

[根] B ~]# nmap ,162

Starting Nmap 5.51 (  ) at 2016-12-29 10:19 CST
Nmap scan report for 
Host is up (0.00025s 骤退)
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
873/tcp open  rsync
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap scan report for 10.0.1.162
Host is up (0.0000080s 骤退)
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind

Nmap done: 2 IP addresses (2 hosts 爬坡) scanned in 0.81 seconds
[根] B ~]# 

扫描延续IP地址

[根] B ~]# nmap -162

Starting Nmap 5.51 (  ) at 2016-12-29 10:20 CST
Nmap scan report for 
Host is up (0.00011s 骤退)
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
873/tcp open  rsync
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap scan report for 10.0.1.162
Host is up (0.0000030s 骤退)
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind

Nmap done: 2 IP addresses (2 hosts 爬坡) scanned in 0.25 seconds
[根] B ~]# 

扫描各种的IP的子网段

[根] B ~]# nmap  10.0.3.0/24

Starting Nmap 5.51 (  ) at 2016-12-29 10:21 CST
Nmap scan report for 10.0.3.1
Host is up (0.020s 骤退)
Not shown: 997 closed ports
PORT     STATE SERVICE
23/tcp   open  telnet
6666/tcp open  irc
8888/tcp open  sun-answerbook

Nmap scan report for 10.0.3.2
Host is up (0.012s 骤退)
Not shown: 997 closed ports
PORT   STATE    SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp open     telnet

Nmap scan report for 10.0.3.3
Host is up (0.018s 骤退)
Not shown: 997 closed ports
PORT   STATE    SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp open     telnet

Nmap done: 256 IP addresses (3 hosts 爬坡) scanned in 14.91 seconds
[根] B ~]# 

扫描论文打中IP

以防你有一IP地址列表,将此对自然环境的保护为TXT论文,在类似登记分类中应用NAMP,扫描此TXT打中各种的使干燥,用法如次

[根] B ~]# cat ip.txt 

10.0.1.162
[根] B ~]# nmap -iL ip.txt 

Starting Nmap 5.51 (  ) at 2016-12-29 10:23 CST
Nmap scan report for 
Host is up (0.00030s 骤退)
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
873/tcp open  rsync
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap scan report for 10.0.1.162
Host is up (0.0000070s 骤退)
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind

Nmap done: 2 IP addresses (2 hosts 爬坡) scanned in 0.68 seconds
[根] B ~]# 

扫描地址部件是干掉IP地址。

nmap -162  --exclude 10.0.1.162

用法如次

[根] B ~]# nmap -162  --exclude 10.0.1.162

Starting Nmap 5.51 (  ) at 2016-12-29 10:24 CST
Nmap scan report for 
Host is up (0.0022s 骤退)
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
873/tcp open  rsync
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host 爬坡) scanned in 0.53 seconds
[根] B ~]# 

 

在扫描列队行进中干掉多个IP地址

干掉延续,可以应用穿插线衔接

nmap -163 --exclude 10.0.1.162-163
[根] B ~]# nmap -163   --exclude 10.0.1.162-163

Starting Nmap 5.51 (  ) at 2016-12-29 10:25 CST
Nmap scan report for 
Host is up (0.00023s 骤退)
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
873/tcp open  rsync
MAC Address: 00:0:0:56:56:DE:46 (VMware)

Nmap done: 1 IP address (1 host 爬坡) scanned in 0.56 seconds
[根] B ~]# 

干掉疏散,用逗号切断

nmap -163 --exclude ,
[根] B ~]# nmap -163 --exclude ,

Starting Nmap 5.51 (  ) at 2016-12-29 10:27 CST
Nmap scan report for 10.0.1.162
Host is up (0.0000030s 骤退)
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind

Nmap done: 1 IP address (1 host 爬坡) scanned in 0.12 seconds
[根] B ~]# 

当扫描多个地址时,论文打中IP地址被干掉在外。

(可以用来干掉不延续的IP地址)

向论文中添加和添加,论文著名的人物可以恣意应用

以下扫描 这3个IP地址,干掉和这两个IP

nmap -163  --excludefile ex.txt
[根] B ~]# cat ex.txt 


[根] B ~]# nmap -163  --excludefile ex.txt

Starting Nmap 5.51 (  ) at 2016-12-29 10:29 CST
Nmap scan report for 10.0.1.162
Host is up (0.0000050s 骤退)
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind

Nmap done: 1 IP address (1 host 爬坡) scanned in 0.18 seconds
[根] B ~]# 

发表评论

电子邮件地址不会被公开。 必填项已用*标注