nmap:网络探测工具和安全/端口扫描器
简介nmap命令是一款开放源代码的网络探测和安全审核工具,是Network Mapper的缩写。其设计目的是快速的扫描大型网络。nmap可以发现网络上有哪些主机,主机提供了什么服务器,并探测操作系统的类型及版本信息。 如果系统没有nmap命令,则可以使用下面的命令来安装: yum -y install nmap
说明
nmap命令是一款开放源代码的网络探测和安全审核工具,是Network Mapper的缩写。其设计目的是快速的扫描大型网络。nmap可以发现网络上有哪些主机,主机提供了什么服务器,并探测操作系统的类型及版本信息。
如果系统没有nmap命令,则可以使用下面的命令来安装:
yum -y install nmap
格式
nmap [扫描类型] [选项] [扫描目标]
常用参数
- -sS:TCP同步扫描
- -sT:TCP连接扫描
- -sn:不进行端口扫描,只检查主机正在运行
- -sV:探测服务器版本信息
- -O:获取主机的标志,也就是操作系统类型
- -p<端口>:指定要扫描的端口,可以是一个单独的端口,也可以用逗号分给开多个端口,还可以使用”-“表示一个端口范围
- -n:不进行DNS解析,加快扫描速度
- -v:显示扫描过程中的详细信息
示例
1、查看主机当前开放的端口
[root@localhost ~]# nmap 192.168.71.108
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-21 17:04 CST
Nmap scan report for 192.168.71.108
Host is up (0.00018s latency).#目标主机正在运行
Not shown: 997 closed ports #997个关闭的端口
PORT STATE SERVICE
22/tcp open ssh #22端口提供SSH服务
80/tcp open http #80端口提供http服务
3306/tcp open mysql #3306端口提供mysql服务
MAC Address: 00:0C:29:1E:D8:26 (VMware) #目标主机的mac地址
Nmap done: 1 IP address (1 host up) scanned in 32.95 seconds
2、扫描主机的指定端口
[root@localhost ~]# nmap -p 80 192.168.71.108
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-21 17:06 CST
Nmap scan report for 192.168.71.108
Host is up (0.00033s latency).
PORT STATE SERVICE
80/tcp open http
MAC Address: 00:0C:29:1E:D8:26 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 13.44 seconds
[root@localhost ~]#
[root@localhost ~]# nmap -p 80,3306 192.168.71.108
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-21 17:06 CST
Nmap scan report for 192.168.71.108
Host is up (0.00030s latency).
PORT STATE SERVICE
80/tcp open http
3306/tcp open mysql
MAC Address: 00:0C:29:1E:D8:26 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 14.45 seconds
[root@localhost ~]#
[root@localhost ~]# nmap -p 1-10000 192.168.71.108
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-21 17:07 CST
Nmap scan report for 192.168.71.108
Host is up (0.0016s latency).
Not shown: 9997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
MAC Address: 00:0C:29:1E:D8:26 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 15.40 seconds
3、扫描局域网内所有的IP
[root@localhost ~]# nmap 192.168.71.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-21 17:11 CST
Nmap scan report for 192.168.71.1
Host is up (0.00075s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
443/tcp open https
902/tcp open iss-realsecure
912/tcp open apex-mesh
5357/tcp open wsdapi
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.71.2
Host is up (0.00024s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
53/tcp filtered domain
MAC Address: 00:50:56:F5:F6:48 (VMware)
Nmap scan report for 192.168.71.108
Host is up (0.00051s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
MAC Address: 00:0C:29:1E:D8:26 (VMware)
Nmap scan report for 192.168.71.254
Host is up (-0.10s latency).
All 1000 scanned ports on 192.168.71.254 are filtered
MAC Address: 00:50:56:F4:6C:04 (VMware)
4、扫描局域网内在运行的主机
[root@localhost ~]# nmap -sn 192.168.71.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-20 06:01 EDT
Nmap scan report for 192.168.71.1
Host is up (0.00010s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.71.2
Host is up (0.000091s latency).
MAC Address: 00:50:56:F5:F6:48 (VMware)
Nmap scan report for 192.168.71.107
Host is up (0.00031s latency).
MAC Address: 00:0C:29:0B:D8:26 (VMware)
Nmap scan report for 192.168.71.254
Host is up (0.00043s latency).
MAC Address: 00:50:56:F4:6C:04 (VMware)
Nmap scan report for 192.168.71.108
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 27.87 seconds
5、扫描指定范围内进行扫描
[root@localhost ~]# nmap -sn 192.168.71.100-108
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-20 06:03 EDT
Nmap scan report for 192.168.71.107
Host is up (0.00013s latency).
MAC Address: 00:0C:29:0B:D8:26 (VMware)
Nmap scan report for 192.168.71.108
Host is up.
Nmap done: 9 IP addresses (2 hosts up) scanned in 26.34 seconds
6、探测目标主机的服务和操作系统版本
[root@localhost ~]# nmap -O -sV 192.168.71.108
Starting Nmap 6.40 ( http://nmap.org ) at 2018-06-21 17:20 CST
Nmap scan report for 192.168.71.108
Host is up (0.00066s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.4 (protocol 2.0)
80/tcp open http nginx
3306/tcp open mysql MySQL (unauthorized)
MAC Address: 00:0C:29:1E:D8:26 (VMware)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.40%E=4%D=6/21%OT=22%CT=1%CU=35805%PV=Y%DS=1%DC=D%G=Y%M=000C29%T
OS:M=5B2B6E11%P=x86_64-redhat-linux-gnu)SEQ(SP=108%GCD=1%ISR=103%TI=Z%CI=I%
OS:TS=A)SEQ(SP=108%GCD=1%ISR=103%TI=Z%CI=I%II=I%TS=A)OPS(O1=M5B4ST11NW7%O2=
OS:M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)WI
OS:N(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN(R=Y%DF=Y%T=40%W=39
OS:08%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3
OS:(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=
OS:Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=
OS:Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%R
OS:IPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 1 hop
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 34.48 seconds
上面输出的信息中不仅包含了端口号,而且还包含了服务的版本号。在网络安全要求较高的主机上,最好能够屏蔽服务版本号,以防止黑客利用特定版本存在的漏洞进行攻击。