用于Linux系统/网络管理的nmap命令的实例
2024-04-30 02:07:30
nmap即网络映射器,是一个用于Linux系统/网络管理的开源和用途很广的工具。nmap用于在远程主机上探索网络,执行安全扫描,网络审计和查找开放端口。它扫描实时主机,操作系统,包过滤和在远程主机上运行的开放端口。
我将用两个不同部分讨论大部分namp用法,并且这是nmap系列的第一部分。这是这里的设置,我使用了三台没有防火墙的服务器测试nmap命令的作用。
- 192.168.50.74 CentOS7.blctrl.com
- 192.168.50.150 RockyLinux.blctrl.com
- 192.168.50.215 CentOS6.blctrl.com
nmap命令用法
# nmap [Scan Type(s)] [Options] {target specicication}如何在Linux中安装nmap
大部分现在的如RedHat, RockyLinux和Ubuntu的Linux发行版在它们称为YUM和APT的默认包管理仓库中已经包含了nmap。这两个工具都是用于安装和管理软件包和更新。使用以下命令在特定发行版上安装nmap。
# dnf (yum) install nmap [on Red Hat based systems]$ sudo apt-get install nmap [on Debian based systems]一旦你安装了最新的nmap程序,你可以按照在此文中提供的实例说明。
1、用主机名和IP地址扫描一个系统
nmap工具提供了扫描一个系统的各种方法。在这个示例中,以主机名CentOS7.blctrl.com执行一个扫描来找到在这个系统上所有开放端口,服务以及MAC地址。
使用主机名扫描
[root@areadetector blctrl]# nmap CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 09:01 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00057s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)使用IP地址扫描
[root@areadetector blctrl]# nmap 192.168.50.74
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 09:02 C ST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00063s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 1.57 seconds2、使用‘-v’选项扫描
你可以看到以下带有'-v'选项的命令给出了有关远程主机更详细的信息。
[root@areadetector blctrl]# nmap -v CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 09:04 CST
Initiating ARP Ping Scan at 09:04
Scanning CentOS7.blctrl.com (192.168.50.74) [1 port]
Completed ARP Ping Scan at 09:04, 0.21s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 09:04
Scanning CentOS7.blctrl.com (192.168.50.74) [1000 ports]
Discovered open port 80/tcp on 192.168.50.74
Discovered open port 111/tcp on 192.168.50.74
Discovered open port 443/tcp on 192.168.50.74
Discovered open port 8443/tcp on 192.168.50.74
Discovered open port 6666/tcp on 192.168.50.74
Completed SYN Stealth Scan at 09:04, 1.26s elapsed (1000 total ports)
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00016s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.57 secondsRaw packets sent: 1002 (44.072KB) | Rcvd: 1002 (40.088KB)3、扫描多台主机
你只要通过与nmap一起写多台主机的IP地址或主机名扫描这多台主机。
[root@areadetector blctrl]# nmap CentOS7.blctrl.com CentOS6.blctrl.com 192.168.50.150
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 09:06 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00037s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap scan report for CentOS6.blctrl.com (192.168.50.215)
Host is up (0.00018s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:16:D3:AF:46:14 (Wistron)Nmap scan report for RockyLinux.blctrl.com (192.168.50.150)
Host is up (0.0000090s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysqlNmap done: 3 IP addresses (3 hosts up) scanned in 194.29 seconds4、扫描整个子网
你可以通过提供*通配符给nmap,用nmap扫描整个子网或者IP范围。
[root@areadetector blctrl]# nmap 192.168.50.*
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 09:11 CST
Nmap scan report for RT-AC68U-9750 (192.168.50.1)
Host is up (0.00030s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
515/tcp open printer
9100/tcp open jetdirect
MAC Address: 04:D4:C4:42:97:50 (Unknown)Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00039s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap scan report for CentOS6.blctrl.com (192.168.50.215)
Host is up (0.00017s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:16:D3:AF:46:14 (Wistron)Nmap scan report for RockyLinux.blctrl.com (192.168.50.150)
Host is up (0.000011s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysqlNmap done: 256 IP addresses (4 hosts up) scanned in 1616.60 seconds
在以上输出中,你可以看到nmap扫描了整个子网并且给出了在网络中开启的那些主机的信息。
5、使用IP地址末尾十进制数值扫描多个服务器
你可以通过指定IP地址的最后一位十进制数值扫描多个IP地址。例如,我在这里在IP地址192.168.50.74, 192.168.50.150和192.168.50.215上执行扫描。
[root@areadetector blctrl]# nmap 192.168.50.74,150,215
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 09:46 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00036s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap scan report for CentOS6.blctrl.com (192.168.50.215)
Host is up (0.00018s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:16:D3:AF:46:14 (Wistron)Nmap scan report for RockyLinux.blctrl.com (192.168.50.150)
Host is up (0.000025s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysqlNmap done: 3 IP addresses (3 hosts up) scanned in 196.41 seconds6、从一个文件扫描主机列表
如果你有多个主机要扫描并且所有主机被写入一个文件中,你可以直接请求nmap读取那个文件并且执行扫描。让我们看那如何做。
创建一个名为nmaptext.txt的文本文件并且定义你想要进行扫描的所有服务器的IP地址或主机名。
[root@areadetector blctrl]# cat nmaptest.txt
192.168.50.74
192.168.50.150
192.168.50.215接着,执行带有选项“-iL”的nmap命令来扫描在这个文件中所有列出的IP地址。
[root@areadetector blctrl]# nmap -iL nmaptest.txt
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 09:51 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00035s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap scan report for CentOS6.blctrl.com (192.168.50.215)
Host is up (0.00019s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:16:D3:AF:46:14 (Wistron)Nmap scan report for RockyLinux.blctrl.com (192.168.50.150)
Host is up (0.0000080s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql7、扫描一个IP地址范围
你可以在用nmap执行扫描时指定一个IP地址范围。
[root@areadetector blctrl]# nmap 192.168.50.70-220
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 09:57 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00035s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap scan report for CentOS6.blctrl.com (192.168.50.215)
Host is up (0.00018s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:16:D3:AF:46:14 (Wistron)Nmap scan report for RockyLinux.blctrl.com (192.168.50.150)
Host is up (0.0000090s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysqlNmap done: 151 IP addresses (3 hosts up) scanned in 127.80 seconds8、扫描排除指定远程主机的网络
你可以在执行完整网络扫描时或者当你用通配符扫描时,用"--exclude"选项排除某些主机。
[root@areadetector blctrl]# nmap 192.168.50.70-220 --exclude 192.168.50.80-200
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 10:02 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00036s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap scan report for CentOS6.blctrl.com (192.168.50.215)
Host is up (0.00018s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:16:D3:AF:46:14 (Wistron)Nmap done: 30 IP addresses (2 hosts up) scanned in 216.13 seconds
9、扫描OS信息和跟踪路由
用nmap,你可以探测在远程主机上哪个OS和版本正在运行。要使能OS和版本探测,脚本扫描和跟踪路由,我们可以对nmap使用"-A"选项。
[root@areadetector blctrl]# nmap -A 192.168.50.74
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 10:09 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00056s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5)
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5
|_http-title: Apache HTTP Server Test Page powered by CentOS
111/tcp open rpcbind 2-4 (RPC #100000)
| rpcinfo:
| program version port/proto service
| 100000 2,3,4 111/tcp rpcbind
|_ 100000 2,3,4 111/udp rpcbind
443/tcp open ssl/http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5)
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5
|_http-title: Apache HTTP Server Test Page powered by CentOS
| ssl-cert: Subject: commonName=localhost/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
| Not valid before: 2022-06-27T07:46:11
|_Not valid after: 2023-06-27T07:46:11
|_ssl-date: TLS randomness does not represent time
6666/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey:
| 2048 72:e3:57:7f:94:92:d5:ed:0b:90:8c:fc:12:06:2b:56 (RSA)
| 256 f7:58:5e:5c:54:27:f5:5b:bc:97:ef:d1:4a:7f:bd:c6 (ECDSA)
|_ 256 e4:34:0d:da:64:ce:b0:83:8d:18:9c:31:3e:61:4d:57 (ED25519)
8443/tcp open ssl/http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5)
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5
|_http-title: Apache HTTP Server Test Page powered by CentOS
| ssl-cert: Subject: commonName=localhost4.localdomain4/organizationName=example.com/countryName=US
| Subject Alternative Name: DNS:localhost4.localdomain4
| Not valid before: 2022-06-27T07:43:14
|_Not valid after: 2026-06-27T07:43:14
|_ssl-date: TLS randomness does not represent time
MAC Address: 00:19:0F:3D:C9:3D (Advansus)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hopTRACEROUTE
HOP RTT ADDRESS
1 0.56 ms CentOS7.blctrl.com (192.168.50.74)OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 17.58 seconds在以上输出中,我们看到了nmap和在远程主机上运行的OS的TCP/IP指纹一起出现并且有关在远程主机上运行的端口和服务更加具体。
10、对nmap使能OS探测
使用选项"-O"和"-osscan-guess"也帮助发现OS信息。
[root@areadetector blctrl]# nmap -O CentOS6.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 10:30 CST
Nmap scan report for CentOS6.blctrl.com (192.168.50.215)
Host is up (0.00025s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:16:D3:AF:46:14 (Wistron)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X|3.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
OS details: Linux 2.6.32 - 3.10, Linux 2.6.32 - 3.13
Network Distance: 1 hopOS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.11 seconds11、扫描主机探测防火墙
以下命令将执行对远程主机的扫描来探测远程主机是否使用了任何包过滤器或者防火墙。
[root@areadetector blctrl]# nmap -sA 192.168.50.74
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 12:36 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00031s latency).
All 1000 scanned ports on CentOS7.blctrl.com (192.168.50.74) are unfiltered
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 1.58 seconds12、扫描一个主机来检查其是否被防火墙保护
要扫描一个主机它是否被任何包过滤器软件或防火墙保护。
[root@areadetector blctrl]# nmap -PN 192.168.50.74
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 12:37 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00023s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 1.56 seconds13、在一个网络中查找运行着的主机
使用"-sP"选项,我们可以只检查在网络中哪些主机运行着,用这个选项nmap忽略了端口探测和其它事情。
[root@areadetector blctrl]# nmap -sP 192.168.50.*
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 12:38 CST
Nmap scan report for RT-AC68U-9750 (192.168.50.1)
Host is up (0.00030s latency).
MAC Address: 04:D4:C4:42:97:50 (Unknown)
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (-0.18s latency).
MAC Address: 00:19:0F:3D:C9:3D (Advansus)
Nmap scan report for CentOS6.blctrl.com (192.168.50.215)
Host is up (0.00018s latency).
MAC Address: 00:16:D3:AF:46:14 (Wistron)
Nmap scan report for RockyLinux.blctrl.com (192.168.50.150)
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 3.79 seconds
14、执行快扫描
你可以有哦那个"-F"执行快扫描来扫描在nmap-services文件中列出的端口并且忽略所有其它端口。
[root@areadetector blctrl]# nmap -F 192.168.50.74
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 12:40 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00049s latency).
Not shown: 96 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 1.55 seconds15、查找nmap版本
你可以使用"-V"选项查找在你机器上运行的nmap版本。
[root@areadetector blctrl]# nmap -V
Nmap version 7.70 ( https://nmap.org )
Platform: x86_64-redhat-linux-gnu
Compiled with: liblua-5.3.3 openssl-1.1.1k libpcre-8.42 libpcap-1.9.1 nmap-libdnet-1.12 ipv6
Compiled without: libssh2 libz
Available nsock engines: epoll poll select16、连续地扫描duank
使用"-r"选项:不随机。
[root@areadetector blctrl]# nmap -r 192.168.50.74
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 12:42 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00060s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 1.56 seconds17、打印主机网卡和路由
[root@areadetector blctrl]# nmap --iflist
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 12:42 CST
************************INTERFACES************************
DEV (SHORT) IP/MASK TYPE UP MTU MAC
lo (lo) 127.0.0.1/8 loopback up 65536
lo (lo) ::1/128 loopback up 65536
enp4s0f2 (enp4s0f2) (none)/0 ethernet up 1500 18:60:24:A8:CD:E6
eno1 (eno1) (none)/0 ethernet up 1500 18:60:24:A8:CD:E3
ens4 (ens4) (none)/0 ethernet up 1500 00:1B:21:C2:20:96
virbr0 (virbr0) 192.168.122.1/24 ethernet up 1500 52:54:00:4C:7A:E5
br0 (br0) 192.168.50.150/24 ethernet up 1500 18:60:24:A8:CD:E3
br0 (br0) fe80::1a60:24ff:fea8:cde3/64 ethernet up 1500 18:60:24:A8:CD:E3
vnet0 (vnet0) (none)/0 ethernet up 1500 FE:54:00:DE:E9:55
vnet0 (vnet0) fe80::fc54:ff:fede:e955/64 ethernet up 1500 FE:54:00:DE:E9:55
vnet1 (vnet1) (none)/0 ethernet up 1500 FE:54:00:AF:EA:7B
vnet1 (vnet1) fe80::fc54:ff:feaf:ea7b/64 ethernet up 1500 FE:54:00:AF:EA:7B
vnet2 (vnet2) (none)/0 ethernet up 1500 FE:54:00:9C:88:3F
vnet2 (vnet2) fe80::fc54:ff:fe9c:883f/64 ethernet up 1500 FE:54:00:9C:88:3F
vnet3 (vnet3) (none)/0 ethernet up 1500 FE:54:00:86:11:03
vnet3 (vnet3) fe80::fc54:ff:fe86:1103/64 ethernet up 1500 FE:54:00:86:11:03
vnet5 (vnet5) (none)/0 ethernet up 1500 FE:54:00:CE:4B:29
vnet5 (vnet5) fe80::fc54:ff:fece:4b29/64 ethernet up 1500 FE:54:00:CE:4B:29**************************ROUTES**************************
DST/MASK DEV METRIC GATEWAY
192.168.122.0/24 virbr0 0
192.168.50.0/24 br0 425
0.0.0.0/0 br0 425 192.168.50.1
::1/128 lo 0
fe80::1a60:24ff:fea8:cde3/128 br0 0
fe80::fc54:ff:fe86:1103/128 vnet3 0
fe80::fc54:ff:fe9c:883f/128 vnet2 0
fe80::fc54:ff:feaf:ea7b/128 vnet1 0
fe80::fc54:ff:fece:4b29/128 vnet5 0
fe80::fc54:ff:fede:e955/128 vnet0 0
::1/128 lo 256
fe80::/64 vnet0 256
fe80::/64 vnet1 256
fe80::/64 vnet2 256
fe80::/64 vnet3 256
fe80::/64 vnet5 256
fe80::/64 br0 1024
ff00::/8 br0 256
ff00::/8 vnet0 256
ff00::/8 vnet1 256
ff00::/8 vnet2 256
ff00::/8 vnet3 256
ff00::/8 vnet5 256在以上输出中,你能够看到map列出了连接到你系统的网卡和它们各自的路由。
18、对特定端口扫描
有与nmap一起使用发现远程机器上端口的各种选项。你可以用"-p"选项指定你想要nmap扫描的端口,默认nmap只扫描TCP端口。
[root@areadetector blctrl]# nmap -p 80 CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 12:47 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00033s latency).PORT STATE SERVICE
80/tcp open http
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds19、扫描一个TCP端口
你可以指定用nmap扫描的特定端口类型和数值。
[root@areadetector blctrl]# nmap -p T:8888,80 CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 12:49 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00031s latency).PORT STATE SERVICE
80/tcp open http
8888/tcp closed sun-answerbook
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds20、扫描一个UDP端口
[root@areadetector blctrl]# nmap -sU CentOS7.blctrl.com -p 53
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 13:01 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00035s latency).PORT STATE SERVICE
53/udp closed domain
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds21、扫描多个端口
[root@areadetector blctrl]# nmap -p 80,6666,8888 CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 12:59 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00031s latency).PORT STATE SERVICE
80/tcp open http
6666/tcp open irc
8888/tcp closed sun-answerbook
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds22、通告端口范围扫描端口
[root@areadetector blctrl]# nmap -p 80-200 CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 13:08 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00041s latency).
Not shown: 119 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 1.56 seconds23、查找主机服务版本号
[root@areadetector blctrl]# nmap -sV CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 13:09 C ST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00027s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5)
111/tcp open rpcbind 2-4 (RPC #100000)
443/tcp open ssl/http Apache httpd 2.4.6 ((CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_fcgid/2.3.9 mod_nss/1.0.14 NSS/3.28.4 mod_wsgi/3.4 Python/2.7.5)
6666/tcp open ssh OpenSSH 7.4 (protocol 2.0)
8443/tcp open ssl/ssl Apache httpd (SSL-only mode)
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.12 seconds24、使用TCP ACK(PA)和TCP syn(PS)扫描远程主机
有时包过滤防火墙封锁标准的ICMP ping命令,在那种情况中,我们可以使用TCP ACK和TCP Syn方法来扫描远程主机。
[root@areadetector blctrl]# nmap -PS CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 13:12 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00023s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 1.56 seconds25、用TCP ACK对特定端口扫描远程主机
[root@areadetector blctrl]# nmap -PA -p 6666,80 CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 13:13 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00035s latency).PORT STATE SERVICE
80/tcp open http
6666/tcp open irc
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds26、用TCP Syn对特定端口扫描远程主机
[root@areadetector blctrl]# nmap -PS -p 6666,80 CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 13:14 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00032s latency).PORT STATE SERVICE
80/tcp open http
6666/tcp open irc
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds27、执行一次隐秘扫描
[root@areadetector blctrl]# nmap -sS CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 13:15 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00025s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 1.55 seconds28、用TCP Syn检查最常用端口
[root@areadetector blctrl]# nmap -sT CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 13:17 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00017s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
443/tcp open https
6666/tcp open irc
8443/tcp open https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds29、执行tcp null扫描来欺骗防火墙
[root@areadetector blctrl]# nmap -sN CentOS7.blctrl.com
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 13:17 CST
Nmap scan report for CentOS7.blctrl.com (192.168.50.74)
Host is up (0.00034s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
80/tcp open|filtered http
111/tcp open|filtered rpcbind
443/tcp open|filtered https
6666/tcp open|filtered irc
8443/tcp open|filtered https-alt
MAC Address: 00:19:0F:3D:C9:3D (Advansus)Nmap done: 1 IP address (1 host up) scanned in 98.08 seconds在Linux中查找连接网络的所有开机主机的IP地址
这里将向你解释如何找出连接了指定网络的所有开机主机的IP地址。一旦你已经安装了nmap,使用它的语法是:
# nmap [ scan type ... ] options {target specification}此处参量{target specification}可以被主机名,IP地址,网络等替代。
要列出连接指定网络的所有主机的IP地址,首先使用ifconfig命令或ip命令识别网络和它的子网掩码:
[blctrl@localhost ~]$ ifconfig
enp8s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.50.128 netmask 255.255.255.0 broadcast 192.168.50.255inet6 fe80::5054:ff:fede:e955 prefixlen 64 scopeid 0x20<link>ether 52:54:00:de:e9:55 txqueuelen 1000 (Ethernet)RX packets 256767 bytes 241554169 (230.3 MiB)RX errors 0 dropped 39 overruns 0 frame 0TX packets 45978 bytes 3928630 (3.7 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 229 bytes 38724 (37.8 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 229 bytes 38724 (37.8 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:87:29:d4 txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[blctrl@localhost ~]$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000link/ether 52:54:00:de:e9:55 brd ff:ff:ff:ff:ff:ffinet 192.168.50.128/24 brd 192.168.50.255 scope global dynamic noprefixroute enp8s0valid_lft 49978sec preferred_lft 49978secinet6 fe80::5054:ff:fede:e955/64 scope link noprefixroutevalid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000link/ether 52:54:00:87:29:d4 brd ff:ff:ff:ff:ff:ffinet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0valid_lft forever preferred_lft forever接着运行以下nmap命令:
[blctrl@localhost ~]$ nmap -sn 192.168.50.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2022-07-07 16:31 CST
Nmap scan report for RT-AC68U-9750 (192.168.50.1)
Host is up (0.00052s latency).
Nmap scan report for 192.168.50.74
Host is up (0.00077s latency).
Nmap scan report for 192.168.50.128
Host is up (0.00013s latency).
Nmap scan report for mint-KVM (192.168.50.157)
Host is up (0.00054s latency).
Nmap scan report for blctrl-KVM (192.168.50.184)
Host is up (0.00042s latency).
Nmap done: 256 IP addresses (5 hosts up) scanned in 2.69 seconds在这条命令中,
- -sn:是扫描类型,它表示一个ping扫描。默认,nmap执行端口扫描,但这个扫描将禁用端口扫描。
- 192.168.50.0/24:是目标网络,用你的实际网络替代它。
用于Linux系统/网络管理的nmap命令的实例相关推荐
- ss流量查询 php,Linux_Linux怎么使用ss命令查看系统的socket状态, Linux系统中,ss命令可用于 - phpStudy...
Linux怎么使用ss命令查看系统的socket状态 Linux系统中,ss命令可用于查看系统的socket的状态,而socket作为系统的进程通信机制,了解其状态是很有必要的,下面小编就给大家介绍下 ...
- 很实用的Linux 系统运维常用命令及常识(超实用)
很实用的Linux 系统运维常用命令及常识(超实用) 作为Linux运维,需要了解Linux操作系统的基本使用和管理知识,下面脚本之家小编给大家介绍下Linux运维需要掌握的命令,想成为Linux运维 ...
- Linux系统运维常用命令
Linux 系统运维常用命令 1 文件管理2 软件管理3 系统管理 4 服务管理5 网络管理6 磁盘管理 7 用户管理8 脚本相关9 服务配置 ============================ ...
- linux nmap下载教程,Linux_在Linux系统上用nmap扫描SSL漏洞的方法,以下载nmap 6.45及以上版本。如 - phpStudy...
在Linux系统上用nmap扫描SSL漏洞的方法 以下载nmap 6.45及以上版本.如果懒的重新安装,可以直接下载ssl-heartbleed.nse 脚本. 使用nmap 6.45扫描服务器心脏出 ...
- linux中split分割文件打开方式,Linux系统下使用split命令分割大文件 (转载)
[小蜗牛闲情之作 ] 我想给一个朋友传一个大视频,有几百M,尝试多种传输办法失败后,最后想到的是把视频切开一片片"邮递"过去给他,让它自己组装起来吧. [root@pps publ ...
- linux sudo命令全称,你知道Linux系统中的sudo 命令吗?
今天小编要跟大家分享的文章是关于Linux系统中sudo命令介绍.熟悉Linux操作系统的小伙伴们你们是否了解sudo命令.sudo 表示 "superuser do". 它允许已 ...
- linux系统基本运维命令
linux系统基本运维命令 如需转载请标明出处:http://blog.csdn.net/itas109 QQ技术交流群:129518033 文章目录 linux系统基本运维命令 查看操作系统版本信息 ...
- Linux系统之终端管理命令的基本使用
Linux系统之终端管理命令的基本使用 一.检查本地系统环境 1.检查系统版本 2.检查系统内核版本 二.终端介绍 1.终端简介 2.Linux终端简介 3.终端的发展 三.终端的相关术语 1.终端模 ...
- linux系统useradd及周边命令和概念详解
在Linux 系统中,所有的用户和组像一个国家.如果国家要繁荣昌盛的话,需要治理得当,需要有主席或者总统,以及地方官员和老百姓组成.在linux 中如果你对安全需求比较苛刻,完全可以限制用户的各种行为 ...
- Linux系统网络管理
Linux系统网络管理 一.基本网络配置: 将Linux主机接入网络,需要配置网络相关设置 一般包括以下内容: 主机名IP/netmask路由:默认网关DNS服务器:主DNS服务器次DNS服务器 网络 ...
最新文章
- Oracle 7.3.4 for OpenServer 5 装配
- Python网络编程1--笔记
- 配置静态路由使用出站接口和下一跳IP的差别
- php 接口的定义与实现,PHP接口定义与用法示例
- 【AI初识境】为了围剿SGD大家这些年想过的那十几招
- 算法练习day12——190331(哈希函数、哈希表、布隆过滤器、一致性哈希)
- C#中的DataSet添加DataTable问题
- win10 平台VS2019最简安装实现C++/C开发
- 基本类型和字符串互相转换
- Java 关键字—— static 与 final
- PHP中的语法特点小结
- 厉害了!春节不打烊年货30分钟即买即送 饿了么新上线650多家超市
- 直播将是所有企业必须做的
- 微信小程序API之getSystemInfo
- NYOJ 部分和问题
- 计算机专业英语单词完美打印,计算机专业英语词汇(完美排版_大容量打印版).pdf...
- iOS:如何实现在文字上添加拼音
- 虚拟化技术原理(CPU、内存、IO)
- epub编辑器apk_使用您喜欢HTML编辑器编辑ePub电子书
- 光伏电站智慧运维辅助系统解决方案 助力光伏运维监控智能化
热门文章
- 约瑟夫环 C语言 单循环链表
- Java分布式面试题( Session分布式解决方案)
- 模拟银行转账(java+mysql+tomcat +JDBC+ druid连接池 + Servlet + Ajax)
- 2021系统分析师论文题目记忆
- 最新卡巴斯基密码管理器:注重便利性和强化密码控制
- mysql导入.sql文件中文乱码_mysql通过sql文件导入数据时出现乱码的解决办法
- php mysql 手机归属地_PHP 手机号码归属地查询代码 (API 接口 / mysql)
- android号码查询归属地,号码归属地识别-Android电话应用
- SQLSERVER 恢复挂起
- 供应链金融与区块链01——论文阅读