nmap常用参数详解
2024-05-19 06:48:36
nmap常用参数详解
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
借用英雄联盟的一个英雄赵信的一句话:“即使敌众我寡,末将亦能万军丛中取敌将首级!”。三国关羽,万军丛中斩了颜良,枭首而还。我打一个比方啊,如果攻击一台服务器,做为一名优秀的黑客是拿着菜刀去把服务器的电源线切断就叫攻击服务器吗?很显然并不是。先说明,黑一个商业站点不是一两个软件就可以保证成功的,也不是一天两天的“黑客”技术学习就可以做到的。如果以上两点都不成,不要讲“黑”了。有钱的话请人来黑吧。
告诉你三点入侵前要做到的事情。如果你都可以完成,再谈具体的吧:
1>.取得对方IP,获取对方OS类型,所打过的安全补丁,以及运行的服务程序;
2>.针对上面的情况,扫描其漏洞;
3>.分析所得到的情报,找出可以利用的漏洞,再进行入侵;
总之,想黑人家的服务器,得具有比对方的网管更加利害的网络技术及应对复杂情况的能力。否则,是黑不到人的哟~
今天我要给大家推荐一款很牛逼的软件,即Nmap。我推荐这个软件的目的是为了工作的方便,而不是为了让你去一些坏事情。所谓道高一尺魔高一丈,你如果能够战胜自己的心魔就会做一些正义的事情!所以,我们不能怪一些软件功能太逆天了,而是取决于使用该软件的人。
一.什么是Nmap
Nmap是一款网络扫描和主机检测的非常有用的工具。Nmap是不局限于仅仅收集信息和枚举,同时可以用来作为一个漏洞探测器或安全扫描器。它可以适用于winodws,linux,mac等操作系统。本篇博客针对linux操作系统进行解说。
二.安装Nmap
[root@yinzhengjie ~]# yum -y install nmap
三.Nmap的常用姿势
1.扫描单一的一个主机
1 #!/bin/bash 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie 4 #EMAIL:y1053419035@qq.com 5 6 [root@yinzhengjie ~]#nmap 172.16.96.133 7 8 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 12:16CST9 Nmap scan report for bogon (172.16.96.133)10 Host isup (0.00060s latency).11 Not shown: 997closed ports12 PORT STATE SERVICE13 22/tcp open ssh14 80/tcp open http15 3306/tcp open mysql16 17 Nmap done: 1 IP address (1 host up) scanned in 0.07seconds18 [root@yinzhengjie ~]#
2.扫描整个子网
1 [root@yinzhengjie ~]#nmap 172.16.96.1/24 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:12CST4 Nmap scan report for bogon (172.16.96.1)5 Host isup (0.00073s latency).6 Not shown: 997closed ports7 PORT STATE SERVICE8 22/tcp open ssh9 53/tcp open domain10 3306/tcp open mysql11 12 Nmap scan report for bogon (172.16.96.40)13 Host isup (0.0014s latency).14 Not shown: 999filtered ports15 PORT STATE SERVICE16 22/tcp open ssh17 18 Nmap scan report for bogon (172.16.96.53)19 Host isup (0.00085s latency).20 Not shown: 964 filtered ports, 32closed ports21 PORT STATE SERVICE22 21/tcp open ftp23 80/tcp open http24 888/tcp open accessbuilder25 8888/tcp open sun-answerbook26 27 Nmap scan report for bogon (172.16.96.60)28 Host isup (0.00092s latency).29 Not shown: 988closed ports30 PORT STATE SERVICE31 135/tcp open msrpc32 139/tcp open netbios-ssn33 445/tcp open microsoft-ds34 1521/tcp open oracle35 3389/tcp open ms-term-serv36 49152/tcp open unknown37 49153/tcp open unknown38 49154/tcp open unknown39 49156/tcp open unknown40 49158/tcp open unknown41 49160/tcp open unknown42 49161/tcp open unknown43 44 Nmap scan report for bogon (172.16.96.61)45 Host isup (0.00079s latency).46 Not shown: 988closed ports47 PORT STATE SERVICE48 135/tcp open msrpc49 139/tcp open netbios-ssn50 445/tcp open microsoft-ds51 3389/tcp open ms-term-serv52 8009/tcp open ajp1353 8080/tcp open http-proxy54 49152/tcp open unknown55 49153/tcp open unknown56 49154/tcp open unknown57 49155/tcp open unknown58 49156/tcp open unknown59 49159/tcp open unknown60 61 Nmap scan report for bogon (172.16.96.80)62 Host isup (0.0012s latency).63 Not shown: 999filtered ports64 PORT STATE SERVICE65 22/tcp open ssh66 67 Nmap scan report for bogon (172.16.96.90)68 Host isup (0.0013s latency).69 Not shown: 994filtered ports70 PORT STATE SERVICE71 22/tcp open ssh72 80/tcp open http73 1720/tcp closed H.323/Q.931 74 8080/tcp closed http-proxy75 9943/tcp open unknown76 9944/tcp open unknown77 78 Nmap scan report for bogon (172.16.96.91)79 Host isup (0.00095s latency).80 Not shown: 997filtered ports81 PORT STATE SERVICE82 22/tcp open ssh83 80/tcp open http84 8080/tcp closed http-proxy85 86 Nmap scan report for bogon (172.16.96.100)87 Host isup (0.0016s latency).88 Not shown: 995filtered ports89 PORT STATE SERVICE90 22/tcp open ssh91 80/tcp open http92 443/tcp open https93 5988/tcp open wbem-http94 5989/tcp open wbem-https95 96 Nmap scan report for bogon (172.16.96.116)97 Host isup (0.0012s latency).98 Not shown: 985closed ports99 PORT STATE SERVICE100 80/tcp open http101 135/tcp open msrpc102 139/tcp open netbios-ssn103 443/tcp open https104 445/tcp open microsoft-ds105 593/tcp open http-rpc-epmap106 3389/tcp open ms-term-serv107 49152/tcp open unknown108 49153/tcp open unknown109 49154/tcp open unknown110 49155/tcp open unknown111 49156/tcp open unknown112 49157/tcp open unknown113 49159/tcp open unknown114 49160/tcp open unknown115 116 Nmap scan report for bogon (172.16.96.117)117 Host isup (0.00097s latency).118 Not shown: 984closed ports119 PORT STATE SERVICE120 80/tcp open http121 135/tcp open msrpc122 139/tcp open netbios-ssn123 443/tcp open https124 445/tcp open microsoft-ds125 1433/tcp open ms-sql-s126 3389/tcp open ms-term-serv127 49152/tcp open unknown128 49153/tcp open unknown129 49154/tcp open unknown130 49155/tcp open unknown131 49156/tcp open unknown132 49157/tcp open unknown133 49999/tcp open unknown134 50000/tcp open ibm-db2135 50002/tcp open iiimsf136 137 Nmap scan report for bogon (172.16.96.119)138 Host isup (0.00070s latency).139 Not shown: 991closed ports140 PORT STATE SERVICE141 22/tcp open ssh142 80/tcp open http143 111/tcp open rpcbind144 389/tcp open ldap145 443/tcp open https146 636/tcp open ldapssl147 3306/tcp open mysql148 8009/tcp open ajp13149 8080/tcp open http-proxy150 151 Nmap scan report for bogon (172.16.96.121)152 Host isup (0.00099s latency).153 Not shown: 995closed ports154 PORT STATE SERVICE155 21/tcp open ftp156 135/tcp open msrpc157 139/tcp open netbios-ssn158 1025/tcp open NFS-or-IIS159 1433/tcp open ms-sql-s160 161 Nmap scan report for bogon (172.16.96.124)162 Host isup (0.0017s latency).163 Not shown: 996closed ports164 PORT STATE SERVICE165 22/tcp open ssh166 111/tcp open rpcbind167 8009/tcp open ajp13168 8080/tcp open http-proxy169 170 Nmap scan report for bogon (172.16.96.125)171 Host isup (0.00084s latency).172 Not shown: 996closed ports173 PORT STATE SERVICE174 22/tcp open ssh175 111/tcp open rpcbind176 8009/tcp open ajp13177 8080/tcp open http-proxy178 179 Nmap scan report for bogon (172.16.96.126)180 Host isup (0.0014s latency).181 Not shown: 998closed ports182 PORT STATE SERVICE183 22/tcp open ssh184 111/tcp open rpcbind185 186 Nmap scan report for bogon (172.16.96.127)187 Host isup (0.0011s latency).188 Not shown: 995closed ports189 PORT STATE SERVICE190 22/tcp open ssh191 80/tcp open http192 111/tcp open rpcbind193 8009/tcp open ajp13194 8080/tcp open http-proxy195 196 Nmap scan report for bogon (172.16.96.128)197 Host isup (0.00092s latency).198 Not shown: 998closed ports199 PORT STATE SERVICE200 22/tcp open ssh201 111/tcp open rpcbind202 203 Nmap scan report for bogon (172.16.96.129)204 Host isup (0.00092s latency).205 Not shown: 996closed ports206 PORT STATE SERVICE207 22/tcp open ssh208 111/tcp open rpcbind209 8009/tcp open ajp13210 8080/tcp open http-proxy211 212 Nmap scan report for bogon (172.16.96.130)213 Host isup (0.0016s latency).214 Not shown: 993closed ports215 PORT STATE SERVICE216 135/tcp open msrpc217 139/tcp open netbios-ssn218 445/tcp open microsoft-ds219 912/tcp open apex-mesh220 1026/tcp open LSA-or-nterm221 1044/tcp open dcutility222 3389/tcp open ms-term-serv223 224 Nmap scan report for bogon (172.16.96.131)225 Host isup (0.0013s latency).226 Not shown: 995closed ports227 PORT STATE SERVICE228 22/tcp open ssh229 111/tcp open rpcbind230 8009/tcp open ajp13231 8080/tcp open http-proxy232 8180/tcp open unknown233 234 Nmap scan report for bogon (172.16.96.133)235 Host isup (0.0011s latency).236 Not shown: 997closed ports237 PORT STATE SERVICE238 22/tcp open ssh239 80/tcp open http240 3306/tcp open mysql241 242 Nmap scan report for bogon (172.16.96.135)243 Host isup (0.00082s latency).244 Not shown: 997closed ports245 PORT STATE SERVICE246 22/tcp open ssh247 80/tcp open http248 111/tcp open rpcbind249 250 Nmap scan report for bogon (172.16.96.136)251 Host isup (0.00090s latency).252 Not shown: 995closed ports253 PORT STATE SERVICE254 22/tcp open ssh255 80/tcp open http256 111/tcp open rpcbind257 8009/tcp open ajp13258 8080/tcp open http-proxy259 260 Nmap scan report for bogon (172.16.96.137)261 Host isup (0.00093s latency).262 Not shown: 995closed ports263 PORT STATE SERVICE264 22/tcp open ssh265 111/tcp open rpcbind266 8009/tcp open ajp13267 8080/tcp open http-proxy268 9200/tcp open wap-wsp269 270 Nmap scan report for bogon (172.16.96.138)271 Host isup (0.00090s latency).272 Not shown: 997closed ports273 PORT STATE SERVICE274 22/tcp open ssh275 80/tcp open http276 111/tcp open rpcbind277 278 Nmap scan report for bogon (172.16.96.139)279 Host isup (0.00096s latency).280 Not shown: 998closed ports281 PORT STATE SERVICE282 22/tcp open ssh283 80/tcp open http284 285 Nmap scan report for bogon (172.16.96.140)286 Host isup (0.00095s latency).287 Not shown: 998closed ports288 PORT STATE SERVICE289 22/tcp open ssh290 8080/tcp open http-proxy291 292 Nmap scan report for bogon (172.16.96.141)293 Host isup (0.00091s latency).294 Not shown: 998closed ports295 PORT STATE SERVICE296 22/tcp open ssh297 3306/tcp open mysql298 299 Nmap scan report for bogon (172.16.96.143)300 Host isup (0.0012s latency).301 Not shown: 996filtered ports302 PORT STATE SERVICE303 22/tcp open ssh304 80/tcp open http305 443/tcp closed https306 3306/tcp open mysql307 308 Nmap scan report for bogon (172.16.96.188)309 Host isup (0.00058s latency).310 Not shown: 991closed ports311 PORT STATE SERVICE312 22/tcp open ssh313 80/tcp open http314 111/tcp open rpcbind315 1234/tcp open hotline316 1521/tcp open oracle317 2809/tcp open corbaloc318 9100/tcp open jetdirect319 32768/tcp open filenet-tms320 32776/tcp open sometimes-rpc15321 322 Nmap scan report for bogon (172.16.96.200)323 Host isup (0.00089s latency).324 Not shown: 984closed ports325 PORT STATE SERVICE326 80/tcp open http327 81/tcp open hosts2-ns328 135/tcp open msrpc329 139/tcp open netbios-ssn330 445/tcp open microsoft-ds331 1521/tcp open oracle332 1688/tcp open nsjtp-data333 3389/tcp open ms-term-serv334 4000/tcp open remoteanything335 4001/tcp open newoak336 8011/tcp open unknown337 49152/tcp open unknown338 49153/tcp open unknown339 49154/tcp open unknown340 49155/tcp open unknown341 49158/tcp open unknown342 343 Nmap scan report for bogon (172.16.96.205)344 Host isup (0.00089s latency).345 Not shown: 998closed ports346 PORT STATE SERVICE347 22/tcp open ssh348 111/tcp open rpcbind349 350 Nmap scan report for bogon (172.16.96.222)351 Host isup (0.00085s latency).352 Not shown: 997closed ports353 PORT STATE SERVICE354 22/tcp open ssh355 80/tcp open http356 3306/tcp open mysql357 358 Nmap scan report for bogon (172.16.96.235)359 Host isup (0.00096s latency).360 Not shown: 987closed ports361 PORT STATE SERVICE362 80/tcp open http363 135/tcp open msrpc364 139/tcp open netbios-ssn365 445/tcp open microsoft-ds366 1025/tcp open NFS-or-IIS367 1026/tcp open LSA-or-nterm368 1027/tcp open IIS369 1074/tcp open warmspotMgmt370 1433/tcp open ms-sql-s371 2382/tcp open ms-olap3372 3372/tcp open msdtc373 5120/tcp open unknown374 9001/tcp open tor-orport375 376 Nmap scan report for bogon (172.16.96.236)377 Host isup (0.00076s latency).378 Not shown: 994filtered ports379 PORT STATE SERVICE380 21/tcp open ftp381 80/tcp open http382 443/tcp open https383 8080/tcp open http-proxy384 8088/tcp open radan-http385 49154/tcp open unknown386 387 Nmap scan report for bogon (172.16.96.250)388 Host isup (0.00079s latency).389 Not shown: 994filtered ports390 PORT STATE SERVICE391 80/tcp open http392 135/tcp open msrpc393 139/tcp open netbios-ssn394 5120/tcp open unknown395 49153/tcp open unknown396 49154/tcp open unknown397 398 Nmap scan report for bogon (172.16.96.254)399 Host isup (0.0016s latency).400 Not shown: 989closed ports401 PORT STATE SERVICE402 23/tcp open telnet403 50300/tcp filtered unknown404 50389/tcp filtered unknown405 50500/tcp filtered unknown406 50636/tcp filtered unknown407 50800/tcp filtered unknown408 51493/tcp filtered unknown409 52673/tcp filtered unknown410 52822/tcp filtered unknown411 52848/tcp filtered unknown412 52869/tcp filtered unknown413 414 Nmap done: 256 IP addresses (38 hosts up) scanned in 18.86seconds415 [root@yinzhengjie ~]#
[root@yinzhengjie ~]# nmap 172.16.96.1/24
3.扫描多个目标
直接跟需要扫描的目标IP就好,nmap后面跟多少个IP就会去扫描你手写的这些IP
1 #!/bin/bash 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie 4 #EMAIL:y1053419035@qq.com 5 6 [root@yinzhengjie ~]#nmap 172.16.96.1 172.16.96.200 7 8 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:17CST9 Nmap scan report for bogon (172.16.96.1)10 Host isup (0.00075s latency).11 Not shown: 997closed ports12 PORT STATE SERVICE13 22/tcp open ssh14 53/tcp open domain15 3306/tcp open mysql16 17 Nmap scan report for bogon (172.16.96.200)18 Host isup (0.00089s latency).19 Not shown: 984closed ports20 PORT STATE SERVICE21 80/tcp open http22 81/tcp open hosts2-ns23 135/tcp open msrpc24 139/tcp open netbios-ssn25 445/tcp open microsoft-ds26 1521/tcp open oracle27 1688/tcp open nsjtp-data28 3389/tcp open ms-term-serv29 4000/tcp open remoteanything30 4001/tcp open newoak31 8011/tcp open unknown32 49152/tcp open unknown33 49153/tcp open unknown34 49154/tcp open unknown35 49155/tcp open unknown36 49158/tcp open unknown37 38 Nmap done: 2 IP addresses (2 hosts up) scanned in 1.28seconds39 [root@yinzhengjie ~]#
4.扫描一个范围内的目标
需要你指定起始范围,他只会在这个范围进行扫描。
1 #!/bin/bash 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie 4 #EMAIL:y1053419035@qq.com 5 6 [root@yinzhengjie ~]#nmap 172.16.96.1-100 7 8 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:20CST9 Nmap scan report for bogon (172.16.96.1)10 Host isup (0.0011s latency).11 Not shown: 997closed ports12 PORT STATE SERVICE13 22/tcp open ssh14 53/tcp open domain15 3306/tcp open mysql16 17 Nmap scan report for bogon (172.16.96.40)18 Host isup (0.0010s latency).19 Not shown: 999filtered ports20 PORT STATE SERVICE21 22/tcp open ssh22 23 Nmap scan report for bogon (172.16.96.53)24 Host isup (0.0011s latency).25 Not shown: 964 filtered ports, 32closed ports26 PORT STATE SERVICE27 21/tcp open ftp28 80/tcp open http29 888/tcp open accessbuilder30 8888/tcp open sun-answerbook31 32 Nmap scan report for bogon (172.16.96.60)33 Host isup (0.0012s latency).34 Not shown: 988closed ports35 PORT STATE SERVICE36 135/tcp open msrpc37 139/tcp open netbios-ssn38 445/tcp open microsoft-ds39 1521/tcp open oracle40 3389/tcp open ms-term-serv41 49152/tcp open unknown42 49153/tcp open unknown43 49154/tcp open unknown44 49156/tcp open unknown45 49158/tcp open unknown46 49160/tcp open unknown47 49161/tcp open unknown48 49 Nmap scan report for bogon (172.16.96.61)50 Host isup (0.00079s latency).51 Not shown: 988closed ports52 PORT STATE SERVICE53 135/tcp open msrpc54 139/tcp open netbios-ssn55 445/tcp open microsoft-ds56 3389/tcp open ms-term-serv57 8009/tcp open ajp1358 8080/tcp open http-proxy59 49152/tcp open unknown60 49153/tcp open unknown61 49154/tcp open unknown62 49155/tcp open unknown63 49156/tcp open unknown64 49159/tcp open unknown65 66 Nmap scan report for bogon (172.16.96.80)67 Host isup (0.0011s latency).68 Not shown: 999filtered ports69 PORT STATE SERVICE70 22/tcp open ssh71 72 Nmap scan report for bogon (172.16.96.90)73 Host isup (0.0012s latency).74 Not shown: 994filtered ports75 PORT STATE SERVICE76 22/tcp open ssh77 80/tcp open http78 1720/tcp closed H.323/Q.931 79 8080/tcp closed http-proxy80 9943/tcp open unknown81 9944/tcp open unknown82 83 Nmap scan report for bogon (172.16.96.91)84 Host isup (0.0015s latency).85 Not shown: 997filtered ports86 PORT STATE SERVICE87 22/tcp open ssh88 80/tcp open http89 8080/tcp closed http-proxy90 91 Nmap scan report for bogon (172.16.96.100)92 Host isup (0.0011s latency).93 Not shown: 995filtered ports94 PORT STATE SERVICE95 22/tcp open ssh96 80/tcp open http97 443/tcp open https98 5988/tcp open wbem-http99 5989/tcp open wbem-https100 101 Nmap done: 100 IP addresses (9 hosts up) scanned in 26.18seconds102 [root@yinzhengjie ~]#
5.如果你有一个ip地址列表,将这个保存为一个txt文件,和namp在同一目录下,扫描这个txt内的所有主机
1 #!/bin/bash 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie 4 #EMAIL:y1053419035@qq.com 5 6 [root@yinzhengjie ~]#cat ip.txt 7 172.16.96.1 8 172.16.96.133 9 172.16.96.51 10 172.16.96.205 11 [root@yinzhengjie ~]#12 [root@yinzhengjie ~]#nmap -iL ip.txt 13 14 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:36CST15 Nmap scan report for bogon (172.16.96.1)16 Host isup (0.00065s latency).17 Not shown: 997closed ports18 PORT STATE SERVICE19 22/tcp open ssh20 53/tcp open domain21 3306/tcp open mysql22 23 Nmap scan report for bogon (172.16.96.133)24 Host isup (0.00070s latency).25 Not shown: 997closed ports26 PORT STATE SERVICE27 22/tcp open ssh28 80/tcp open http29 3306/tcp open mysql30 31 Nmap scan report for bogon (172.16.96.205)32 Host isup (0.00069s latency).33 Not shown: 998closed ports34 PORT STATE SERVICE35 22/tcp open ssh36 111/tcp open rpcbind37 38 Nmap done: 4 IP addresses (3 hosts up) scanned in 1.44seconds39 [root@yinzhengjie ~]#
6.扫描除过某一个ip外的所有子网主机
1 [root@yinzhengjie ~]# 2 [root@yinzhengjie ~]#nmap 172.16.96.1/24-exclude 172.16.96.1 3 4 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:53CST5 Illegal netmask value, must be /0 - /32 . Assuming /32(one host)6 Nmap scan report for bogon (172.16.96.1)7 Host isup (0.00060s latency).8 Not shown: 997closed ports9 PORT STATE SERVICE10 22/tcp open ssh11 53/tcp open domain12 3306/tcp open mysql13 14 Nmap scan report for bogon (172.16.96.1)15 Host isup (0.00044s latency).16 Not shown: 997closed ports17 PORT STATE SERVICE18 22/tcp open ssh19 53/tcp open domain20 3306/tcp open mysql21 22 Nmap done: 2 IP addresses (2 hosts up) scanned in 0.10seconds23 [root@yinzhengjie ~]#nmap 172.16.96.1/24 -exclude 172.16.96.1 24 25 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:53CST26 Nmap scan report for bogon (172.16.96.40)27 Host isup (0.00088s latency).28 Not shown: 999filtered ports29 PORT STATE SERVICE30 22/tcp open ssh31 32 Nmap scan report for bogon (172.16.96.53)33 Host isup (0.00089s latency).34 Not shown: 964 filtered ports, 32closed ports35 PORT STATE SERVICE36 21/tcp open ftp37 80/tcp open http38 888/tcp open accessbuilder39 8888/tcp open sun-answerbook40 41 Nmap scan report for bogon (172.16.96.60)42 Host isup (0.00067s latency).43 Not shown: 988closed ports44 PORT STATE SERVICE45 135/tcp open msrpc46 139/tcp open netbios-ssn47 445/tcp open microsoft-ds48 1521/tcp open oracle49 3389/tcp open ms-term-serv50 49152/tcp open unknown51 49153/tcp open unknown52 49154/tcp open unknown53 49156/tcp open unknown54 49158/tcp open unknown55 49160/tcp open unknown56 49161/tcp open unknown57 58 Nmap scan report for bogon (172.16.96.61)59 Host isup (0.00071s latency).60 Not shown: 988closed ports61 PORT STATE SERVICE62 135/tcp open msrpc63 139/tcp open netbios-ssn64 445/tcp open microsoft-ds65 3389/tcp open ms-term-serv66 8009/tcp open ajp1367 8080/tcp open http-proxy68 49152/tcp open unknown69 49153/tcp open unknown70 49154/tcp open unknown71 49155/tcp open unknown72 49156/tcp open unknown73 49159/tcp open unknown74 75 Nmap scan report for bogon (172.16.96.80)76 Host isup (0.0012s latency).77 Not shown: 999filtered ports78 PORT STATE SERVICE79 22/tcp open ssh80 81 Nmap scan report for bogon (172.16.96.90)82 Host isup (0.00093s latency).83 Not shown: 994filtered ports84 PORT STATE SERVICE85 22/tcp open ssh86 80/tcp open http87 1720/tcp closed H.323/Q.931 88 8080/tcp closed http-proxy89 9943/tcp open unknown90 9944/tcp open unknown91 92 Nmap scan report for bogon (172.16.96.91)93 Host isup (0.00091s latency).94 Not shown: 997filtered ports95 PORT STATE SERVICE96 22/tcp open ssh97 80/tcp open http98 8080/tcp closed http-proxy99 100 Nmap scan report for bogon (172.16.96.100)101 Host isup (0.00099s latency).102 Not shown: 995filtered ports103 PORT STATE SERVICE104 22/tcp open ssh105 80/tcp open http106 443/tcp open https107 5988/tcp open wbem-http108 5989/tcp open wbem-https109 110 Nmap scan report for bogon (172.16.96.116)111 Host isup (0.00070s latency).112 Not shown: 985closed ports113 PORT STATE SERVICE114 80/tcp open http115 135/tcp open msrpc116 139/tcp open netbios-ssn117 443/tcp open https118 445/tcp open microsoft-ds119 593/tcp open http-rpc-epmap120 3389/tcp open ms-term-serv121 49152/tcp open unknown122 49153/tcp open unknown123 49154/tcp open unknown124 49155/tcp open unknown125 49156/tcp open unknown126 49157/tcp open unknown127 49159/tcp open unknown128 49160/tcp open unknown129 130 Nmap scan report for bogon (172.16.96.117)131 Host isup (0.00062s latency).132 Not shown: 984closed ports133 PORT STATE SERVICE134 80/tcp open http135 135/tcp open msrpc136 139/tcp open netbios-ssn137 443/tcp open https138 445/tcp open microsoft-ds139 1433/tcp open ms-sql-s140 3389/tcp open ms-term-serv141 49152/tcp open unknown142 49153/tcp open unknown143 49154/tcp open unknown144 49155/tcp open unknown145 49156/tcp open unknown146 49157/tcp open unknown147 49999/tcp open unknown148 50000/tcp open ibm-db2149 50002/tcp open iiimsf150 151 Nmap scan report for bogon (172.16.96.119)152 Host isup (0.00059s latency).153 Not shown: 991closed ports154 PORT STATE SERVICE155 22/tcp open ssh156 80/tcp open http157 111/tcp open rpcbind158 389/tcp open ldap159 443/tcp open https160 636/tcp open ldapssl161 3306/tcp open mysql162 8009/tcp open ajp13163 8080/tcp open http-proxy164 165 Nmap scan report for bogon (172.16.96.121)166 Host isup (0.00071s latency).167 Not shown: 995closed ports168 PORT STATE SERVICE169 21/tcp open ftp170 135/tcp open msrpc171 139/tcp open netbios-ssn172 1025/tcp open NFS-or-IIS173 1433/tcp open ms-sql-s174 175 Nmap scan report for bogon (172.16.96.124)176 Host isup (0.00058s latency).177 Not shown: 996closed ports178 PORT STATE SERVICE179 22/tcp open ssh180 111/tcp open rpcbind181 8009/tcp open ajp13182 8080/tcp open http-proxy183 184 Nmap scan report for bogon (172.16.96.125)185 Host isup (0.00059s latency).186 Not shown: 996closed ports187 PORT STATE SERVICE188 22/tcp open ssh189 111/tcp open rpcbind190 8009/tcp open ajp13191 8080/tcp open http-proxy192 193 Nmap scan report for bogon (172.16.96.126)194 Host isup (0.00063s latency).195 Not shown: 998closed ports196 PORT STATE SERVICE197 22/tcp open ssh198 111/tcp open rpcbind199 200 Nmap scan report for bogon (172.16.96.127)201 Host isup (0.00057s latency).202 Not shown: 995closed ports203 PORT STATE SERVICE204 22/tcp open ssh205 80/tcp open http206 111/tcp open rpcbind207 8009/tcp open ajp13208 8080/tcp open http-proxy209 210 Nmap scan report for bogon (172.16.96.128)211 Host isup (0.00060s latency).212 Not shown: 998closed ports213 PORT STATE SERVICE214 22/tcp open ssh215 111/tcp open rpcbind216 217 Nmap scan report for bogon (172.16.96.129)218 Host isup (0.00062s latency).219 Not shown: 996closed ports220 PORT STATE SERVICE221 22/tcp open ssh222 111/tcp open rpcbind223 8009/tcp open ajp13224 8080/tcp open http-proxy225 226 Nmap scan report for bogon (172.16.96.130)227 Host isup (0.00056s latency).228 Not shown: 993closed ports229 PORT STATE SERVICE230 135/tcp open msrpc231 139/tcp open netbios-ssn232 445/tcp open microsoft-ds233 912/tcp open apex-mesh234 1026/tcp open LSA-or-nterm235 1044/tcp open dcutility236 3389/tcp open ms-term-serv237 238 Nmap scan report for bogon (172.16.96.131)239 Host isup (0.00059s latency).240 Not shown: 995closed ports241 PORT STATE SERVICE242 22/tcp open ssh243 111/tcp open rpcbind244 8009/tcp open ajp13245 8080/tcp open http-proxy246 8180/tcp open unknown247 248 Nmap scan report for bogon (172.16.96.133)249 Host isup (0.00061s latency).250 Not shown: 997closed ports251 PORT STATE SERVICE252 22/tcp open ssh253 80/tcp open http254 3306/tcp open mysql255 256 Nmap scan report for bogon (172.16.96.135)257 Host isup (0.00061s latency).258 Not shown: 997closed ports259 PORT STATE SERVICE260 22/tcp open ssh261 80/tcp open http262 111/tcp open rpcbind263 264 Nmap scan report for bogon (172.16.96.136)265 Host isup (0.00064s latency).266 Not shown: 995closed ports267 PORT STATE SERVICE268 22/tcp open ssh269 80/tcp open http270 111/tcp open rpcbind271 8009/tcp open ajp13272 8080/tcp open http-proxy273 274 Nmap scan report for bogon (172.16.96.137)275 Host isup (0.00062s latency).276 Not shown: 995closed ports277 PORT STATE SERVICE278 22/tcp open ssh279 111/tcp open rpcbind280 8009/tcp open ajp13281 8080/tcp open http-proxy282 9200/tcp open wap-wsp283 284 Nmap scan report for bogon (172.16.96.138)285 Host isup (0.00060s latency).286 Not shown: 997closed ports287 PORT STATE SERVICE288 22/tcp open ssh289 80/tcp open http290 111/tcp open rpcbind291 292 Nmap scan report for bogon (172.16.96.139)293 Host isup (0.00062s latency).294 Not shown: 998closed ports295 PORT STATE SERVICE296 22/tcp open ssh297 80/tcp open http298 299 Nmap scan report for bogon (172.16.96.140)300 Host isup (0.00072s latency).301 Not shown: 998closed ports302 PORT STATE SERVICE303 22/tcp open ssh304 8080/tcp open http-proxy305 306 Nmap scan report for bogon (172.16.96.141)307 Host isup (0.00058s latency).308 Not shown: 998closed ports309 PORT STATE SERVICE310 22/tcp open ssh311 3306/tcp open mysql312 313 Nmap scan report for bogon (172.16.96.143)314 Host isup (0.00087s latency).315 Not shown: 996filtered ports316 PORT STATE SERVICE317 22/tcp open ssh318 80/tcp open http319 443/tcp closed https320 3306/tcp open mysql321 322 Nmap scan report for bogon (172.16.96.188)323 Host isup (0.00064s latency).324 Not shown: 991closed ports325 PORT STATE SERVICE326 22/tcp open ssh327 80/tcp open http328 111/tcp open rpcbind329 1234/tcp open hotline330 1521/tcp open oracle331 2809/tcp open corbaloc332 9100/tcp open jetdirect333 32768/tcp open filenet-tms334 32776/tcp open sometimes-rpc15335 336 Nmap scan report for bogon (172.16.96.200)337 Host isup (0.00061s latency).338 Not shown: 984closed ports339 PORT STATE SERVICE340 80/tcp open http341 81/tcp open hosts2-ns342 135/tcp open msrpc343 139/tcp open netbios-ssn344 445/tcp open microsoft-ds345 1521/tcp open oracle346 1688/tcp open nsjtp-data347 3389/tcp open ms-term-serv348 4000/tcp open remoteanything349 4001/tcp open newoak350 8011/tcp open unknown351 49152/tcp open unknown352 49153/tcp open unknown353 49154/tcp open unknown354 49155/tcp open unknown355 49158/tcp open unknown356 357 Nmap scan report for bogon (172.16.96.205)358 Host isup (0.00060s latency).359 Not shown: 998closed ports360 PORT STATE SERVICE361 22/tcp open ssh362 111/tcp open rpcbind363 364 Nmap scan report for bogon (172.16.96.222)365 Host isup (0.00059s latency).366 Not shown: 997closed ports367 PORT STATE SERVICE368 22/tcp open ssh369 80/tcp open http370 3306/tcp open mysql371 372 Nmap scan report for bogon (172.16.96.235)373 Host isup (0.00064s latency).374 Not shown: 987closed ports375 PORT STATE SERVICE376 80/tcp open http377 135/tcp open msrpc378 139/tcp open netbios-ssn379 445/tcp open microsoft-ds380 1025/tcp open NFS-or-IIS381 1026/tcp open LSA-or-nterm382 1027/tcp open IIS383 1074/tcp open warmspotMgmt384 1433/tcp open ms-sql-s385 2382/tcp open ms-olap3386 3372/tcp open msdtc387 5120/tcp open unknown388 9001/tcp open tor-orport389 390 Nmap scan report for bogon (172.16.96.236)391 Host isup (0.00099s latency).392 Not shown: 994filtered ports393 PORT STATE SERVICE394 21/tcp open ftp395 80/tcp open http396 443/tcp open https397 8080/tcp open http-proxy398 8088/tcp open radan-http399 49154/tcp open unknown400 401 Nmap scan report for bogon (172.16.96.250)402 Host isup (0.00098s latency).403 Not shown: 994filtered ports404 PORT STATE SERVICE405 80/tcp open http406 135/tcp open msrpc407 139/tcp open netbios-ssn408 5120/tcp open unknown409 49153/tcp open unknown410 49154/tcp open unknown411 412 Nmap scan report for bogon (172.16.96.254)413 Host isup (0.0014s latency).414 Not shown: 989closed ports415 PORT STATE SERVICE416 23/tcp open telnet417 50300/tcp filtered unknown418 50389/tcp filtered unknown419 50500/tcp filtered unknown420 50636/tcp filtered unknown421 50800/tcp filtered unknown422 51493/tcp filtered unknown423 52673/tcp filtered unknown424 52822/tcp filtered unknown425 52848/tcp filtered unknown426 52869/tcp filtered unknown427 428 Nmap done: 255 IP addresses (37 hosts up) scanned in 55.17seconds429 [root@yinzhengjie ~]#
[root@yinzhengjie ~]# nmap 172.16.96.1/24 -exclude 172.16.96.1
7.扫描除过某一个文件中的ip外的子网主机命令
1 [root@yinzhengjie ~]#nmap 172.16.96.1/24 -excludefile ip.txt 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:57CST4 Nmap scan report for bogon (172.16.96.40)5 Host isup (0.00089s latency).6 Not shown: 999filtered ports7 PORT STATE SERVICE8 22/tcp open ssh9 10 Nmap scan report for bogon (172.16.96.53)11 Host isup (0.00087s latency).12 Not shown: 964 filtered ports, 32closed ports13 PORT STATE SERVICE14 21/tcp open ftp15 80/tcp open http16 888/tcp open accessbuilder17 8888/tcp open sun-answerbook18 19 Nmap scan report for bogon (172.16.96.60)20 Host isup (0.00054s latency).21 Not shown: 988closed ports22 PORT STATE SERVICE23 135/tcp open msrpc24 139/tcp open netbios-ssn25 445/tcp open microsoft-ds26 1521/tcp open oracle27 3389/tcp open ms-term-serv28 49152/tcp open unknown29 49153/tcp open unknown30 49154/tcp open unknown31 49156/tcp open unknown32 49158/tcp open unknown33 49160/tcp open unknown34 49161/tcp open unknown35 36 Nmap scan report for bogon (172.16.96.61)37 Host isup (0.00064s latency).38 Not shown: 988closed ports39 PORT STATE SERVICE40 135/tcp open msrpc41 139/tcp open netbios-ssn42 445/tcp open microsoft-ds43 3389/tcp open ms-term-serv44 8009/tcp open ajp1345 8080/tcp open http-proxy46 49152/tcp open unknown47 49153/tcp open unknown48 49154/tcp open unknown49 49155/tcp open unknown50 49156/tcp open unknown51 49159/tcp open unknown52 53 Nmap scan report for bogon (172.16.96.80)54 Host isup (0.00089s latency).55 Not shown: 999filtered ports56 PORT STATE SERVICE57 22/tcp open ssh58 59 Nmap scan report for bogon (172.16.96.90)60 Host isup (0.00082s latency).61 Not shown: 994filtered ports62 PORT STATE SERVICE63 22/tcp open ssh64 80/tcp open http65 1720/tcp closed H.323/Q.931 66 8080/tcp closed http-proxy67 9943/tcp open unknown68 9944/tcp open unknown69 70 Nmap scan report for bogon (172.16.96.91)71 Host isup (0.00089s latency).72 Not shown: 997filtered ports73 PORT STATE SERVICE74 22/tcp open ssh75 80/tcp open http76 8080/tcp closed http-proxy77 78 Nmap scan report for bogon (172.16.96.100)79 Host isup (0.00092s latency).80 Not shown: 995filtered ports81 PORT STATE SERVICE82 22/tcp open ssh83 80/tcp open http84 443/tcp open https85 5988/tcp open wbem-http86 5989/tcp open wbem-https87 88 Nmap scan report for bogon (172.16.96.116)89 Host isup (0.00070s latency).90 Not shown: 985closed ports91 PORT STATE SERVICE92 80/tcp open http93 135/tcp open msrpc94 139/tcp open netbios-ssn95 443/tcp open https96 445/tcp open microsoft-ds97 593/tcp open http-rpc-epmap98 3389/tcp open ms-term-serv99 49152/tcp open unknown100 49153/tcp open unknown101 49154/tcp open unknown102 49155/tcp open unknown103 49156/tcp open unknown104 49157/tcp open unknown105 49159/tcp open unknown106 49160/tcp open unknown107 108 Nmap scan report for bogon (172.16.96.117)109 Host isup (0.00082s latency).110 Not shown: 984closed ports111 PORT STATE SERVICE112 80/tcp open http113 135/tcp open msrpc114 139/tcp open netbios-ssn115 443/tcp open https116 445/tcp open microsoft-ds117 1433/tcp open ms-sql-s118 3389/tcp open ms-term-serv119 49152/tcp open unknown120 49153/tcp open unknown121 49154/tcp open unknown122 49155/tcp open unknown123 49156/tcp open unknown124 49157/tcp open unknown125 49999/tcp open unknown126 50000/tcp open ibm-db2127 50002/tcp open iiimsf128 129 Nmap scan report for bogon (172.16.96.119)130 Host isup (0.00065s latency).131 Not shown: 991closed ports132 PORT STATE SERVICE133 22/tcp open ssh134 80/tcp open http135 111/tcp open rpcbind136 389/tcp open ldap137 443/tcp open https138 636/tcp open ldapssl139 3306/tcp open mysql140 8009/tcp open ajp13141 8080/tcp open http-proxy142 143 Nmap scan report for bogon (172.16.96.121)144 Host isup (0.00083s latency).145 Not shown: 995closed ports146 PORT STATE SERVICE147 21/tcp open ftp148 135/tcp open msrpc149 139/tcp open netbios-ssn150 1025/tcp open NFS-or-IIS151 1433/tcp open ms-sql-s152 153 Nmap scan report for bogon (172.16.96.124)154 Host isup (0.00060s latency).155 Not shown: 996closed ports156 PORT STATE SERVICE157 22/tcp open ssh158 111/tcp open rpcbind159 8009/tcp open ajp13160 8080/tcp open http-proxy161 162 Nmap scan report for bogon (172.16.96.125)163 Host isup (0.00075s latency).164 Not shown: 996closed ports165 PORT STATE SERVICE166 22/tcp open ssh167 111/tcp open rpcbind168 8009/tcp open ajp13169 8080/tcp open http-proxy170 171 Nmap scan report for bogon (172.16.96.126)172 Host isup (0.00073s latency).173 Not shown: 998closed ports174 PORT STATE SERVICE175 22/tcp open ssh176 111/tcp open rpcbind177 178 Nmap scan report for bogon (172.16.96.127)179 Host isup (0.00060s latency).180 Not shown: 995closed ports181 PORT STATE SERVICE182 22/tcp open ssh183 80/tcp open http184 111/tcp open rpcbind185 8009/tcp open ajp13186 8080/tcp open http-proxy187 188 Nmap scan report for bogon (172.16.96.128)189 Host isup (0.00055s latency).190 Not shown: 998closed ports191 PORT STATE SERVICE192 22/tcp open ssh193 111/tcp open rpcbind194 195 Nmap scan report for bogon (172.16.96.129)196 Host isup (0.00065s latency).197 Not shown: 996closed ports198 PORT STATE SERVICE199 22/tcp open ssh200 111/tcp open rpcbind201 8009/tcp open ajp13202 8080/tcp open http-proxy203 204 Nmap scan report for bogon (172.16.96.130)205 Host isup (0.00067s latency).206 Not shown: 993closed ports207 PORT STATE SERVICE208 135/tcp open msrpc209 139/tcp open netbios-ssn210 445/tcp open microsoft-ds211 912/tcp open apex-mesh212 1026/tcp open LSA-or-nterm213 1044/tcp open dcutility214 3389/tcp open ms-term-serv215 216 Nmap scan report for bogon (172.16.96.131)217 Host isup (0.00066s latency).218 Not shown: 995closed ports219 PORT STATE SERVICE220 22/tcp open ssh221 111/tcp open rpcbind222 8009/tcp open ajp13223 8080/tcp open http-proxy224 8180/tcp open unknown225 226 Nmap scan report for bogon (172.16.96.135)227 Host isup (0.00061s latency).228 Not shown: 997closed ports229 PORT STATE SERVICE230 22/tcp open ssh231 80/tcp open http232 111/tcp open rpcbind233 234 Nmap scan report for bogon (172.16.96.136)235 Host isup (0.00061s latency).236 Not shown: 995closed ports237 PORT STATE SERVICE238 22/tcp open ssh239 80/tcp open http240 111/tcp open rpcbind241 8009/tcp open ajp13242 8080/tcp open http-proxy243 244 Nmap scan report for bogon (172.16.96.137)245 Host isup (0.00057s latency).246 Not shown: 995closed ports247 PORT STATE SERVICE248 22/tcp open ssh249 111/tcp open rpcbind250 8009/tcp open ajp13251 8080/tcp open http-proxy252 9200/tcp open wap-wsp253 254 Nmap scan report for bogon (172.16.96.138)255 Host isup (0.00056s latency).256 Not shown: 997closed ports257 PORT STATE SERVICE258 22/tcp open ssh259 80/tcp open http260 111/tcp open rpcbind261 262 Nmap scan report for bogon (172.16.96.139)263 Host isup (0.00066s latency).264 Not shown: 998closed ports265 PORT STATE SERVICE266 22/tcp open ssh267 80/tcp open http268 269 Nmap scan report for bogon (172.16.96.140)270 Host isup (0.00073s latency).271 Not shown: 998closed ports272 PORT STATE SERVICE273 22/tcp open ssh274 8080/tcp open http-proxy275 276 Nmap scan report for bogon (172.16.96.141)277 Host isup (0.00060s latency).278 Not shown: 998closed ports279 PORT STATE SERVICE280 22/tcp open ssh281 3306/tcp open mysql282 283 Nmap scan report for bogon (172.16.96.143)284 Host isup (0.00086s latency).285 Not shown: 996filtered ports286 PORT STATE SERVICE287 22/tcp open ssh288 80/tcp open http289 443/tcp closed https290 3306/tcp open mysql291 292 Nmap scan report for bogon (172.16.96.188)293 Host isup (0.00064s latency).294 Not shown: 991closed ports295 PORT STATE SERVICE296 22/tcp open ssh297 80/tcp open http298 111/tcp open rpcbind299 1234/tcp open hotline300 1521/tcp open oracle301 2809/tcp open corbaloc302 9100/tcp open jetdirect303 32768/tcp open filenet-tms304 32776/tcp open sometimes-rpc15305 306 Nmap scan report for bogon (172.16.96.200)307 Host isup (0.00062s latency).308 Not shown: 984closed ports309 PORT STATE SERVICE310 80/tcp open http311 81/tcp open hosts2-ns312 135/tcp open msrpc313 139/tcp open netbios-ssn314 445/tcp open microsoft-ds315 1521/tcp open oracle316 1688/tcp open nsjtp-data317 3389/tcp open ms-term-serv318 4000/tcp open remoteanything319 4001/tcp open newoak320 8011/tcp open unknown321 49152/tcp open unknown322 49153/tcp open unknown323 49154/tcp open unknown324 49155/tcp open unknown325 49158/tcp open unknown326 327 Nmap scan report for bogon (172.16.96.222)328 Host isup (0.00064s latency).329 Not shown: 997closed ports330 PORT STATE SERVICE331 22/tcp open ssh332 80/tcp open http333 3306/tcp open mysql334 335 Nmap scan report for bogon (172.16.96.235)336 Host isup (0.00070s latency).337 Not shown: 987closed ports338 PORT STATE SERVICE339 80/tcp open http340 135/tcp open msrpc341 139/tcp open netbios-ssn342 445/tcp open microsoft-ds343 1025/tcp open NFS-or-IIS344 1026/tcp open LSA-or-nterm345 1027/tcp open IIS346 1074/tcp open warmspotMgmt347 1433/tcp open ms-sql-s348 2382/tcp open ms-olap3349 3372/tcp open msdtc350 5120/tcp open unknown351 9001/tcp open tor-orport352 353 Nmap scan report for bogon (172.16.96.236)354 Host isup (0.00097s latency).355 Not shown: 994filtered ports356 PORT STATE SERVICE357 21/tcp open ftp358 80/tcp open http359 443/tcp open https360 8080/tcp open http-proxy361 8088/tcp open radan-http362 49154/tcp open unknown363 364 Nmap scan report for bogon (172.16.96.250)365 Host isup (0.00090s latency).366 Not shown: 994filtered ports367 PORT STATE SERVICE368 80/tcp open http369 135/tcp open msrpc370 139/tcp open netbios-ssn371 5120/tcp open unknown372 49153/tcp open unknown373 49154/tcp open unknown374 375 Nmap scan report for bogon (172.16.96.254)376 Host isup (0.0016s latency).377 Not shown: 989closed ports378 PORT STATE SERVICE379 23/tcp open telnet380 50300/tcp filtered unknown381 50389/tcp filtered unknown382 50500/tcp filtered unknown383 50636/tcp filtered unknown384 50800/tcp filtered unknown385 51493/tcp filtered unknown386 52673/tcp filtered unknown387 52822/tcp filtered unknown388 52848/tcp filtered unknown389 52869/tcp filtered unknown390 391 Nmap done: 252 IP addresses (35 hosts up) scanned in 55.38seconds392 [root@yinzhengjie ~]#
[root@yinzhengjie ~]# nmap 172.16.96.1/24 -excludefile ip.txt
8.扫描特定主机上的端口
1 [root@yinzhengjie ~]#nmap -p80,20,21,23 172.16.96.205 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 14:01CST4 Nmap scan report for bogon (172.16.96.205)5 Host isup (0.00064s latency).6 PORT STATE SERVICE7 20/tcp closed ftp-data8 21/tcp open ftp9 23/tcp closed telnet10 80/tcp closed http11 12 Nmap done: 1 IP address (1 host up) scanned in 0.03seconds13 [root@yinzhengjie ~]#
四.Nmap的高逼格使用方法
1.Tcp SYN Scan (sS) 这是一个基本的扫描方式,它被称为半开放扫描,因为这种技术使得Nmap不需要通过完整的握手,就能获得远程主机的信息。Nmap发送SYN包到远程主机,但是它不会产生任何会话.因此不会在目标主机上产生任何日志记录,因为没有形成会话。这个就是SYN扫描的优势.如果Nmap命令中没有指出扫描类型,默认的就是Tcp SYN.但是它需要root/administrator权限.
1 [root@yinzhengjie ~]#nmap -sS 172.16.96.133 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 14:05CST4 Nmap scan report for bogon (172.16.96.133)5 Host isup (0.00048s latency).6 Not shown: 997closed ports7 PORT STATE SERVICE8 22/tcp open ssh9 80/tcp open http10 3306/tcp open mysql11 12 Nmap done: 1 IP address (1 host up) scanned in 0.07seconds13 [root@yinzhengjie ~]#
2.想要通过Nmap准确的检测到远程操作系统是比较困难的,需要使用到Nmap的猜测功能选项,–osscan-guess猜测认为最接近目标的匹配操作系统类型。
1 [root@yinzhengjie ~]#nmap -O --osscan-guess 172.16.96.205 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 14:11CST4 Nmap scan report for bogon (172.16.96.205)5 Host isup (0.00097s latency).6 Not shown: 997closed ports7 PORT STATE SERVICE8 21/tcp open ftp9 22/tcp open ssh10 111/tcp open rpcbind11 Device type: WAP|general purpose|firewall|webcam|specialized|storage-misc12 Running (JUST GUESSING): Netgear embedded (96%), Linux 2.6.X|2.4.X (93%), Check Point embedded (91%), AXIS Linux 2.6.X (91%), Crestron 2-Series (89%), Citrix Linux 2.6.X (89%), IBM embedded (88%), Linksys embedded (88%)13 Aggressive OS guesses: Netgear DG834G WAP (96%), Linux 2.6.24 - 2.6.35 (93%), Linux 2.6.32 (92%), Linux 2.6.9 - 2.6.18 (92%), Check Point VPN-1 UTM appliance (91%), Linux 2.4.26 (Slackware 10.0.0) (91%), AXIS 211A Network Camera (Linux 2.6) (91%), AXIS 211A Network Camera (Linux 2.6.20) (91%), Linux 2.6.24 (90%), Linux 2.6.17 - 2.6.35 (90%)14 No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/).15 TCP/IP fingerprint:16 OS:SCAN(V=5.51%D=8/11%OT=21%CT=1%CU=31252%PV=Y%DS=1%DC=I%G=Y%TM=598D4AB9%P= 17 OS:x86_64-redhat-linux-gnu)SEQ(SP=105%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)OPS18 OS:(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST119 OS:1NW7%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN20 OS:(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=A21 OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R22 OS:=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F23 OS:=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N% 24 OS:T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD25 OS:=S)26 27 Network Distance: 1hop28 29 OS detection performed. Please report any incorrect results at http://nmap.org/submit/.30 Nmap done: 1 IP address (1 host up) scanned in 11.94seconds31 [root@yinzhengjie ~]#
更多详情可参考:http://jingyan.baidu.com/article/47a29f24312010c0142399f1.html
转载于:https://www.cnblogs.com/yinzhengjie/p/7345022.html
nmap常用参数详解相关推荐
- WPF-Visifire.Chart使用:常用参数详解
WPF-Visifire.Chart使用:常用参数详解 添加引用 1.百度下载WPFVisifire.Charts.dll程序集. 2.将程序集添加至你的项目引用. 代码部分 前台代码 <Gri ...
- free命令常用参数详解
free命令常用参数详解 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 在运维期间我们会经常去查看服务器硬件信息,比如说内存,大家可能知道看内存用"[root@yinzh ...
- ls命令及常用参数详解
ls命令及常用参数详解 ls命令及常用参数详解 ls命令详解 Linux中执行ls -l后,显示的各列代表什么意思? ls命令及常用参数详解 ♢\color{red}{\diamondsuit}♢ l ...
- Pandas读取和将数据存储到多个sheet的excel以及read_excel函数常用参数详解
Pandas读取和将数据存储到多个sheet的excel以及read_excel函数常用参数详解 Excel数据显示: read_excel函数常用参数详解 1.io 读取路径 个人比较喜欢第一种(r ...
- linux下的arp刷新命令详解,linux arp 命令常用参数详解
linux arp 命令常用参数详解 linux arp 命令常用参数详解 显示和修改地址解析协议(ARP)使用的"IP 到物理"地址转换表. ARP -s inet_addr e ...
- ping ip 端口_学生会私房菜【20200305期】——Ping命令及其常用参数详解
一命令原理 Ping是ICMP的一个典型应用.Ping是检测网络连通的常用工具,同时也能收集其他相关信息.用户可以在Ping命令中指定不同参数,如ICMP报文长度.发送的ICMP报文个数.等待回复响应 ...
- docker常用参数详解,docker run常用参数详解(精)
1. 查询github上的镜像 docker search sybase 2. 下载 docker pull ifnazar/sybase_15_7 3. 删除镜像 docker rmi -f run ...
- DBCP连接池常用参数详解
DBCP连接池配置详解 连接池空闲连接数:连接池中存放的没有被使用的连接,使用getNumIdle()方法获取 连接池活动连接数:已经被程序借出,正在使用的连接数,当调用conn.close()方法后 ...
- linux命令之ls命令及常用参数详解
1. ls命令解释 ls英文全称为list,列表列出的意思.作用是列出目录中的内容 2. 命令格式 Ls [参数] [目录] 3. 命令常用参数 不带参数:默认列出目录下的所有文件名 -l: ...
最新文章
- delete什么头文件C语言,C++中new和delete的介绍
- hadoop 单机单间_零基础入门hadoop大数据四——Hadoop框架前奏,JDK环境配置
- PIX515防火墙配置策略实例
- YARN编程实例—Unmanaged AM工作原理介绍
- wust2013届推免生复试机试代码
- 手机:导致手机发烫的原因有哪些?
- VB6 如何连接MYSQL数据库
- 【java】spring-boot源码解析之应用启动
- java中的反射总结
- 这位 GitHub 冠军项目背后的“老男人”,堪称 10 倍程序员本尊!
- java 多线程操作List,已经做了同步synchronized,还会有ConcurrentModificationException,知道为什么吗?...
- 解决Mac版 snipaste 不在菜单栏显示,无法修改快捷键
- 对话腾讯17级员工张正友博士:有关梦想、成长和焦虑
- ERROR 999999: Error executing function. The table name is invalid. Failed to execute (Reclassify).
- 用公式编辑器打的公式变大了怎么办?
- “一见杨过误终生”,《神雕侠侣》2014年 超清1080P未删节版52集全
- 计算机科学与技术论文选题怎么选,比较好写的计算机科学与技术专业论文选题 计算机科学与技术专业论文题目如何取...
- opencv学习_7 (颜色空间)
- 硬件中的三角函数计算 Cordic算法入门
- SIMT和SIMD之总结篇