Nmap命令
介绍
- 用于列举网络主机清单、管理服务升级调度、监控主机或服务运行状况。
- 可以检查目标主机是否在线,端口开放情况、检测运行服务类型以及版本信息、侦测操作系统与设备类型。
功能
- 主机发现
- 端口扫描
- 版本侦测
- 操作系统侦测
- 支持探测脚本的编写
常见的服务和端口号
| 服务 |
端口号 |
| http |
80 |
| https |
443 |
| telnet |
23 |
| ftp |
21 |
| ssh |
22 |
| smtp |
25 |
| pop3 |
110 |
| WebLogin |
7001 |
| tomcat |
8080 |
| 服务 |
端口号 |
| WIN2003远程登录 |
3389 |
| Oracle |
1521 |
| MS SQL SERVER |
1443 |
| MYSQL |
3306 |
| redis |
6279 |
语法
#nmap 参数 ip地址
选项
| 选项参数 |
说明 |
| -sS |
TCP同步扫描 |
| -sT |
TCP连接扫描 |
| -sn |
不进行端口扫描,只检测主机是否运行 |
| -sU |
扫描UDP端口 |
| -sV |
探测服务版本信息 |
| -Pn |
值进行扫描,不ping主机 |
| -PS |
使用SYN包对目标主机进行扫描 |
| -PU |
使用DUPping扫描端口 |
| -O |
扫描系统的操作系统 |
| 选项参数 |
说明 |
| -v |
显示扫描过程的详细信息 |
| -S |
设置扫描的源IP的地址 |
| -g |
设置扫描的源端口 |
| -p |
指定要扫描的端口 |
| -n |
不进行DNS解析,加快扫描速度 |
| -exclude |
排除指定主机 |
| -excludefile |
排除指定文件中的主机 |
范例
# nmap localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-01 08:03 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
# nmap -p 10-4000 192.168.13.153
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-01 08:06 EST
Nmap scan report for 192.168.13.153 (192.168.13.153)
Host is up (0.00038s latency).
Not shown: 3986 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
MAC Address: 00:0C:29:31:AF:3F (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.67 seconds
nmap 192.168.13.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-01 08:07 EST
--<skip>
Nmap scan report for 192.168.13.153 (192.168.13.153)
Host is up (0.0022s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
6667/tcp open irc
MAC Address: 00:0C:29:31:AF:3F (VMware)
Nmap scan report for 192.168.13.254 (192.168.13.254)
Host is up (0.000078s latency).
All 1000 scanned ports on 192.168.13.254 (192.168.13.254) are filtered
MAC Address: 00:50:56:EC:83:97 (VMware)
Nmap scan report for 192.168.13.152 (192.168.13.152)
Host is up (0.0000050s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (6 hosts up) scanned in 9.88 seconds
# nmap -O -sV 192.168.13.153
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-01 08:14 EST
Nmap scan report for 192.168.13.153 (192.168.13.153)
Host is up (0.00094s latency).
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
3306/tcp open mysql MySQL (unauthorized)
6667/tcp open irc InspIRCd
MAC Address: 00:0C:29:31:AF:3F (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: Hosts: LAZYSYSADMIN, Admin.local; OS: Linux; CPE: cpe:/o:linux:linux_kernel
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.48 seconds
