我使用的是 kali 系统,kali自己集成了nmap工具。
nmap即支持windows系统又支持linux系统,下载地址是 https://nmap.org/download.html
# nmap
1. 主机发现 - 扫描指定ip开放端口命令:nmap 192.168.1.237
┌──(kali㉿kali)-[~] └─$ nmap 192.168.1.237 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-15 05:19 EDT Nmap scan report for localhost (192.168.1.237) Host is up (1.0s latency). Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 514/tcp filtered shell 3306/tcp open mysql 10082/tcp open amandaidx Nmap done: 1 IP address (1 host up) scanned in 118.24 seconds ┌──(kali㉿kali)-[~] └─$
2. 扫描一个段的主机在线状况命令:nmap -sP 192.168.182.0/24
└─$ nmap -T4 -oG 192.168.1.237 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-15 05:23 EDT WARNING: No targets were specified, so 0 hosts scanned. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.03 seconds ┌──(kali㉿kali)-[~] └─$ nmap -sP 192.168.182.0/24 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-15 05:27 EDT Nmap scan report for localhost (192.168.182.1) Host is up (0.00086s latency). Nmap scan report for localhost (192.168.182.2) Host is up (0.00071s latency). Nmap scan report for localhost (192.168.182.194) Host is up (0.00015s latency). Nmap done: 256 IP addresses (3 hosts up) scanned in 2.75 seconds ┌──(kali㉿kali)-[~] └─$
3. nmap -A -T4 192.168.1.237
-A 表示操作系统及其版本的探测
-T4 可以加快执行速度
┌──(kali㉿kali)-[~] └─$ nmap -A -T4 192.168.1.237 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-15 05:30 EDT Nmap scan report for localhost (192.168.1.237) Host is up (1.0s latency). Not shown: 995 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0) | ssh-hostkey: | 2048 26:12:43:44:a3:7b:7d:19:da:3e:dd:b2:8b:87:b4:25 (RSA) | 256 1a:c1:6f:0d:80:45:09:13:5a:56:91:f2:61:82:db:15 (ECDSA) |_ 256 de:10:5a:c7:44:fe:bb:11:fb:f3:51:e9:6c:fa:a5:71 (ED25519) 80/tcp open http nginx 1.14.2 |_http-server-header: nginx/1.14.2 |_http-title: Site doesn't have a title (text/html; charset=UTF-8). 514/tcp filtered shell 3306/tcp open mysql MySQL 5.6.44-log | mysql-info: | Protocol: 10 | Version: 5.6.44-log | Thread ID: 408385 | Capabilities flags: 63487 | Some Capabilities: Support41Auth, Speaks41ProtocolOld, DontAllowDatabaseTableColumn, SupportsLoadDataLocal, IgnoreSigpipes, ODBCClient, SupportsCompression, IgnoreSpaceBeforeParenthesis, SupportsTransactions, Speaks41ProtocolNew, LongPassword, LongColumnFlag, InteractiveClient, ConnectWithDatabase, FoundRows, SupportsMultipleStatments, SupportsMultipleResults, SupportsAuthPlugins | Status: Autocommit | Salt: ;X-t$QLiO,/GVY=d_2z0 |_ Auth Plugin Name: mysql_native_password 10082/tcp open ssl/amandaidx? | ssl-cert: Subject: commonName=qinglianyun/organizationName=server | Not valid before: 2019-08-14T12:02:17 |_Not valid after: 2029-08-11T12:02:17 |_ssl-date: 2021-04-15T09:32:51+00:00; -1m27s from scanner time. Host script results: |_clock-skew: -1m27s Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 199.07 seconds ┌──(kali㉿kali)-[~] └─$
4.排除我的主机扫描-够无聊的
nmap 192.168.182.0/24 --exclude 192.168.182.194
┌──(kali㉿kali)-[~] └─$ nmap 192.168.182.0/24 --exclude 192.168.182.194 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-15 05:37 EDT Nmap scan report for localhost (192.168.182.1) Host is up (0.00024s latency). Not shown: 990 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 902/tcp open iss-realsecure 912/tcp open apex-mesh 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1027/tcp open IIS 1032/tcp open iad3 1060/tcp open polestar Nmap scan report for localhost (192.168.182.2) Host is up (0.00012s latency). Not shown: 999 closed ports PORT STATE SERVICE 53/tcp filtered domain Nmap done: 255 IP addresses (2 hosts up) scanned in 4.41 seconds ┌──(kali㉿kali)-[~]
5.排除某些主机,比如排除 100~150间的50台主机
nmap 192.168.182.0/24 --exclude 192.168.182.10-190
┌──(kali㉿kali)-[~] └─$ nmap 192.168.182.0/24 --exclude 192.168.182.10-190 Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-15 05:39 EDT Nmap scan report for localhost (192.168.182.1) Host is up (0.59s latency). Not shown: 990 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 902/tcp open iss-realsecure 912/tcp open apex-mesh 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1027/tcp open IIS 1032/tcp open iad3 1060/tcp open polestar Nmap scan report for localhost (192.168.182.2) Host is up (0.00083s latency). Not shown: 999 closed ports PORT STATE SERVICE 53/tcp filtered domain Nmap scan report for localhost (192.168.182.194) Host is up (0.00033s latency). Not shown: 999 closed ports PORT STATE SERVICE 22/tcp open ssh Nmap done: 75 IP addresses (3 hosts up) scanned in 2.99 seconds ┌──(kali㉿kali)-[~] └─$
(完)
(完)