Nmap亦称为
Network Mapper(网络映射)是一个开源并且通用的用于Linux系统/网络管理员的工具。
nmap用于
探查网络、执行安全扫描、网络核查并且在远程机器上
找出开放端口。它可以扫描在线的主机、操作系统、包过滤器和远程主机上的开放端口。
Nmap 命令和示例我会分两个章节讲述
NMAP的常见的使用方法,这篇是nmap系列的第一部分(译注:原文为I’ll be covering most of NMAP usage in two different parts and this is the first part of nmap serious,这里serious可能为笔误,应该为series)。在这个步骤里,我用两个没有防火墙的服务器来测试nmap命令的工作。
- 192.168.0.100 – server1.tecmint.com
- 192.168.0.101 – server2.tecmint.com
Nmap 命令使用
# nmap [Scan Type(s)] [Options] {target specification}
如何在Linux上安装nmap
如今大部分Linux发行版像
Red Hat, CentOS, Fedoro, Debian 和
Ubuntu已经在它们默认的包管理仓库中包含了
nmap,可以通过Yum 和 APT安装、管理和更新软件包。在这些发行版上安装
nmap,可以使用下面的命令。# yum install nmap[基于 Red Hat 的发行版]$ sudo apt-get install nmap [基于 Debian 的发行版]安装了最新的nmap程序之后,你就可以跟着这篇文章中的示例指令来学习了。
1. 带主机名和IP地址扫描系统
nmap工具提供了不同的方法来扫描一个系统。在这个例子中,我使用主机名为
server2.tecmint.com的机器执行扫描来找出所有开放端口,服务和系统上的MAC地址。
使用主机名扫描
[root@server1 ~]# nmap server2.tecmint.comStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp openssh80/tcp openhttp111/tcpopenrpcbind957/tcpopenunknown3306/tcp openmysql8888/tcp opensun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.415 secondsYou have new mail in /var/spool/mail/root
使用IP地址扫描
[root@server1 ~]# nmap 192.168.0.101Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp openssh80/tcp openhttp111/tcpopenrpcbind958/tcpopenunknown3306/tcp openmysql8888/tcp opensun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.465 secondsYou have new mail in /var/spool/mail/root
2. 使用"-v"选项扫描
你可以看到带"-v"选项的命令给出了关于远程机器的更多信息。[root@server1 ~]# nmap -v server2.tecmint.comStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 ESTInitiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43The ARP Ping Scan took 0.01s to scan 1 total hosts.Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43Discovered open port 22/tcp on 192.168.0.101Discovered open port 80/tcp on 192.168.0.101Discovered open port 8888/tcp on 192.168.0.101Discovered open port 111/tcp on 192.168.0.101Discovered open port 3306/tcp on 192.168.0.101Discovered open port 957/tcp on 192.168.0.101The SYN Stealth Scan took 0.30s to scan 1680 total ports.Host server2.tecmint.com (192.168.0.101) appears to be up ... good.Interesting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp openssh80/tcp openhttp111/tcpopenrpcbind957/tcpopenunknown3306/tcp openmysql8888/tcp opensun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
扫描多台主机
你可以简单地通过在namap后写上它们的IP地址或者主机名来扫描多台主机。[root@server1 ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp openssh80/tcp openhttp111/tcpopenrpcbind957/tcpopenunknown3306/tcp openmysql8888/tcp opensun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds
4. 扫描整个子网
你可以通过
通配符来使nmap扫描整个子网或者IP段。[root@server1 ~]# nmap 192.168.0.*Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 ESTInteresting ports on server1.tecmint.com (192.168.0.100):Not shown: 1677 closed portsPORTSTATE SERVICE22/tcpopenssh111/tcp openrpcbind851/tcp openunknownInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp openssh80/tcp openhttp111/tcpopenrpcbind957/tcpopenunknown3306/tcp openmysql8888/tcp opensun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 secondsYou have new mail in /var/spool/mail/root从上面的输出你可以看到nmap扫描了整个子网,并给出了
网络中
在线主机的信息。
5. 使用IP地址的最后一段扫描多台主机
你可以简单地通过指定IP地址的最后8位执行扫描多台主机。比如说,这里我在IP地址为192.168.0.101, 192.168.0.102 and 192.168.0.103的机器上执行了扫描。[root@server1 ~]# nmap 192.168.0.101,102,103Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 ESTInteresting ports on server2.tecmint.com (192.168.0.101):Not shown: 1674 closed portsPORT STATE SERVICE22/tcp openssh80/tcp openhttp111/tcpopenrpcbind957/tcpopenunknown3306/tcp openmysql8888/tcp opensun-answerbookMAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 secondsYou have new mail in /var/spool/mail/root
相关阅读:Linux下的端口扫描工具nmap http://www.linuxidc.com/Linux/2012-12/75752.htmnmap详解--网络扫描和嗅探工具包 http://www.linuxidc.com/Linux/2012-08/67593.htmnmap应用技巧 http://www.linuxidc.com/Linux/2012-08/68602.htmRedHat Enterprise Linux 5 下nmap的一次曲折安装 http://www.linuxidc.com/Linux/2011-01/31085.htmLinux中让nmap命令跟防火墙捉迷藏 http://www.linuxidc.com/Linux/2009-09/21924.htm
Java学习实践:Eclipse安装步骤如何在Linux桌面墙纸上显示Google Calendar相关资讯 NMAP
- Ubuntu 安装网络扫描和嗅探工具包 (11/26/2015 22:28:31)
- 如何在Linux上使用Nmap安全扫描工 (08/27/2015 08:23:40)
- 怎样用 WPScan,Nmap 和 Nikto 扫 (04/26/2015 09:45:22)
| - Nmap 7 发布,网络安全审计工具 (11/20/2015 13:43:40)
- Linux常用网络工具:批量主机服务 (06/08/2015 19:25:32)
- Nmap : 不是只能用于做坏事! (04/02/2015 17:37:17)
|
本文评论 查看全部评论 (0)
易网时代-编程资源站