Nmap使用浅析

Posted 2021-05-16 JoshuaGuo

Nmap

Nmap主要包括四个方面的扫描功能：主机发现、端口扫描、应用与版本侦测、操作系统侦测。

基本用法

对单个主机的扫描

​ nmap <ip address>

​ 默认情况下对目标主机进行在线状态和端口扫描

​ 实例分析：

nmap 192.168.25.131       
Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-13 23:23 EDT		// Nmap版本为7.91，扫描开始时间为2021年5月13日23。
Nmap scan report for 192.168.25.131		// 生成关于192.168.25.131 主机的报告。
Host is up (0.00038s latency).			// 显示目标主机状态为up（目标主机处于开机状态且已联网）。
Not shown: 999 filtered ports			// 在进行检查的1000个端口中，999个是被过滤的。
PORT   STATE SERVICE
22/tcp open  ssh						// 目标主机上的22端口处于开放状态，该端口提供ssh服务。
MAC Address: 00:0C:29:E8:AB:F3 (VMware)	// 目标主机MAC地址为00:0C:29:E8:AB;F3，且 是一台VMware的虚拟机。

Nmap done: 1 IP address (1 host up) scanned in 5.19 seconds	// 经过对1台主机进行扫描，发现1太状态为up的主机，耗时5.19秒。

​ nmap -sn 192.168.25.131 对目标主机只进行在线状态扫描

对多个不连续的主机扫描

​ nmap <ip0> <ip1> <ip2>……

​ 实例分析：

nmap 192.168.25.128 192.168.25.130 192.168.25.131		// 对3个IP进行扫描
Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-14 00:02 EDT
Nmap scan report for 192.168.25.128
Host is up (0.0014s latency).
Not shown: 999 closed ports				// 该主机是ubuntu系统
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:72:D6:1F (VMware)

Nmap scan report for 192.168.25.131
Host is up (0.00036s latency).
Not shown: 999 filtered ports			// 该主机是windows7系统
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:E8:AB:F3 (VMware)

Nmap done: 3 IP addresses (2 hosts up) scanned in 6.18 seconds	// 2台主机在线，1台不在线

​ 从上面可以发现，两台主机端口状态有不同。

​ Not shown: 999 closed ports

​ Not shown: 999 filtered ports

​ 端口状态filtered和closed区别为：状态不同、开放时间不同、监听不同。

​ 一、状态不同

​ 1、端口状态filtered：端口状态为filtered时，端口处于过滤状态。

​ 2、端口状态closed：端口状态为closed时，端口处于关闭状态。

​ 二、开放时间不同

​ 1、端口状态filtered：端口状态filtered由于报文无法到达指定的端口，nmap不能够决定端口的开放状态。

​ 2、端口状态closed：端口状态closed只是在扫描的这个时刻为关闭，当在另一个时间段进行扫描的时候，这些关闭的端口可能会处于开放状态。

来源：端口状态filtered和closed有什么区别_百度知道 (baidu.com)

​ 关于Nmap六种状态的可以查看：

​ (3条消息) nmap把端口定义为六种状态的解读_noviceCoder的博客-CSDN博客

对连续范围内的主机进行扫描

namp [ip范围]

实例分析

nmap -sn 192.168.25.128-135                      // 扫描 128-135范围内的主机是否在线(-sn)，不扫描端口
Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-14 00:05 EDT
Nmap scan report for 192.168.25.128
Host is up (0.00017s latency).
MAC Address: 00:0C:29:72:D6:1F (VMware)
Nmap scan report for 192.168.25.131
Host is up (0.00017s latency).
MAC Address: 00:0C:29:E8:AB:F3 (VMware)
Nmap scan report for 192.168.25.129
Host is up.
Nmap done: 8 IP addresses (3 hosts up) scanned in 1.52 seconds
// 8个ip，3个在线， 192.168.25.129是进行Nmap扫描的机器。

对整个子网进行扫描

​ nmap [ip.address/掩码位数]

​ 实例分析

​ 扫描192.168.25.1-255

nmap  192.168.25.128/24 
Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-14 00:19 EDT
Nmap scan report for 192.168.25.1
Host is up (0.00017s latency).
Not shown: 995 filtered ports
PORT     STATE SERVICE
443/tcp  open  https
902/tcp  open  iss-realsecure
912/tcp  open  apex-mesh
3306/tcp open  mysql
5357/tcp open  wsdapi
MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap scan report for 192.168.25.2
Host is up (0.00020s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
53/tcp open  domain
MAC Address: 00:50:56:F9:1E:A1 (VMware)

Nmap scan report for 192.168.25.128
Host is up (0.0028s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:72:D6:1F (VMware)

Nmap scan report for 192.168.25.131
Host is up (0.0015s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:E8:AB:F3 (VMware)

Nmap scan report for 192.168.25.254
Host is up (0.00011s latency).
All 1000 scanned ports on 192.168.25.254 are filtered
MAC Address: 00:50:56:E9:E7:93 (VMware)

Nmap scan report for 192.168.25.129
Host is up (0.0000040s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 256 IP addresses (6 hosts up) scanned in 10.02 seconds