如何在linux使用nmap端口扫描工具扫描网段内开放的端口
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了如何在linux使用nmap端口扫描工具扫描网段内开放的端口相关的知识,希望对你有一定的参考价值。
linux一般不会自动安装nmap命令需要使用yum -y install nmap安装nmap命令,前提是您已经配置好了yum源。
nmap特点:
主机探测
端口扫描
版本检测
系统检测
支持探测脚本的编写
nmap命令详解
nmap ip_address #nmap默认发送一个arp的ping数据包,来探测目标主机1-10000范围内所有开放的端口 [[email protected] scanport]# nmap 10.132.71.1 Starting Nmap 6.40 ( http://nmap.org ) at 2017-11-17 10:20 CST Nmap scan report for 10.132.71.1 Host is up (0.00030s latency). Not shown: 987 closed ports PORT STATE SERVICE 21/tcp open ftp 135/tcp open msrpc 139/tcp open netbios-ssn 1027/tcp open IIS 1028/tcp open unknown 1029/tcp open ms-lsa 1031/tcp open iad2 2638/tcp open sybase 3389/tcp open ms-wbt-server 6059/tcp open X11:59 7001/tcp open afs3-callback 8001/tcp open vcom-tunnel 8089/tcp open unknown MAC Address: 5C:F3:FC:E4:81:40 (IBM) Nmap done: 1 IP address (1 host up) scanned in 1.27 seconds [[email protected] scanport]#
-vv 参数表示结果详细输出
[[email protected] scanport]# nmap -vv 10.132.71.1 Starting Nmap 6.40 ( http://nmap.org ) at 2017-11-17 10:21 CST Initiating ARP Ping Scan at 10:21 Scanning 10.132.71.1 [1 port] Completed ARP Ping Scan at 10:21, 0.02s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 10:21 Completed Parallel DNS resolution of 1 host. at 10:21, 0.00s elapsed Initiating SYN Stealth Scan at 10:21 Scanning 10.132.71.1 [1000 ports] Discovered open port 21/tcp on 10.132.71.1 Discovered open port 139/tcp on 10.132.71.1 Discovered open port 3389/tcp on 10.132.71.1 Discovered open port 135/tcp on 10.132.71.1 Discovered open port 1029/tcp on 10.132.71.1 Discovered open port 1028/tcp on 10.132.71.1 Discovered open port 1031/tcp on 10.132.71.1 Discovered open port 8001/tcp on 10.132.71.1 Discovered open port 1027/tcp on 10.132.71.1 Discovered open port 7001/tcp on 10.132.71.1 Discovered open port 8089/tcp on 10.132.71.1 Discovered open port 6059/tcp on 10.132.71.1 Discovered open port 2638/tcp on 10.132.71.1 Completed SYN Stealth Scan at 10:21, 1.15s elapsed (1000 total ports) Nmap scan report for 10.132.71.1 Host is up (0.00029s latency). Scanned at 2017-11-17 10:21:43 CST for 2s Not shown: 987 closed ports PORT STATE SERVICE 21/tcp open ftp 135/tcp open msrpc 139/tcp open netbios-ssn 1027/tcp open IIS 1028/tcp open unknown 1029/tcp open ms-lsa 1031/tcp open iad2 2638/tcp open sybase 3389/tcp open ms-wbt-server 6059/tcp open X11:59 7001/tcp open afs3-callback 8001/tcp open vcom-tunnel 8089/tcp open unknown MAC Address: 5C:F3:FC:E4:81:40 (IBM) Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 1.26 seconds Raw packets sent: 1082 (47.592KB) | Rcvd: 1001 (40.080KB) [[email protected] scanport]#
-p自定义扫描的端口
例如:扫描1-200号端口
[[email protected] scanport]# nmap -p1-200 10.128.71.1 Starting Nmap 6.40 ( http://nmap.org ) at 2017-11-17 10:26 CST Nmap scan report for 10.128.71.1 Host is up (0.00030s latency). Not shown: 197 closed ports PORT STATE SERVICE 21/tcp open ftp 135/tcp open msrpc 139/tcp open netbios-ssn MAC Address: 5C:F3:FC:E4:81:40 (IBM) Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds [[email protected] scanport]#
例如:指定特定端口
[[email protected] scanport]# nmap -p135,136,137,139 10.128.71.1 Starting Nmap 6.40 ( http://nmap.org ) at 2017-11-17 10:28 CST Nmap scan report for 10.128.71.1 Host is up (0.0045s latency). PORT STATE SERVICE 135/tcp open msrpc 136/tcp closed profile 137/tcp closed netbios-ns 139/tcp open netbios-ssn MAC Address: 5C:F3:FC:E4:81:40 (IBM) Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds [[email protected] scanport]#
-sP指定扫描方式为ping(不扫描端口)
nmap -sP ip_address #使用ping方式扫描(不扫描端口)
nmap --traceroute ip_address #路由跟踪
nmap -sP xx.xx.xx.xx/24 #扫描一个网段(使用ping)
nmap -sP 10.1.1.1-255 #也可以扫描一个网段(使用ping)
nmap -sT ip_address #TCP contect()端口扫描
nmap -sU ip_address #UDP端口扫描
nmap -sS ip_address #TCP同步(SYN)端口扫描
nmap 10.1.1.1/24 #扫描一个网段使用默认端口扫描,结果同下面脚本
#!/bin/bash for i in {1..254} do nmap 10.128.71.$i >>scan.port done
nmap探测操作系统类型
nmap -O ip_address #扫描操作系统类型
nmap -A ip_address #使用默认扫描,ping扫描,操作系统扫描,脚本扫描,路由跟踪,服务探测等
[[email protected] scanport]# nmap -A 10.128.71.1 Starting Nmap 6.40 ( http://nmap.org ) at 2017-11-17 10:46 CST Nmap scan report for 10.128.71.1 Host is up (0.00028s latency). Not shown: 987 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd | ftp-anon: Anonymous FTP login allowed (FTP code 230) | 07-21-12 03:03AM <DIR> aspnet_client | 11-17-17 07:35AM <DIR> download |_12-13-12 10:31AM 105984 \xD2\xBD\xB1\xA3\xB2\xBF\xC3\xC5\xC8\xCB\xD4\xB1.xls 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 1027/tcp open msrpc Microsoft Windows RPC 1028/tcp open msrpc Microsoft Windows RPC 1029/tcp open msrpc Microsoft Windows RPC 1031/tcp open tcpwrapped 2638/tcp open sybase? 3389/tcp open ms-wbt-server Microsoft Terminal Service 6059/tcp open tcpwrapped 7001/tcp open http Oracle WebLogic Server (Servlet 2.5; JSP 2.1) |_http-generator: WebLogic Server |_http-methods: No Allow or Public header in OPTIONS response (status code 404) |_http-title: Error 404--Not Found 8001/tcp open http Oracle WebLogic Server (Servlet 2.5; JSP 2.1) |_http-generator: WebLogic Server |_http-methods: No Allow or Public header in OPTIONS response (status code 404) |_http-title: Error 404--Not Found 8089/tcp open http Microsoft IIS httpd 6.0 | http-methods: Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT |_See http://nmap.org/nsedoc/scripts/http-methods.html |_http-title: 10.128.71.1 - / MAC Address: 5C:F3:FC:E4:81:40 (IBM) Device type: general purpose Running: Microsoft Windows XP OS CPE: cpe:/o:microsoft:windows_xp::sp2 OS details: Microsoft Windows XP SP2 Network Distance: 1 hop Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_nbstat: NetBIOS name: LD, NetBIOS user: <unknown>, NetBIOS MAC: 5c:f3:fc:e4:81:40 (IBM) | smb-os-discovery: | OS: Windows Server 2003 3790 Service Pack 2 (Windows Server 2003 5.2) | OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 | Computer name: LD | NetBIOS computer name: LD | Workgroup: WORKGROUP |_ System time: 2017-11-17T10:50:02+08:00 | smb-security-mode: | Account that was used for smb scripts: <blank> | User-level authentication | SMB Security: Challenge/response passwords supported |_ Message signing disabled (dangerous, but default) |_smbv2-enabled: Server doesn‘t support SMBv2 protocol TRACEROUTE HOP RTT ADDRESS 1 0.28 ms 10.128.71.1 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 89.36 seconds [[email protected] scanport]#
本文出自 “夜色” 博客,请务必保留此出处http://liuqun.blog.51cto.com/3544993/1982726
以上是关于如何在linux使用nmap端口扫描工具扫描网段内开放的端口的主要内容,如果未能解决你的问题,请参考以下文章