如何探测内网存活主机

for /l %i in (1,1,255) do @ping 192.168.64.%i -w 1 -n 1|find /i "ttl="

for k in $( seq 1 255);do ping -c 1 192.168.99.$k|grep "ttl"|awk -F "[ :]+" '{print $4}'; done

powershell.exe -exec bypass -Command "Import-Module ./Invoke-TSPingSweep.ps1;Invoke-TSPingSweep -StartAddress 192.168.1.0 -EndAddress 192.168.1.255"脚本下载地址：

https://gallery.technet.microsoft.com/scriptcenter/Invoke-TSPingSweep-b71f1b9b

PS C:\Users\Bypass> 1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("192.168.246.44",$_)) "Port $_ is open!"} 2>$null针对某IP段中单个端口的扫描：

foreach ($ip in 1..20) {Test-NetConnection -Port 80 -InformationLevel "Detailed" 192.168.1.$ip}针对某IP段 & 多个端口的扫描器

1..20 | % { $a = $_; 1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("10.0.0.$a",$_)) "Port $_ is open!"} 2>$null}

auxiliary/scanner/discovery/arp_sweep   ARP扫描auxiliary/scanner/discovery/udp_sweep   UDP扫描auxiliary/scanner/netbios/nbname        NETBIOS扫描auxiliary/scanner/snmp/snmp_enum        SNMP扫描auxiliary/scanner/smb/smb_version       SMB扫描

auxiliary/scanner/portscan/ack          TCP ACK端口扫描auxiliary/scanner/portscan/ftpbounce    FTP bounce端口扫描auxiliary/scanner/portscan/syn         SYN端口扫描auxiliary/scanner/portscan/tcp          TCP端口扫描  auxiliary/scanner/portscan/xmas         TCP XMas端口扫描

-sT: TCP 扫描-sS: SYN 扫描-sA: ACK 扫描-sF：FIN扫描-sU: UDP 扫描-sR: RPC 扫描-sP: ICMP扫描

nmap -sS -p 1-65535 -v 192.168.99.177