Nmap----实例学习
Nmap----实例学习
cultureSun
发布于 2023-05-18 14:39:18
发布于 2023-05-18 14:39:18
简介
Nmap (“Network Mapper(网络映射器)”) 是一款开放源代码的 网络探测和安全审核的工具。它的设计目标是快速地扫描大型网络,当然用它扫描单个 主机也没有问题。Nmap以新颖的方式使用原始IP报文来发现网络上有哪些主机,那些 主机提供什么服务(应用程序名和版本),那些服务运行在什么操作系统(包括版本信息), 它们使用什么类型的报文过滤器/防火墙,以及一堆其它功能。虽然Nmap通常用于安全审核, 许多系统管理员和网络管理员也用它来做一些日常的工作,比如查看整个网络的信息, 管理服务升级计划,以及监视主机和服务的运行。
Nmap输出的是扫描目标的列表,以及每个目标的补充信息,至于是哪些信息则依赖于所使用的选项。 “所感兴趣的端口表格”是其中的关键。那张表列出端口号,协议,服务名称和状态。状态可能是 open(开放的),filtered(被过滤的), closed(关闭的),或者unfiltered(未被过滤的)。 Open(开放的)意味着目标机器上的应用程序正在该端口监听连接/报文。 filtered(被过滤的) 意味着防火墙,过滤器或者其它网络障碍阻止了该端口被访问,Nmap无法得知 它是 open(开放的) 还是 closed(关闭的)。 closed(关闭的) 端口没有应用程序在它上面监听,但是他们随时可能开放。 当端口对Nmap的探测做出响应,但是Nmap无法确定它们是关闭还是开放时,这些端口就被认为是 unfiltered(未被过滤的) 如果Nmap报告状态组合 open|filtered 和 closed|filtered时,那说明Nmap无法确定该端口处于两个状态中的哪一个状态。 当要求进行版本探测时,端口表也可以包含软件的版本信息。当要求进行IP协议扫描时 (-sO),Nmap提供关于所支持的IP协议而不是正在监听的端口的信息。
详解
┌──(root㉿kali)-[~]
└─# nmap -v 192.168.154.131 #-v参数会输出扫描的细节
Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-28 03:56 EST
Initiating ARP Ping Scan at 03:56
Scanning 192.168.154.131 [1 port]
Completed ARP Ping Scan at 03:56, 0.07s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 03:56
Completed Parallel DNS resolution of 1 host. at 03:56, 0.03s elapsed
Initiating SYN Stealth Scan at 03:56
Scanning 192.168.154.131 [1000 ports]
Discovered open port 80/tcp on 192.168.154.131
Discovered open port 22/tcp on 192.168.154.131
Completed SYN Stealth Scan at 03:56, 0.06s elapsed (1000 total ports)
Nmap scan report for 192.168.154.131
Host is up (0.00021s latency). #192.168.154.131主机在线,且开放了22、80端口
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
MAC Address: 00:0C:29:EB:4C:D4 (VMware)
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds
Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.036KB)
┌──(root㉿kali)-[~]
└─# nmap -sS -O 192.168.154.1/24 #使用SYN扫描192.168.154.0网段的在线主机,同时主机扫描操作系统
Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-28 03:56 EST
Nmap scan report for 192.168.154.1
Host is up (0.00053s latency).
Not shown: 987 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
902/tcp open iss-realsecure
912/tcp open apex-mesh
1111/tcp open lmsocialserver
1433/tcp open ms-sql-s
2383/tcp open ms-olap4
2869/tcp open icslap
3306/tcp open mysql
9001/tcp open tor-orport
MAC Address: 00:50:56:C0:00:01 (VMware)
Device type: general purpose
Running: Microsoft Windows 10
OS CPE: cpe:/o:microsoft:windows_10:1703
OS details: Microsoft Windows 10 1703 #显示操作系统为win10
Network Distance: 1 hop
Nmap scan report for 192.168.154.2
Host is up (0.00021s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE
53/tcp filtered domain
MAC Address: 00:50:56:FB:5F:AD (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized
Running: VMware Player
OS CPE: cpe:/a:vmware:player
OS details: VMware Player virtual NAT device #操作系统为虚拟机
Network Distance: 1 hop
Nmap scan report for 192.168.154.131
Host is up (0.00078s latency).
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
MAC Address: 00:0C:29:EB:4C:D4 (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Nmap scan report for 192.168.154.254
Host is up (0.00057s latency).
All 1000 scanned ports on 192.168.154.254 are in ignored states.
Not shown: 1000 filtered tcp ports (no-response)
MAC Address: 00:50:56:FD:8B:DE (VMware)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop
Nmap scan report for 192.168.154.134
Host is up (0.000077s latency).
All 1000 scanned ports on 192.168.154.134 are in ignored states.
Not shown: 1000 closed tcp ports (reset)
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (5 hosts up) scanned in 12.58 seconds
┌──(root㉿kali)-[~]
└─# nmap -sV -p 22,80,1000-1010 192.168.154.1-254 #-sV扫描版本,-p指定扫描的端口
Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-28 03:58 EST
Nmap scan report for 192.168.154.1
Host is up (0.00071s latency).
PORT STATE SERVICE VERSION
22/tcp closed ssh
80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) #扫描到80端口协议的版本
1000/tcp closed cadlock
1001/tcp closed webpush
1002/tcp closed windows-icfw
1003/tcp closed unknown
1004/tcp closed unknown
1005/tcp closed unknown
1006/tcp closed unknown
1007/tcp closed unknown
1008/tcp closed ufsd
1009/tcp closed unknown
1010/tcp closed surf
MAC Address: 00:50:56:C0:00:01 (VMware)
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Nmap scan report for 192.168.154.2
Host is up (0.00021s latency).
PORT STATE SERVICE VERSION
22/tcp closed ssh
80/tcp closed http
1000/tcp closed cadlock
1001/tcp closed webpush
1002/tcp closed windows-icfw
1003/tcp closed unknown
1004/tcp closed unknown
1005/tcp closed unknown
1006/tcp closed unknown
1007/tcp closed unknown
1008/tcp closed ufsd
1009/tcp closed unknown
1010/tcp closed surf
MAC Address: 00:50:56:FB:5F:AD (VMware)
Nmap scan report for 192.168.154.131
Host is up (0.00042s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
1000/tcp closed cadlock
1001/tcp closed webpush
1002/tcp closed windows-icfw
1003/tcp closed unknown
1004/tcp closed unknown
1005/tcp closed unknown
1006/tcp closed unknown
1007/tcp closed unknown
1008/tcp closed ufsd
1009/tcp closed unknown
1010/tcp closed surf
MAC Address: 00:0C:29:EB:4C:D4 (VMware)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Nmap scan report for 192.168.154.254
Host is up (0.00026s latency).
PORT STATE SERVICE VERSION
22/tcp filtered ssh
80/tcp filtered http
1000/tcp filtered cadlock
1001/tcp filtered webpush
1002/tcp filtered windows-icfw
1003/tcp filtered unknown
1004/tcp filtered unknown
1005/tcp filtered unknown
1006/tcp filtered unknown
1007/tcp filtered unknown
1008/tcp filtered ufsd
1009/tcp filtered unknown
1010/tcp filtered surf
MAC Address: 00:50:56:FD:8B:DE (VMware)
Nmap scan report for 192.168.154.134
Host is up (0.000011s latency).
PORT STATE SERVICE VERSION
22/tcp closed ssh
80/tcp closed http
1000/tcp closed cadlock
1001/tcp closed webpush
1002/tcp closed windows-icfw
1003/tcp closed unknown
1004/tcp closed unknown
1005/tcp closed unknown
1006/tcp closed unknown
1007/tcp closed unknown
1008/tcp closed ufsd
1009/tcp closed unknown
1010/tcp closed surf
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 254 IP addresses (5 hosts up) scanned in 10.20 seconds
┌──(root㉿kali)-[~/Desktop]
└─# nmap -P0 -p80 -oX pb-port80scan.xml -oG pb-port80scan.gnmap 192.168.154.131 #-oX扫描结果以xml格式输出到pb-port80scan.xml文件中
Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-28 04:24 EST
Nmap scan report for 192.168.154.131
Host is up (0.00067s latency).
PORT STATE SERVICE
80/tcp open http
MAC Address: 00:0C:29:EB:4C:D4 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 4.24 seconds
┌──(root㉿kali)-[~/Desktop]
└─# ls
1234.png 8702d4ecd12a8c4d34f1cd79e3101435.jpg kk.php routersploit.log user.ini
123.php docswords.txt pb-port80scan.gnmap test.txt
123.png example pb-port80scan.xml tt.txt
┌──(root㉿kali)-[~/Desktop]
└─# cat pb-port80scan.xml #输出pb-port80scan.xml文件的内容
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///usr/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.92 scan initiated Tue Feb 28 04:24:57 2023 as: nmap -P0 -p80 -oX pb-port80scan.xml -oG pb-port80scan.gnmap 192.168.154.131 -->
<nmaprun scanner="nmap" args="nmap -P0 -p80 -oX pb-port80scan.xml -oG pb-port80scan.gnmap 192.168.154.131" start="1677576297" startstr="Tue Feb 28 04:24:57 2023" version="7.92" xmloutputversion="1.05">
<scaninfo type="syn" protocol="tcp" numservices="1" services="80"/>
<verbose level="0"/>
<debugging level="0"/>
<hosthint><status state="up" reason="arp-response" reason_ttl="0"/>
<address addr="192.168.154.131" addrtype="ipv4"/>
<address addr="00:0C:29:EB:4C:D4" addrtype="mac" vendor="VMware"/>
<hostnames>
</hostnames>
</hosthint>
<host starttime="1677576301" endtime="1677576301"><status state="up" reason="arp-response" reason_ttl="0"/>
<address addr="192.168.154.131" addrtype="ipv4"/>
<address addr="00:0C:29:EB:4C:D4" addrtype="mac" vendor="VMware"/>
<hostnames>
</hostnames>
<ports><port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="http" method="table" conf="3"/></port>
</ports>
<times srtt="666" rttvar="3767" to="100000"/>
</host>
<runstats><finished time="1677576301" timestr="Tue Feb 28 04:25:01 2023" summary="Nmap done at Tue Feb 28 04:25:01 2023; 1 IP address (1 host up) scanned in 4.24 seconds" elapsed="4.24" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>Bash
结语
纸上得来终觉浅。
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录