[root@ok data]# nmap -F -sT -v nmap.org Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-23 12:46 CST Initiating Ping Scan at 12:46 Scanning nmap.org (45.33.49.119) [4 ports] Completed Ping Scan at 12:46, 0.17s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 12:46 Completed Parallel DNS resolution of 1 host. at 12:46, 0.24s elapsed#URL进行解析花了16.5秒 Initiating Connect Scan at 12:46 Scanning nmap.org (45.33.49.119) [100 ports] Discovered open port 22/tcp on 45.33.49.119 Discovered open port 443/tcp on 45.33.49.119 Discovered open port 80/tcp on 45.33.49.119 Discovered open port 25/tcp on 45.33.49.119 Completed Connect Scan at 12:46, 4.40s elapsed (100 total ports) Nmap scan report for nmap.org (45.33.49.119) Host is up (0.19s latency). rDNS record for 45.33.49.119: ack.nmap.org Not shown: 95 filtered ports#有95个端口被屏屏蔽了,说明防火墙是开启的,如果不开启防火墙是不会对端口屏蔽的 PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 113/tcp closed auth 443/tcp open https Read data files from: /usr/share/nmap Nmap done: 1 IP address (1 host up) scanned in 4.87 seconds#总共的运行时间 Raw packets sent: 4 (152B) | Rcvd: 1 (28B)
探测目标主机的操做系统:
对自己的系统进行扫描:
[root@ok Desktop]# nmap -O 192.168.1.14 Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-23 13:34 CST Nmap scan report for 192.168.1.14 Host is up (0.000091s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 6001/tcp open X11:1 6002/tcp open X11:2 No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=5.51%D=10/23%OT=22%CT=1%CU=30946%PV=Y%DS=0%DC=L%G=Y%TM=580C4BF3%P OS:=x86_64-redhat-linux-gnu)SEQ(SP=103%GCD=1%ISR=105%TI=Z%CI=Z%II=I%TS=A)OP OS:S(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MFFD7NNT11NW7%O4=MFFD7ST11NW7%O5=MF OS:FD7ST11NW7%O6=MFFD7ST11)WIN(W1=FFCB%W2=FFCB%W3=FFCB%W4=FFCB%W5=FFCB%W6=F OS:FCB)ECN(R=Y%DF=Y%T=40%W=FFD7%O=MFFD7NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O% OS:A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0 OS:%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S OS:=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R OS:=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N OS:%T=40%CD=S) Network Distance: 0 hops OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.79 seconds
对系统中的vhosts进行扫描:
[root@ok Desktop]# virsh list Id Name State ---------------------------------------------------- 1 c01 running#192.168.105 2 c02 running#192.168.1.103 3 1xp running#192.168.1.104
c01 c02为linux ,1xp为windows
[root@ok Desktop]# nmap -O 192.168.1.103 Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-23 13:38 CST Nmap scan report for 192.168.1.103 Host is up (0.00045s latency). Not shown: 997 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp closed http 8080/tcp closed http-proxy MAC Address: 52:54:00:B3:81:05 (QEMU Virtual NIC) Device type: general purpose Running (JUST GUESSING): Linux 2.6.X (88%) Aggressive OS guesses: Linux 2.6.22 (Fedora Core 6) (88%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.10 seconds
[root@ok Desktop]# nmap -O 192.168.1.105 Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-23 13:42 CST Nmap scan report for 192.168.1.105 Host is up (0.00041s latency). Not shown: 999 filtered ports PORT STATE SERVICE 22/tcp open ssh MAC Address: 52:54:00:ED:C2:DB (QEMU Virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|WAP|general purpose Running (JUST GUESSING): Crestron 2-Series (90%), Netgear embedded (90%), Linux 2.6.X (86%) Aggressive OS guesses: Crestron XPanel control system (90%), Netgear DG834G WAP (90%), Linux 2.6.24 - 2.6.35 (86%), Linux 2.6.31 - 2.6.34 (85%), Linux 2.6.32 (85%), Linux 2.6.9 - 2.6.18 (85%), Linux 2.6.9 - 2.6.27 (85%) No exact OS matches for host (test conditions non-ideal). Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 9.22 seconds
[root@ok Desktop]# nmap -O 192.168.1.104 Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-23 13:43 CST Nmap scan report for 192.168.1.104 Host is up (0.00099s latency). Not shown: 998 filtered ports PORT STATE SERVICE 2869/tcp open icslap 3389/tcp open ms-term-serv MAC Address: 52:54:00:C5:22:BD (QEMU Virtual NIC) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose Running: Microsoft Windows 2000|XP OS details: Microsoft Windows 2000 SP4, Microsoft Windows XP SP2 or SP3 Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 6.66 seconds
对局域网内的手机ipd进行扫描,系统识别失败!!!
扫描一个范围内的目标(扫描ip地址为192.168.1.1-192.168.1.100内的所有主机)
nmap 192.168.1.1-100
[root@ok Desktop]# nmap 192.168.1.1-200 Starting Nmap 5.51 ( http://nmap.org ) at 2016-10-23 14:14 CST Nmap scan report for 192.168.1.1 Host is up (0.00022s latency). Not shown: 955 filtered ports, 43 closed ports PORT STATE SERVICE 80/tcp open http 1900/tcp open upnp MAC Address: EC:88:8F:30:81:6C (Unknown) Nmap scan report for 192.168.1.14 Host is up (0.0000040s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 6001/tcp open X11:1 6002/tcp open X11:2 Nmap scan report for 192.168.1.100 Host is up (0.0013s latency). All 1000 scanned ports on 192.168.1.100 are closed MAC Address: 54:40:AD:28:10:E7 (Unknown) Nmap scan report for 192.168.1.101 Host is up (0.12s latency). All 1000 scanned ports on 192.168.1.101 are filtered MAC Address: 44:2A:60:8F:D9:2D (Unknown) Nmap scan report for 192.168.1.102 Host is up (0.075s latency). All 1000 scanned ports on 192.168.1.102 are filtered MAC Address: EC:F3:5B:04:82:68 (Unknown) Nmap scan report for 192.168.1.103 Host is up (0.00037s latency). Not shown: 997 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp closed http 8080/tcp closed http-proxy MAC Address: 52:54:00:B3:81:05 (QEMU Virtual NIC) Nmap scan report for 192.168.1.104 Host is up (0.00064s latency). Not shown: 998 filtered ports PORT STATE SERVICE 2869/tcp open icslap 3389/tcp open ms-term-serv MAC Address: 52:54:00:C5:22:BD (QEMU Virtual NIC) Nmap scan report for 192.168.1.105 Host is up (0.00039s latency). Not shown: 999 filtered ports PORT STATE SERVICE 22/tcp open ssh MAC Address: 52:54:00:ED:C2:DB (QEMU Virtual NIC) Nmap done: 200 IP addresses (8 hosts up) scanned in 40.97 seconds