author:headsen chen
date: 2019-01-18 10:40:37
notice:个人原创,允许转载,请注明出处,否则依法追究责任。
1,安装
yum install nmap -y
nmap有windows和linux Nmap是一款网络扫描和主机检测的非常有用的工具。Nmap是不局限于仅仅收集信息和枚举,同时可以用来作为一个漏洞探测器或安全扫描器。它可以适用于winodws,linux,mac等操作系统 从下面官网可以下载exe程序包和zip包 https://nmap.org/download.html#windows
2,常用参数解释
nmap 10.0.1.161 # 默认扫描 1-1024 的端口范围
nmap 10.0.1.161 -p1-65535 # 扫描所有的端口
nmap 10.0.1.161 -p20-200,7777,8888 # 扫描多个端口
Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:11 CST Nmap scan report for 10.0.1.161 Host is up (0.00017s latency). Not shown: 65531 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 873/tcp open rsync 13306/tcp open unknown MAC Address: 00:0C:29:56:DE:46 (VMware) Nmap done: 1 IP address (1 host up) scanned in 2.49 seconds
3,扫描udp端口
-sU:表示udp scan , udp端口扫描
-Pn:不对目标进行ping探测(不判断主机是否在线)(直接扫描端口)
对于udp端口扫描比较慢,扫描完6万多个端口需要20分钟左右
# nmap -sU 10.0.1.161 -Pn Starting Nmap 5.51 ( http://nmap.org ) at 2016-12-29 10:16 CST Stats: 0:12:54 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan UDP Scan Timing: About 75.19% done; ETC: 10:33 (0:04:16 remaining) Stats: 0:12:55 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan UDP Scan Timing: About 75.29% done; ETC: 10:33 (0:04:15 remaining) Nmap scan report for 10.0.1.161 Host is up (0.0011s latency). Not shown: 997 closed ports PORT STATE SERVICE 111/udp open rpcbind 123/udp open ntp 631/udp open|filtered ipp MAC Address: 00:0C:29:56:DE:46 (VMware) Nmap done: 1 IP address (1 host up) scanned in 1081.27 seconds
4,扫描多个IP用法,中间用空格分开
# nmap 10.0.1.161 10.0.1.162
5,扫描连续的IP地址
# nmap 10.0.1.161-162
6,扫描一个子网所有的IP
# nmap 10.0.3.0/24
7,扫描地址段是排除某个IP地址
# nmap 10.0.1.161-162 --exclude 10.0.1.162
8,扫描文件里的IP
如果你有一个ip地址列表,将这个保存为一个txt文件,和namp在同一目录下,扫描这个txt内的所有主机,用法如下
# nmap -iL ip.txt附录:nc命令启用端口
A机器上再启动两个tcp的监听,分别占用7777和8888端口,用于测试,加入&符号可以放入后台 [root@A ~]# nc -l 7777& [1] 21379 [root@A ~]# nc -l 8888& [2] 21540