第5章 批量主机扫描
批量主机服务扫描
目的:
1、批量主机存活扫描。
2、针对主机服务扫描
作用:
1、能更方便快捷获取网络中主机的存活状态。2、更加细致、智能获取主机服务侦査情况。
典型命令:nmap、ncat
nmap命令的使用介绍
| 扫描类型 | 描述 | 特点 |
| ICMP协议类型(-P) | ping扫描 | 简单、快速、有效 |
| TCP SYN 扫描(-sS) | TCP半开放扫描 | 1、高效 2、不易被检测 3、通用 |
| TCP connect(扫描(-sT) | TCP全开放扫描 | 1、真实 2、结果可靠 |
| UDP扫描(-sU) | UDP协议扫描 | 有效透过防火墙策略 |
icmp 不是tcp 协议
[root@centos-6 ~]# nmap -sP 10.0.1.10
Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:27 UTC
Nmap scan report for 10.0.1.10
Host is up (0.00034s latency).
MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems)
Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
[root@centos-6 ~]# nmap -sP 10.0.1.0/24
Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:27 UTC
Nmap scan report for 10.0.1.1
Host is up (0.00021s latency).
MAC Address: 0A:00:27:00:00:1A (Unknown)
Nmap scan report for 10.0.1.10
Host is up (0.00024s latency).
MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems)
Nmap scan report for 10.0.1.60
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 9.26 seconds
[root@centos-6 ~]# nmap -sS 10.0.1.10
Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:32 UTC
Nmap scan report for 10.0.1.10
Host is up (0.000074s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems)
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
0-1024 默认扫描
[root@centos-6 ~]# nmap -sS -p 0-30000 10.0.1.10
Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:42 UTC
Nmap scan report for 10.0.1.10
Host is up (0.000070s latency).
Not shown: 29998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems)
Nmap done: 1 IP address (1 host up) scanned in 1.38 seconds
[root@centos-6 ~]# nmap -sT -p 0-30000 10.0.1.10
Starting Nmap 5.51 ( http://nmap.org ) at 2019-10-14 07:43 UTC
Nmap scan report for 10.0.1.10
Host is up (0.0016s latency).
Not shown: 29998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
MAC Address: 08:00:27:66:D2:2F (Cadmus Computer Systems)
Nmap done: 1 IP address (1 host up) scanned in 2.10 seconds
扫描用udp会慢,一直处于等待的状态
ncat工具使用
组合参数
-W 设置的超时时间
-z —个输入输出模式
-ν 显示命令执行过程
方式一、基于tcp协议(默认)
nc -v -z -w2 10.10.250.254 1-50
方式二、基于udp协议-u
nc -v -u -z -w2 10.10.250.254 1-50
[root@centos-6 ~]# nc -v -z -w2 10.0.1.10 1-100
nc: connect to 10.0.1.10 port 1 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 2 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 3 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 4 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 5 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 6 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 7 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 8 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 9 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 10 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 11 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 12 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 13 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 14 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 15 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 16 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 17 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 18 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 19 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 20 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 21 (tcp) failed: Connection refused
Connection to 10.0.1.10 22 port [tcp/ssh] succeeded!
nc: connect to 10.0.1.10 port 23 (tcp) failed: Connection refused
nc: connect to 10.0.1.10 port 24 (tcp) failed: Connection refused
[root@centos-6 ~]# nc -u -v -z -w2 10.0.1.10 1-100
内核限制,单位时间不可达的数量