Nmap命令的29个实用范例
Nmap即网络映射器对Linux系统/网络管理员来说是一个开源且非常通用的工具。Nmap用于在远程机器上探测网络,执行安全扫描,网络审计和搜寻开放端口。它会扫描远程在线主机,该主机的操作系统,包过滤器和开放的端口。 我将用两个不同的部分来涵盖大部分NMAP的使用方法,这是nmap关键的第一部分。在下面的设置中,我使用两台已关闭防火墙的服务器来测试Nmap命令的工作情况。 192.168.0.100 – server1.tecmint.com 192.168.0.101 – server2.tecmint.com NMAP命令用法 # nmap [Scan Type(s)] [Options] {target specification} 如何在Linux下安装NMAP 现在大部分Linux的发行版本像Red Hat,CentOS,Fedoro,Debian和Ubuntu在其默认的软件包管理库(即Yum 和 APT)中都自带了Nmap,这两种工具都用于安装和管理软件包和更新。在发行版上安装Nmap具体使用如下命令。 # yum install nmap [on Red Hat based systems]$ sudo apt-get install nmap [on Debian based systems] 一旦你安装了新的nmap应用程序,你可以按照本文中提供的示例说明来操作。 1. 用主机名和IP地址扫描系统 Nmap工具提供各种方法来扫描系统。在这个例子中,我使用server2.tecmint.com主机名来扫描系统找出该系统上所有开放的端口,服务和MAC地址。 使用主机名扫描 [root@server1 ~]# nmap server2.tecmint.com Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 ESTInteresting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds You have new mail in /var/spool/mail/root 使用IP地址扫描 [root@server1 ~]# nmap 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 ESTInteresting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind958/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds You have new mail in /var/spool/mail/root 2.扫描使用“-v”选项 你可以看到下面的命令使用“ -v “选项后给出了远程机器更详细的信息。 [root@server1 ~]# nmap -v server2.tecmint.com Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 ESTInitiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43The ARP Ping Scan took 0.01s to scan 1 total hosts. Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43Discovered open port 22/tcp on 192.168.0.101Discovered open port 80/tcp on 192.168.0.101Discovered open port 8888/tcp on 192.168.0.101Discovered open port 111/tcp on 192.168.0.101Discovered open port 3306/tcp on 192.168.0.101Discovered open port 957/tcp on 192.168.0.101The SYN Stealth Scan took 0.30s to scan 1680 total ports. Host server2.tecmint.com (192.168.0.101) appears to be up ... good. Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB) 3.扫描多台主机 你可以简单的在Nmap命令后加上多个IP地址或主机名来扫描多台主机。 [root@server1 ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 ESTInteresting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds 4.扫描整个子网 你可以使用*通配符来扫描整个子网或某个范围的IP地址。 [root@server1 ~]# nmap 192.168.0.* Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 ESTInteresting ports on server1.tecmint.com (192.168.0.100): Not shown: 1677 closed ports PORT STATE SERVICE22/tcp open ssh111/tcp open rpcbind851/tcp open unknown Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind957/tcp open unknown3306/tcp open mysql8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds You have new mail in /var/spool/mail/root 从上面的输出可以看到,nmap扫描了整个子网,给出了网络中当前网络中在线主机的信息。
