Linux 网络扫瞄工具 — nmap

Sam Tang

10 years ago

Nmap 是开源的网络扫描与检测工具, 对于系统管理员十分实用, 以下是 nmap 的实用例子。

如果系统内没有安装 nmap, 可以用系统的套件管理工具安装:

RHEL, CentOS, Fedora:

# yum install nmap

Debian, Ubuntu:

# apt-get install nmap

安装 nmap 后, 便可以开始使用 nmap.

扫瞄 IP 地址或 Hostname:

# nmap phpini.com

[root@server1 ~]# nmap server2.tecmint.com

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-26 14:29 HKT
Nmap scan report for phpini.com (104.27.168.11)
Host is up (0.0016s latency).
Other addresses for phpini.com (not scanned): 104.27.169.11
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt

改成 IP 地址:

# nmap 104.27.169.11

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-26 14:30 HKT
Nmap scan report for 104.27.169.11
Host is up (0.0020s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt

Nmap done: 1 IP address (1 host up) scanned in 4.65 seconds

如果加上 -v 参数, 会显示更为详细的资讯:

# nmap -v phpini.com

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-26 14:33 HKT
Initiating Ping Scan at 14:33
Scanning phpini.com (104.27.169.11) [4 ports]
Completed Ping Scan at 14:33, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:33
Completed Parallel DNS resolution of 1 host. at 14:33, 0.01s elapsed
Initiating SYN Stealth Scan at 14:33
Scanning phpini.com (104.27.169.11) [1000 ports]
Discovered open port 80/tcp on 104.27.169.11
Discovered open port 8080/tcp on 104.27.169.11
Discovered open port 443/tcp on 104.27.169.11
Discovered open port 8443/tcp on 104.27.169.11
Completed SYN Stealth Scan at 14:33, 4.73s elapsed (1000 total ports)
Nmap scan report for phpini.com (104.27.169.11)
Host is up (0.0018s latency).
Other addresses for phpini.com (not scanned): 104.27.168.11
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.84 seconds
Raw packets sent: 2002 (88.064KB) | Rcvd: 7 (308B)

扫瞄多台主机

例如要扫瞄多台主机, 指令是这样:

# nmap 192.168.1.10 192.168.1.11 192.168.1.12

扫瞄整个 class C 网络:

# nmap 192.168.1.*

或

# nmap 192.168.1.0/24

扫瞄 192.168.1.121, 192.168.1.125 及 192.168.1.130 三台主机:

# nmap 192.168.1.121,125,130

从档案读取主机扫瞄:

# nmap -iL host_list.txt

扫瞄作业系统及服务的版本资讯:

# nmap -A 192.168.1.100

扫瞄主机是否有防火墙:

[r# nmap -sA 192.168.1.100

扫瞄有开机的主机:

# nmap -sP 192.168.1.*

扫瞄埠号, 例如想扫瞄埠号 80:

# nmap -p 80 192.168.1.100

扫瞄多个埠号, 例如扫瞄 80 及 443 埠号:

# nmap -p 80,443 192.168.1.100

你可能感兴趣的内容