使用nmap 扫描时可能会扫描tcp top100 top1000 端口, 有时需要去配置文件提取,配置文件路径/usr/share/nmap/nmap-services, 具体根据实际安装情况调整:
该配置i文件通过统计学规律将各端口和服务开放的频率做了统计, 提取时需要根据特征提取并按照几率排序;
截取一段配置文件如下:
...
http 80/tcp 0.484143 # World Wide Web HTTP
ipp 631/udp 0.450281 # Internet Printing Protocol
snmp 161/udp 0.433467 # Simple Net Mgmt Proto
netbios-ns 137/udp 0.365163 # NETBIOS Name Service
ntp 123/udp 0.330879 # Network Time Protocol
netbios-dgm 138/udp 0.297830 # NETBIOS Datagram Service
ms-sql-m 1434/udp 0.293184 # Microsoft-SQL-Monitor
microsoft-ds 445/udp 0.253118
msrpc 135/udp 0.244452 # Microsoft RPC services
dhcps 67/udp 0.228010 # DHCP/Bootstrap Protocol Server
telnet 23/tcp 0.221265
domain 53/udp 0.213496 # Domain Name Server
https 443/tcp 0.208669 # secure http (SSL)
ftp 21/tcp 0.197667 # File Transfer [Control]
netbios-ssn 139/udp 0.193726 # NETBIOS Session Service
ssh 22/tcp 0.182286 # Secure Shell Login
isakmp 500/udp 0.163742
dhcpc 68/udp 0.140118 # DHCP/Bootstrap Protocol Client
...
可以结合 awk sort sed等命令提取端口和开放概率;
grep '/tcp' /usr/share/nmap/nmap-services | awk '{print $3" "$2}' | sort -nr | head -100 | awk '{print $2}' | awk -F/ '{print $1}' | sed 's/$/,/' | xargs | sed 's/, /,/g' | sed 's/,$//'
80,23,443,21,22,25,3389,110,445,139,143,53,135,3306,8080,1723,111,995,993,5900,1025,587,8888,199,1720,465,548,113,81,6001,10000,514,5060,179,1026,2000,8443,8000,32768,554,26,1433,49152,2001,515,8008,49154,1027,5666,646,5000,5631,631,49153,8081,2049,88,79,5800,106,2121,1110,49155,6000,513,990,5357,427,49156,543,544,5101,144,7,389,8009,3128,444,9999,5009,7070,5190,3000,5432,3986,1900,13,1029,9,6646,5051,49157,1028,873,1755,2717,4899,9100,119,37