示例
先看来一个示例
➜ ~ nmap -v -r -p0-65535 192.168.1.23-v 显示详情
-r端口从小到大扫描
-p端口范围
结果
Starting Nmap 6.40 ( http://nmap.org ) at 2023-12-22 15:47 CST
Initiating Ping Scan at 15:47
Scanning 192.168.1.23 [4 ports]
Completed Ping Scan at 15:47, 0.21s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:47
Completed Parallel DNS resolution of 1 host. at 15:47, 0.00s elapsed
Initiating SYN Stealth Scan at 15:47
Scanning 192.168.1.23 [65536 ports]
Discovered open port 22/tcp on 192.168.1.23
Discovered open port 3306/tcp on 192.168.1.23
Discovered open port 5001/tcp on 192.168.1.23
Discovered open port 5006/tcp on 192.168.1.23
SYN Stealth Scan Timing: About 6.10% done; ETC: 15:55 (0:07:57 remaining)
Discovered open port 8123/tcp on 192.168.1.23
Discovered open port 8200/tcp on 192.168.1.23
Discovered open port 8300/tcp on 192.168.1.23
Discovered open port 8443/tcp on 192.168.1.23
Discovered open port 8515/tcp on 192.168.1.23
Discovered open port 8818/tcp on 192.168.1.23
Discovered open port 8890/tcp on 192.168.1.23
Discovered open port 9000/tcp on 192.168.1.23
SYN Stealth Scan Timing: About 13.91% done; ETC: 15:57 (0:08:28 remaining)
Discovered open port 9093/tcp on 192.168.1.23
Discovered open port 9326/tcp on 192.168.1.23
SYN Stealth Scan Timing: About 16.40% done; ETC: 15:58 (0:09:31 remaining)
SYN Stealth Scan Timing: About 20.99% done; ETC: 15:58 (0:08:54 remaining)
SYN Stealth Scan Timing: About 27.07% done; ETC: 15:57 (0:07:43 remaining)
SYN Stealth Scan Timing: About 33.98% done; ETC: 15:57 (0:06:33 remaining)
SYN Stealth Scan Timing: About 41.67% done; ETC: 15:56 (0:05:25 remaining)
Discovered open port 30391/tcp on 192.168.1.23
SYN Stealth Scan Timing: About 49.92% done; ETC: 15:56 (0:04:23 remaining)
SYN Stealth Scan Timing: About 58.67% done; ETC: 15:55 (0:03:26 remaining)
SYN Stealth Scan Timing: About 67.83% done; ETC: 15:55 (0:02:33 remaining)
SYN Stealth Scan Timing: About 77.37% done; ETC: 15:54 (0:01:43 remaining)
SYN Stealth Scan Timing: About 84.45% done; ETC: 15:54 (0:01:10 remaining)
SYN Stealth Scan Timing: About 91.86% done; ETC: 15:54 (0:00:37 remaining)
Completed SYN Stealth Scan at 15:54, 444.78s elapsed (65536 total ports)
Nmap scan report for 192.168.1.23
Host is up (0.00084s latency).
Not shown: 65499 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
443/tcp closed https
514/tcp closed shell
3306/tcp open unknown
5001/tcp open commplex-link
5006/tcp open unknown
6124/tcp closed unknown
7848/tcp closed unknown
8123/tcp open polipo
8200/tcp open trivnet1
8300/tcp open tmi
8443/tcp open https-alt
8514/tcp closed unknown
8515/tcp open unknown
8516/tcp closed unknown
8818/tcp open unknown
8848/tcp closed unknown
8888/tcp closed sun-answerbook
8889/tcp closed ddi-tcp-2
8890/tcp open unknown
9000/tcp open cslistener
9020/tcp closed tambora
9093/tcp open unknown
9326/tcp open unknown
9514/tcp closed unknown
9515/tcp closed unknown
9848/tcp closed unknown
9849/tcp closed unknown
9999/tcp closed abyss
30391/tcp open unknown
41523/tcp closed unknown
50300/tcp closed unknown
50301/tcp closed unknown
50302/tcp closed unknown
50303/tcp closed unknown
50304/tcp closed unknownNmap,Network Mapper,是一款强大的主机发现和端口扫描的工具。
基本功能
(1)扫描主机端口,嗅探所提供的网络服务
(2)探测一组主机是否在线
(3)识别主机的操作系统
(4)到达主机经过的路由,系统开放的端口
二、端口的状态:识别的六种端口
Open | 端口对外开放状态 |
Closed | 端口关闭状态 |
Filtered | 扫描数据被过滤 |
Unfiltered | 不能判断端口处于开放还是关闭,需进一步扫描 |
Open|Filtered | 开放或者被过滤可能受到某些设备阻挡 |
Closed|Filtered | 端口关闭或者被过滤)本次使用隐蔽扫描 |
常用主机存活探测参数
-sP 使用Ping扫描
-sL 列表扫描,仅将指定的目标IP列举出来,不进行主机发现。
-Pn 不检测主机存活,默认当前主机存活。
-PS 使用TCP SYN Ping扫描。
-PA 使用TCP ACK Ping扫描。
-PU 使用UDP Ping扫描
常用扫描方式参数
-sS TCP SYN扫描。
-sT TCP连接扫描。
-sU UDP扫描。
-sA TCP ACK扫描。
-sW TCP窗口扫描。
-sN/-sF/-sX 隐蔽扫描。
-sI 空闲扫描
常用端口扫描相关参数
-p 指定端口,指定的端口范围在1-65535之间。
-r 按照端口号大小,从小到大进行扫描。
-F 扫描最常用的100个端口。
--exclede-ports 指定排除的端口。
4、常用服务和操作系统识别参数 参数 说明
-O 检测目标操作系统。
-sV 检测服务。
-A 可以同时启用操作系统检测和版本检测。
常用扫描速度识别
扫描参数范围在T0-T5之间,扫描速度由T0到T5处于递增状态。
-T0,T1 慢速扫描,躲避防火墙等设备检测。
-T2 比T0,T1扫描速度快,比T3慢。
-T3 Nmap默认扫描速度。
-T4 快速扫描,比T3要快。
-T5 极速扫描,扫描结果极为不准。
6、其他参数 参数 说明
-v 提高输出信息的详细程度。
-oX 扫描结果输出为XML格式文件。
