NMap使用示例

1. 简介

主页:nmap.org
源码:github.com/nmap
NMap (Network Mapper) 是一个开放源代码的网络扫描软件,最初用于扫描开放的网络连接端,后来发展成为全面的网络安全工具组件。由Gordon Lyon于1997年9月推出,在Linux平台下运行;2018年3月20日发布了7.70版,运行在Linux,Windows,MacOS,Solaris等平台。

2. 主要功能

主机发现 – 识别网络上的主机。
端口扫描 – 枚举目标主机上的开放端口。
服务检测 – 查询网络服务以确定应用程序名称和版本号。
系统检测 – 确定网络设备的操作系统和硬件特征。

2.1. 主机发现

nmap -sS
>nmap -sS nmap.org
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-18 19:41 CST
Nmap scan report for nmap.org (45.33.49.119)
Host is up (0.22s latency).
rDNS record for 45.33.49.119: ack.nmap.org
Not shown: 993 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
70/tcp closed gopher
80/tcp open http
113/tcp closed ident
443/tcp open https
31337/tcp closed Elite

Nmap done: 1 IP address (1 host up) scanned in 13.84 seconds

2.2. 端口扫描

nmap -vv
>nmap -vv nmap.org
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-18 19:43 CST
Initiating Ping Scan at 19:43
Scanning nmap.org (45.33.49.119) [4 ports]
Completed Ping Scan at 19:43, 0.72s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:43
Completed Parallel DNS resolution of 1 host. at 19:43, 0.05s elapsed
Initiating SYN Stealth Scan at 19:43
Scanning nmap.org (45.33.49.119) [1000 ports]
Discovered open port 443/tcp on 45.33.49.119
Discovered open port 80/tcp on 45.33.49.119
Discovered open port 22/tcp on 45.33.49.119
Discovered open port 25/tcp on 45.33.49.119
Completed SYN Stealth Scan at 19:43, 10.49s elapsed (1000 total ports)
Nmap scan report for nmap.org (45.33.49.119)
Host is up, received echo-reply ttl 51 (0.20s latency).
rDNS record for 45.33.49.119: ack.nmap.org
Scanned at 2019-01-18 19:43:23 CST for 12s
Not shown: 993 filtered ports
Reason: 993 no-responses
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack ttl 51
25/tcp open smtp syn-ack ttl 51
70/tcp closed gopher reset ttl 51
80/tcp open http syn-ack ttl 51
113/tcp closed ident reset ttl 51
443/tcp open https syn-ack ttl 51
31337/tcp closed Elite reset ttl 51

Read data files from: \Nmap
Nmap done: 1 IP address (1 host up) scanned in 12.13 seconds
Raw packets sent: 2002 (88.064KB) | Rcvd: 52 (2.951KB)

2.3. 服务检测

nmap -sV
>nmap -sV nmap.org
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-18 19:45 CST
Nmap scan report for nmap.org (45.33.49.119)
Host is up (0.21s latency).
rDNS record for 45.33.49.119: ack.nmap.org
Not shown: 993 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
25/tcp open smtp Postfix smtpd
70/tcp closed gopher
80/tcp open http Apache httpd 2.4.6
113/tcp closed ident
443/tcp open ssl/ssl Apache httpd (SSL-only mode)
31337/tcp closed Elite
Service Info: Host: ack.nmap.org

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 30.06 seconds

2.4. 系统检测

nmap -O
>nmap -O nmap.org
Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-18 19:49 CST
Nmap scan report for nmap.org (45.33.49.119)
Host is up (0.15s latency).
rDNS record for 45.33.49.119: ack.nmap.org
Not shown: 993 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
70/tcp closed gopher
80/tcp open http
113/tcp closed ident
443/tcp open https
31337/tcp closed Elite
Aggressive OS guesses: Linux 4.4 (92%), Linux 3.10 - 3.12 (91%), Linux 4.9 (90%), Linux 4.0 (88%), Linux 2.6.32 (88%), Linux 3.10 - 3.16 (87%), Linux 3.11 - 4.1 (87%), Linux 2.6.32 or 3.10 (87%), Linux 3.4 (87%), Linux 3.5 (87%)
No exact OS matches for host (test conditions non-ideal).

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 34.49 seconds