Centos使用nmap扫描远程主机

原创

zywqs 2024-10-03 15:50:27 博主文章分类：linux常用基础命令 ©著作权

文章标签 Linux 文章分类 运维

©著作权归作者所有：来自51CTO博客作者zywqs的原创作品，请联系作者获取转载授权，否则将追究法律责任

-sT 基本的tcp扫描
-sS syn同步扫描
-sP ping扫描
-sU udp扫描
-sA ack扫描
-sW 滑动窗口扫描
-P0 扫描之前不ping主机
-PB 默认的扫描选项（PT+PI）
-PT 扫描之前使用 TCP ping主机（ack），确定哪些正在运行
-PI 扫描之前使用 ICMP ping主机，确定哪些正在运行
-PS 使用SYN而不是默认的ACK来进行扫描
-O 获取远程主机的操作系统类型
-v 显示详细信息
-S 指定源地址
-g 指定扫描的源端口
-M 指定扫描的并行数量

按网段扫描
[root@sre01 ~]# nmap -v -sn 192.168.236.0/24

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:16 CST
Initiating ARP Ping Scan at 15:16
Scanning 255 hosts [1 port/host]
adjust_timeouts2: packet supposedly had rtt of -122600 microseconds.  Ignoring time.
Completed ARP Ping Scan at 15:16, 2.21s elapsed (255 total hosts)
Initiating Parallel DNS resolution of 255 hosts. at 15:16
Completed Parallel DNS resolution of 255 hosts. at 15:16, 0.20s elapsed
Nmap scan report for 192.168.236.0 [host down]
Nmap scan report for 192.168.236.1
Host is up (0.00045s latency).
MAC Address: C6:B3:01:BA:3D:65 (Unknown)
Nmap scan report for 192.168.236.2
Host is up (0.00062s latency).
MAC Address: 00:50:56:EE:2C:70 (VMware)
Nmap scan report for 192.168.236.3 [host down]
Nmap scan report for 192.168.236.4 [host down]


指定特定的IP地址范围
[root@sre01 ~]# nmap -v -sP 192.168.236.0-10

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:24 CST
Initiating ARP Ping Scan at 15:24
Scanning 11 hosts [1 port/host]
Completed ARP Ping Scan at 15:24, 0.41s elapsed (11 total hosts)
Initiating Parallel DNS resolution of 11 hosts. at 15:24
Completed Parallel DNS resolution of 11 hosts. at 15:24, 0.01s elapsed
Nmap scan report for 192.168.236.0 [host down]
Nmap scan report for 192.168.236.1
Host is up (0.0015s latency).
MAC Address: C6:B3:01:BA:3D:65 (Unknown)
Nmap scan report for 192.168.236.2
Host is up (0.0021s latency).
MAC Address: 00:50:56:EE:2C:70 (VMware)
Nmap scan report for 192.168.236.3 [host down]
Nmap scan report for 192.168.236.4 [host down]
Nmap scan report for 192.168.236.5 [host down]
Nmap scan report for 192.168.236.6 [host down]
Nmap scan report for 192.168.236.7 [host down]
Nmap scan report for 192.168.236.8 [host down]
Nmap scan report for 192.168.236.9 [host down]
Nmap scan report for 192.168.236.10 [host down]
Read data files from: /usr/bin/../share/nmap
Nmap done: 11 IP addresses (2 hosts up) scanned in 0.45 seconds
           Raw packets sent: 20 (560B) | Rcvd: 2 (56B)
           

快速扫描一个网段存活的主机数量
[root@sre01 ~]# nmap -v -sP 192.168.236.0/30

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:25 CST
Initiating ARP Ping Scan at 15:25
Scanning 4 hosts [1 port/host]
Completed ARP Ping Scan at 15:25, 0.31s elapsed (4 total hosts)
Initiating Parallel DNS resolution of 4 hosts. at 15:25
Completed Parallel DNS resolution of 4 hosts. at 15:25, 0.02s elapsed
Nmap scan report for 192.168.236.0 [host down]
Nmap scan report for 192.168.236.1
Host is up (0.00072s latency).
MAC Address: C6:B3:01:BA:3D:65 (Unknown)
Nmap scan report for 192.168.236.2
Host is up (0.00087s latency).
MAC Address: 00:50:56:EE:2C:70 (VMware)
Nmap scan report for 192.168.236.3 [host down]
Read data files from: /usr/bin/../share/nmap
Nmap done: 4 IP addresses (2 hosts up) scanned in 0.35 seconds
           Raw packets sent: 6 (168B) | Rcvd: 2 (56B)
[root@sre01 ~]# 


扫描特定主机
[root@sre01 ~]# nmap -v -A 192.168.236.100

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:30 CST
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Parallel DNS resolution of 1 host. at 15:30
Completed Parallel DNS resolution of 1 host. at 15:30, 0.01s elapsed
Initiating SYN Stealth Scan at 15:30
Scanning 192.168.236.100 [1000 ports]
Discovered open port 22/tcp on 192.168.236.100
Completed SYN Stealth Scan at 15:30, 1.58s elapsed (1000 total ports)
Initiating Service scan at 15:30
Scanning 1 service on 192.168.236.100
Completed Service scan at 15:30, 0.03s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against 192.168.236.100
Retrying OS detection (try #2) against 192.168.236.100
WARNING: OS didn't match until try #2
NSE: Script scanning 192.168.236.100.
Initiating NSE at 15:30
Completed NSE at 15:30, 0.17s elapsed
Nmap scan report for 192.168.236.100
Host is up (0.000032s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey: 2048 94:29:b5:54:79:a0:1d:6a:db:f2:c7:a9:1c:37:63:23 (RSA)
|_256 16:2f:10:ab:f8:1b:3a:e5:0c:84:8e:e2:32:da:c9:e7 (ECDSA)
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 - 3.9
Uptime guess: 0.048 days (since Thu Oct  3 14:21:25 2024)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros

NSE: Script Post-scanning.
Initiating NSE at 15:30
Completed NSE at 15:30, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.71 seconds
           Raw packets sent: 1166 (55.860KB) | Rcvd: 2346 (105.772KB)
[root@sre01 ~]#


多台主机扫描
[root@sre01 ~]# nmap -v -A 192.168.236.100 192.168.236.1
[root@sre01 ~]# nmap -v -A 192.168.236.100-110

扫描指定主机的指定端口
[root@sre01 ~]# nmap -PS22,80,1433 192.168.236.100 

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:34 CST
Nmap scan report for 192.168.236.100
Host is up (0.000022s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 1.67 seconds
[root@sre01 ~]# 


从指定文件扫描
[root@sre01 ~]# vi iplist.txt
192.168.236.100

[root@sre01 ~]# nmap -iL iplist.txt 

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:36 CST
Nmap scan report for 192.168.236.100
Host is up (0.000022s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds
[root@sre01 ~]# 


使用SYN半开放扫描
[root@sre01 ~]# nmap -sS 192.168.236.100

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:38 CST
Nmap scan report for 192.168.236.100
Host is up (0.000024s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds


扫描开放的TCP端口
[root@sre01 ~]# nmap -sT 192.168.236.100

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:39 CST
Nmap scan report for 192.168.236.100
Host is up (0.0012s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.16 seconds


扫描开放的UDP端口
[root@sre01 ~]# nmap -sU 192.168.236.100

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:41 CST
Nmap scan report for 192.168.236.100
Host is up (0.000058s latency).
All 1000 scanned ports on 192.168.236.100 are closed

Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds

扫描目标主机的版本
[root@sre01 ~]# nmap -sV 192.168.236.100

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:42 CST
Nmap scan report for 192.168.236.100
Host is up (0.000022s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.4 (protocol 2.0)

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.80 seconds

扫描当前主机开放的端口
[root@sre01 ~]# nmap localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:43 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000025s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
25/tcp open  smtp

Nmap done: 1 IP address (1 host up) scanned in 1.74 seconds
[root@sre01 ~]# 


查看指定端口范围内开放的端口
[root@sre01 ~]# nmap -p 1-1024 localhost

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:44 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000022s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 1022 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
25/tcp open  smtp

Nmap done: 1 IP address (1 host up) scanned in 1.64 seconds


扫描目标主机开放的端口
[root@sre01 ~]# nmap -PS 192.168.236.2

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:45 CST
Nmap scan report for 192.168.236.2
Host is up (0.00039s latency).
All 1000 scanned ports on 192.168.236.2 are closed
MAC Address: 00:50:56:EE:2C:70 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 3.10 seconds
[root@sre01 ~]# 


查看指定端口范围内远程主机开放的端口
[root@sre01 ~]# nmap -PS 22,80,3389 192.168.236.1

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:46 CST
Failed to resolve "22,80,3389".
Nmap scan report for 192.168.236.1
Host is up (0.00042s latency).
All 1000 scanned ports on 192.168.236.1 are closed
MAC Address: C6:B3:01:BA:3D:65 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 3.11 seconds
[root@sre01 ~]# 

探测远程主机的操作系统版本
[root@sre01 ~]# nmap -O 192.168.236.1

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:47 CST
Nmap scan report for 192.168.236.1
Host is up (0.00092s latency).
All 1000 scanned ports on 192.168.236.1 are closed
MAC Address: C6:B3:01:BA:3D:65 (Unknown)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: phone|general purpose
Running: Apple iPhone OS 1.X, Apple Mac OS X 10.5.X|10.6.X
OS CPE: cpe:/o:apple:iphone_os:1 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.6.2
OS details: Apple iPhone mobile phone (iPhone OS 2.1), Apple Mac OS X 10.5.4 (Leopard) (Darwin 9.4.0), Apple Mac OS X 10.6.2 (Snow Leopard) (Darwin 10.2.0)
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.53 seconds
[root@sre01 ~]# 


[root@sre01 ~]# nmap -A 192.168.236.1

Starting Nmap 6.40 ( http://nmap.org ) at 2024-10-03 15:49 CST
Nmap scan report for 192.168.236.1
Host is up (0.00059s latency).
All 1000 scanned ports on 192.168.236.1 are closed
MAC Address: C6:B3:01:BA:3D:65 (Unknown)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: phone|general purpose
Running: Apple iPhone OS 1.X, Apple Mac OS X 10.5.X|10.6.X
OS CPE: cpe:/o:apple:iphone_os:1 cpe:/o:apple:mac_os_x:10.5.4 cpe:/o:apple:mac_os_x:10.6.2
OS details: Apple iPhone mobile phone (iPhone OS 2.1), Apple Mac OS X 10.5.4 (Leopard) (Darwin 9.4.0), Apple Mac OS X 10.6.2 (Snow Leopard) (Darwin 10.2.0)
Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   0.59 ms 192.168.236.1

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.03 seconds
[root@sre01 ~]#