nmap常用参数详解
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
借用英雄联盟的一个英雄赵信的一句话:“即使敌众我寡,末将亦能万军丛中取敌将首级!”。三国关羽,万军丛中斩了颜良,枭首而还。我打一个比方啊,如果攻击一台服务器,做为一名优秀的黑客是拿着菜刀去把服务器的电源线切断就叫攻击服务器吗?很显然并不是。先说明,黑一个商业站点不是一两个软件就可以保证成功的,也不是一天两天的“黑客”技术学习就可以做到的。如果以上两点都不成,不要讲“黑”了。有钱的话请人来黑吧。
告诉你三点入侵前要做到的事情。如果你都可以完成,再谈具体的吧:
1>.取得对方IP,获取对方OS类型,所打过的安全补丁,以及运行的服务程序;
2>.针对上面的情况,扫描其漏洞;
3>.分析所得到的情报,找出可以利用的漏洞,再进行入侵;
总之,想黑人家的服务器,得具有比对方的网管更加利害的网络技术及应对复杂情况的能力。否则,是黑不到人的哟~
今天我要给大家推荐一款很牛逼的软件,即Nmap。我推荐这个软件的目的是为了工作的方便,而不是为了让你去一些坏事情。所谓道高一尺魔高一丈,你如果能够战胜自己的心魔就会做一些正义的事情!所以,我们不能怪一些软件功能太逆天了,而是取决于使用该软件的人。
一.什么是Nmap
Nmap是一款网络扫描和主机检测的非常有用的工具。Nmap是不局限于仅仅收集信息和枚举,同时可以用来作为一个漏洞探测器或安全扫描器。它可以适用于winodws,linux,mac等操作系统。本篇博客针对linux操作系统进行解说。
二.安装Nmap
[root@yinzhengjie ~]# yum -y install nmap
三.Nmap的常用姿势
1.扫描单一的一个主机
1 #!/bin/bash 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie 4 #EMAIL:y1053419035@qq.com 5 6 [root@yinzhengjie ~]# nmap 172.16.96.133 7 8 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 12:16 CST 9 Nmap scan report for bogon (172.16.96.133) 10 Host is up (0.00060s latency). 11 Not shown: 997 closed ports 12 PORT STATE SERVICE 13 22/tcp open ssh 14 80/tcp open http 15 3306/tcp open mysql 16 17 Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds 18 [root@yinzhengjie ~]#
2.扫描整个子网
1 [root@yinzhengjie ~]# nmap 172.16.96.1/24 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:12 CST 4 Nmap scan report for bogon (172.16.96.1) 5 Host is up (0.00073s latency). 6 Not shown: 997 closed ports 7 PORT STATE SERVICE 8 22/tcp open ssh 9 53/tcp open domain 10 3306/tcp open mysql 11 12 Nmap scan report for bogon (172.16.96.40) 13 Host is up (0.0014s latency). 14 Not shown: 999 filtered ports 15 PORT STATE SERVICE 16 22/tcp open ssh 17 18 Nmap scan report for bogon (172.16.96.53) 19 Host is up (0.00085s latency). 20 Not shown: 964 filtered ports, 32 closed ports 21 PORT STATE SERVICE 22 21/tcp open ftp 23 80/tcp open http 24 888/tcp open accessbuilder 25 8888/tcp open sun-answerbook 26 27 Nmap scan report for bogon (172.16.96.60) 28 Host is up (0.00092s latency). 29 Not shown: 988 closed ports 30 PORT STATE SERVICE 31 135/tcp open msrpc 32 139/tcp open netbios-ssn 33 445/tcp open microsoft-ds 34 1521/tcp open oracle 35 3389/tcp open ms-term-serv 36 49152/tcp open unknown 37 49153/tcp open unknown 38 49154/tcp open unknown 39 49156/tcp open unknown 40 49158/tcp open unknown 41 49160/tcp open unknown 42 49161/tcp open unknown 43 44 Nmap scan report for bogon (172.16.96.61) 45 Host is up (0.00079s latency). 46 Not shown: 988 closed ports 47 PORT STATE SERVICE 48 135/tcp open msrpc 49 139/tcp open netbios-ssn 50 445/tcp open microsoft-ds 51 3389/tcp open ms-term-serv 52 8009/tcp open ajp13 53 8080/tcp open http-proxy 54 49152/tcp open unknown 55 49153/tcp open unknown 56 49154/tcp open unknown 57 49155/tcp open unknown 58 49156/tcp open unknown 59 49159/tcp open unknown 60 61 Nmap scan report for bogon (172.16.96.80) 62 Host is up (0.0012s latency). 63 Not shown: 999 filtered ports 64 PORT STATE SERVICE 65 22/tcp open ssh 66 67 Nmap scan report for bogon (172.16.96.90) 68 Host is up (0.0013s latency). 69 Not shown: 994 filtered ports 70 PORT STATE SERVICE 71 22/tcp open ssh 72 80/tcp open http 73 1720/tcp closed H.323/Q.931 74 8080/tcp closed http-proxy 75 9943/tcp open unknown 76 9944/tcp open unknown 77 78 Nmap scan report for bogon (172.16.96.91) 79 Host is up (0.00095s latency). 80 Not shown: 997 filtered ports 81 PORT STATE SERVICE 82 22/tcp open ssh 83 80/tcp open http 84 8080/tcp closed http-proxy 85 86 Nmap scan report for bogon (172.16.96.100) 87 Host is up (0.0016s latency). 88 Not shown: 995 filtered ports 89 PORT STATE SERVICE 90 22/tcp open ssh 91 80/tcp open http 92 443/tcp open https 93 5988/tcp open wbem-http 94 5989/tcp open wbem-https 95 96 Nmap scan report for bogon (172.16.96.116) 97 Host is up (0.0012s latency). 98 Not shown: 985 closed ports 99 PORT STATE SERVICE 100 80/tcp open http 101 135/tcp open msrpc 102 139/tcp open netbios-ssn 103 443/tcp open https 104 445/tcp open microsoft-ds 105 593/tcp open http-rpc-epmap 106 3389/tcp open ms-term-serv 107 49152/tcp open unknown 108 49153/tcp open unknown 109 49154/tcp open unknown 110 49155/tcp open unknown 111 49156/tcp open unknown 112 49157/tcp open unknown 113 49159/tcp open unknown 114 49160/tcp open unknown 115 116 Nmap scan report for bogon (172.16.96.117) 117 Host is up (0.00097s latency). 118 Not shown: 984 closed ports 119 PORT STATE SERVICE 120 80/tcp open http 121 135/tcp open msrpc 122 139/tcp open netbios-ssn 123 443/tcp open https 124 445/tcp open microsoft-ds 125 1433/tcp open ms-sql-s 126 3389/tcp open ms-term-serv 127 49152/tcp open unknown 128 49153/tcp open unknown 129 49154/tcp open unknown 130 49155/tcp open unknown 131 49156/tcp open unknown 132 49157/tcp open unknown 133 49999/tcp open unknown 134 50000/tcp open ibm-db2 135 50002/tcp open iiimsf 136 137 Nmap scan report for bogon (172.16.96.119) 138 Host is up (0.00070s latency). 139 Not shown: 991 closed ports 140 PORT STATE SERVICE 141 22/tcp open ssh 142 80/tcp open http 143 111/tcp open rpcbind 144 389/tcp open ldap 145 443/tcp open https 146 636/tcp open ldapssl 147 3306/tcp open mysql 148 8009/tcp open ajp13 149 8080/tcp open http-proxy 150 151 Nmap scan report for bogon (172.16.96.121) 152 Host is up (0.00099s latency). 153 Not shown: 995 closed ports 154 PORT STATE SERVICE 155 21/tcp open ftp 156 135/tcp open msrpc 157 139/tcp open netbios-ssn 158 1025/tcp open NFS-or-IIS 159 1433/tcp open ms-sql-s 160 161 Nmap scan report for bogon (172.16.96.124) 162 Host is up (0.0017s latency). 163 Not shown: 996 closed ports 164 PORT STATE SERVICE 165 22/tcp open ssh 166 111/tcp open rpcbind 167 8009/tcp open ajp13 168 8080/tcp open http-proxy 169 170 Nmap scan report for bogon (172.16.96.125) 171 Host is up (0.00084s latency). 172 Not shown: 996 closed ports 173 PORT STATE SERVICE 174 22/tcp open ssh 175 111/tcp open rpcbind 176 8009/tcp open ajp13 177 8080/tcp open http-proxy 178 179 Nmap scan report for bogon (172.16.96.126) 180 Host is up (0.0014s latency). 181 Not shown: 998 closed ports 182 PORT STATE SERVICE 183 22/tcp open ssh 184 111/tcp open rpcbind 185 186 Nmap scan report for bogon (172.16.96.127) 187 Host is up (0.0011s latency). 188 Not shown: 995 closed ports 189 PORT STATE SERVICE 190 22/tcp open ssh 191 80/tcp open http 192 111/tcp open rpcbind 193 8009/tcp open ajp13 194 8080/tcp open http-proxy 195 196 Nmap scan report for bogon (172.16.96.128) 197 Host is up (0.00092s latency). 198 Not shown: 998 closed ports 199 PORT STATE SERVICE 200 22/tcp open ssh 201 111/tcp open rpcbind 202 203 Nmap scan report for bogon (172.16.96.129) 204 Host is up (0.00092s latency). 205 Not shown: 996 closed ports 206 PORT STATE SERVICE 207 22/tcp open ssh 208 111/tcp open rpcbind 209 8009/tcp open ajp13 210 8080/tcp open http-proxy 211 212 Nmap scan report for bogon (172.16.96.130) 213 Host is up (0.0016s latency). 214 Not shown: 993 closed ports 215 PORT STATE SERVICE 216 135/tcp open msrpc 217 139/tcp open netbios-ssn 218 445/tcp open microsoft-ds 219 912/tcp open apex-mesh 220 1026/tcp open LSA-or-nterm 221 1044/tcp open dcutility 222 3389/tcp open ms-term-serv 223 224 Nmap scan report for bogon (172.16.96.131) 225 Host is up (0.0013s latency). 226 Not shown: 995 closed ports 227 PORT STATE SERVICE 228 22/tcp open ssh 229 111/tcp open rpcbind 230 8009/tcp open ajp13 231 8080/tcp open http-proxy 232 8180/tcp open unknown 233 234 Nmap scan report for bogon (172.16.96.133) 235 Host is up (0.0011s latency). 236 Not shown: 997 closed ports 237 PORT STATE SERVICE 238 22/tcp open ssh 239 80/tcp open http 240 3306/tcp open mysql 241 242 Nmap scan report for bogon (172.16.96.135) 243 Host is up (0.00082s latency). 244 Not shown: 997 closed ports 245 PORT STATE SERVICE 246 22/tcp open ssh 247 80/tcp open http 248 111/tcp open rpcbind 249 250 Nmap scan report for bogon (172.16.96.136) 251 Host is up (0.00090s latency). 252 Not shown: 995 closed ports 253 PORT STATE SERVICE 254 22/tcp open ssh 255 80/tcp open http 256 111/tcp open rpcbind 257 8009/tcp open ajp13 258 8080/tcp open http-proxy 259 260 Nmap scan report for bogon (172.16.96.137) 261 Host is up (0.00093s latency). 262 Not shown: 995 closed ports 263 PORT STATE SERVICE 264 22/tcp open ssh 265 111/tcp open rpcbind 266 8009/tcp open ajp13 267 8080/tcp open http-proxy 268 9200/tcp open wap-wsp 269 270 Nmap scan report for bogon (172.16.96.138) 271 Host is up (0.00090s latency). 272 Not shown: 997 closed ports 273 PORT STATE SERVICE 274 22/tcp open ssh 275 80/tcp open http 276 111/tcp open rpcbind 277 278 Nmap scan report for bogon (172.16.96.139) 279 Host is up (0.00096s latency). 280 Not shown: 998 closed ports 281 PORT STATE SERVICE 282 22/tcp open ssh 283 80/tcp open http 284 285 Nmap scan report for bogon (172.16.96.140) 286 Host is up (0.00095s latency). 287 Not shown: 998 closed ports 288 PORT STATE SERVICE 289 22/tcp open ssh 290 8080/tcp open http-proxy 291 292 Nmap scan report for bogon (172.16.96.141) 293 Host is up (0.00091s latency). 294 Not shown: 998 closed ports 295 PORT STATE SERVICE 296 22/tcp open ssh 297 3306/tcp open mysql 298 299 Nmap scan report for bogon (172.16.96.143) 300 Host is up (0.0012s latency). 301 Not shown: 996 filtered ports 302 PORT STATE SERVICE 303 22/tcp open ssh 304 80/tcp open http 305 443/tcp closed https 306 3306/tcp open mysql 307 308 Nmap scan report for bogon (172.16.96.188) 309 Host is up (0.00058s latency). 310 Not shown: 991 closed ports 311 PORT STATE SERVICE 312 22/tcp open ssh 313 80/tcp open http 314 111/tcp open rpcbind 315 1234/tcp open hotline 316 1521/tcp open oracle 317 2809/tcp open corbaloc 318 9100/tcp open jetdirect 319 32768/tcp open filenet-tms 320 32776/tcp open sometimes-rpc15 321 322 Nmap scan report for bogon (172.16.96.200) 323 Host is up (0.00089s latency). 324 Not shown: 984 closed ports 325 PORT STATE SERVICE 326 80/tcp open http 327 81/tcp open hosts2-ns 328 135/tcp open msrpc 329 139/tcp open netbios-ssn 330 445/tcp open microsoft-ds 331 1521/tcp open oracle 332 1688/tcp open nsjtp-data 333 3389/tcp open ms-term-serv 334 4000/tcp open remoteanything 335 4001/tcp open newoak 336 8011/tcp open unknown 337 49152/tcp open unknown 338 49153/tcp open unknown 339 49154/tcp open unknown 340 49155/tcp open unknown 341 49158/tcp open unknown 342 343 Nmap scan report for bogon (172.16.96.205) 344 Host is up (0.00089s latency). 345 Not shown: 998 closed ports 346 PORT STATE SERVICE 347 22/tcp open ssh 348 111/tcp open rpcbind 349 350 Nmap scan report for bogon (172.16.96.222) 351 Host is up (0.00085s latency). 352 Not shown: 997 closed ports 353 PORT STATE SERVICE 354 22/tcp open ssh 355 80/tcp open http 356 3306/tcp open mysql 357 358 Nmap scan report for bogon (172.16.96.235) 359 Host is up (0.00096s latency). 360 Not shown: 987 closed ports 361 PORT STATE SERVICE 362 80/tcp open http 363 135/tcp open msrpc 364 139/tcp open netbios-ssn 365 445/tcp open microsoft-ds 366 1025/tcp open NFS-or-IIS 367 1026/tcp open LSA-or-nterm 368 1027/tcp open IIS 369 1074/tcp open warmspotMgmt 370 1433/tcp open ms-sql-s 371 2382/tcp open ms-olap3 372 3372/tcp open msdtc 373 5120/tcp open unknown 374 9001/tcp open tor-orport 375 376 Nmap scan report for bogon (172.16.96.236) 377 Host is up (0.00076s latency). 378 Not shown: 994 filtered ports 379 PORT STATE SERVICE 380 21/tcp open ftp 381 80/tcp open http 382 443/tcp open https 383 8080/tcp open http-proxy 384 8088/tcp open radan-http 385 49154/tcp open unknown 386 387 Nmap scan report for bogon (172.16.96.250) 388 Host is up (0.00079s latency). 389 Not shown: 994 filtered ports 390 PORT STATE SERVICE 391 80/tcp open http 392 135/tcp open msrpc 393 139/tcp open netbios-ssn 394 5120/tcp open unknown 395 49153/tcp open unknown 396 49154/tcp open unknown 397 398 Nmap scan report for bogon (172.16.96.254) 399 Host is up (0.0016s latency). 400 Not shown: 989 closed ports 401 PORT STATE SERVICE 402 23/tcp open telnet 403 50300/tcp filtered unknown 404 50389/tcp filtered unknown 405 50500/tcp filtered unknown 406 50636/tcp filtered unknown 407 50800/tcp filtered unknown 408 51493/tcp filtered unknown 409 52673/tcp filtered unknown 410 52822/tcp filtered unknown 411 52848/tcp filtered unknown 412 52869/tcp filtered unknown 413 414 Nmap done: 256 IP addresses (38 hosts up) scanned in 18.86 seconds 415 [root@yinzhengjie ~]#
3.扫描多个目标
直接跟需要扫描的目标IP就好,nmap后面跟多少个IP就会去扫描你手写的这些IP
1 #!/bin/bash 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie 4 #EMAIL:y1053419035@qq.com 5 6 [root@yinzhengjie ~]# nmap 172.16.96.1 172.16.96.200 7 8 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:17 CST 9 Nmap scan report for bogon (172.16.96.1) 10 Host is up (0.00075s latency). 11 Not shown: 997 closed ports 12 PORT STATE SERVICE 13 22/tcp open ssh 14 53/tcp open domain 15 3306/tcp open mysql 16 17 Nmap scan report for bogon (172.16.96.200) 18 Host is up (0.00089s latency). 19 Not shown: 984 closed ports 20 PORT STATE SERVICE 21 80/tcp open http 22 81/tcp open hosts2-ns 23 135/tcp open msrpc 24 139/tcp open netbios-ssn 25 445/tcp open microsoft-ds 26 1521/tcp open oracle 27 1688/tcp open nsjtp-data 28 3389/tcp open ms-term-serv 29 4000/tcp open remoteanything 30 4001/tcp open newoak 31 8011/tcp open unknown 32 49152/tcp open unknown 33 49153/tcp open unknown 34 49154/tcp open unknown 35 49155/tcp open unknown 36 49158/tcp open unknown 37 38 Nmap done: 2 IP addresses (2 hosts up) scanned in 1.28 seconds 39 [root@yinzhengjie ~]#
4.扫描一个范围内的目标
需要你指定起始范围,他只会在这个范围进行扫描。
1 #!/bin/bash 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie 4 #EMAIL:y1053419035@qq.com 5 6 [root@yinzhengjie ~]# nmap 172.16.96.1-100 7 8 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:20 CST 9 Nmap scan report for bogon (172.16.96.1) 10 Host is up (0.0011s latency). 11 Not shown: 997 closed ports 12 PORT STATE SERVICE 13 22/tcp open ssh 14 53/tcp open domain 15 3306/tcp open mysql 16 17 Nmap scan report for bogon (172.16.96.40) 18 Host is up (0.0010s latency). 19 Not shown: 999 filtered ports 20 PORT STATE SERVICE 21 22/tcp open ssh 22 23 Nmap scan report for bogon (172.16.96.53) 24 Host is up (0.0011s latency). 25 Not shown: 964 filtered ports, 32 closed ports 26 PORT STATE SERVICE 27 21/tcp open ftp 28 80/tcp open http 29 888/tcp open accessbuilder 30 8888/tcp open sun-answerbook 31 32 Nmap scan report for bogon (172.16.96.60) 33 Host is up (0.0012s latency). 34 Not shown: 988 closed ports 35 PORT STATE SERVICE 36 135/tcp open msrpc 37 139/tcp open netbios-ssn 38 445/tcp open microsoft-ds 39 1521/tcp open oracle 40 3389/tcp open ms-term-serv 41 49152/tcp open unknown 42 49153/tcp open unknown 43 49154/tcp open unknown 44 49156/tcp open unknown 45 49158/tcp open unknown 46 49160/tcp open unknown 47 49161/tcp open unknown 48 49 Nmap scan report for bogon (172.16.96.61) 50 Host is up (0.00079s latency). 51 Not shown: 988 closed ports 52 PORT STATE SERVICE 53 135/tcp open msrpc 54 139/tcp open netbios-ssn 55 445/tcp open microsoft-ds 56 3389/tcp open ms-term-serv 57 8009/tcp open ajp13 58 8080/tcp open http-proxy 59 49152/tcp open unknown 60 49153/tcp open unknown 61 49154/tcp open unknown 62 49155/tcp open unknown 63 49156/tcp open unknown 64 49159/tcp open unknown 65 66 Nmap scan report for bogon (172.16.96.80) 67 Host is up (0.0011s latency). 68 Not shown: 999 filtered ports 69 PORT STATE SERVICE 70 22/tcp open ssh 71 72 Nmap scan report for bogon (172.16.96.90) 73 Host is up (0.0012s latency). 74 Not shown: 994 filtered ports 75 PORT STATE SERVICE 76 22/tcp open ssh 77 80/tcp open http 78 1720/tcp closed H.323/Q.931 79 8080/tcp closed http-proxy 80 9943/tcp open unknown 81 9944/tcp open unknown 82 83 Nmap scan report for bogon (172.16.96.91) 84 Host is up (0.0015s latency). 85 Not shown: 997 filtered ports 86 PORT STATE SERVICE 87 22/tcp open ssh 88 80/tcp open http 89 8080/tcp closed http-proxy 90 91 Nmap scan report for bogon (172.16.96.100) 92 Host is up (0.0011s latency). 93 Not shown: 995 filtered ports 94 PORT STATE SERVICE 95 22/tcp open ssh 96 80/tcp open http 97 443/tcp open https 98 5988/tcp open wbem-http 99 5989/tcp open wbem-https 100 101 Nmap done: 100 IP addresses (9 hosts up) scanned in 26.18 seconds 102 [root@yinzhengjie ~]#
5.如果你有一个ip地址列表,将这个保存为一个txt文件,和namp在同一目录下,扫描这个txt内的所有主机
1 #!/bin/bash 2 #@author :yinzhengjie 3 #Blog:http://www.cnblogs.com/yinzhengjie 4 #EMAIL:y1053419035@qq.com 5 6 [root@yinzhengjie ~]# cat ip.txt 7 172.16.96.1 8 172.16.96.133 9 172.16.96.51 10 172.16.96.205 11 [root@yinzhengjie ~]# 12 [root@yinzhengjie ~]# nmap -iL ip.txt 13 14 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:36 CST 15 Nmap scan report for bogon (172.16.96.1) 16 Host is up (0.00065s latency). 17 Not shown: 997 closed ports 18 PORT STATE SERVICE 19 22/tcp open ssh 20 53/tcp open domain 21 3306/tcp open mysql 22 23 Nmap scan report for bogon (172.16.96.133) 24 Host is up (0.00070s latency). 25 Not shown: 997 closed ports 26 PORT STATE SERVICE 27 22/tcp open ssh 28 80/tcp open http 29 3306/tcp open mysql 30 31 Nmap scan report for bogon (172.16.96.205) 32 Host is up (0.00069s latency). 33 Not shown: 998 closed ports 34 PORT STATE SERVICE 35 22/tcp open ssh 36 111/tcp open rpcbind 37 38 Nmap done: 4 IP addresses (3 hosts up) scanned in 1.44 seconds 39 [root@yinzhengjie ~]#
6.扫描除过某一个ip外的所有子网主机
1 [root@yinzhengjie ~]# 2 [root@yinzhengjie ~]# nmap 172.16.96.1/24-exclude 172.16.96.1 3 4 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:53 CST 5 Illegal netmask value, must be /0 - /32 . Assuming /32 (one host) 6 Nmap scan report for bogon (172.16.96.1) 7 Host is up (0.00060s latency). 8 Not shown: 997 closed ports 9 PORT STATE SERVICE 10 22/tcp open ssh 11 53/tcp open domain 12 3306/tcp open mysql 13 14 Nmap scan report for bogon (172.16.96.1) 15 Host is up (0.00044s latency). 16 Not shown: 997 closed ports 17 PORT STATE SERVICE 18 22/tcp open ssh 19 53/tcp open domain 20 3306/tcp open mysql 21 22 Nmap done: 2 IP addresses (2 hosts up) scanned in 0.10 seconds 23 [root@yinzhengjie ~]# nmap 172.16.96.1/24 -exclude 172.16.96.1 24 25 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:53 CST 26 Nmap scan report for bogon (172.16.96.40) 27 Host is up (0.00088s latency). 28 Not shown: 999 filtered ports 29 PORT STATE SERVICE 30 22/tcp open ssh 31 32 Nmap scan report for bogon (172.16.96.53) 33 Host is up (0.00089s latency). 34 Not shown: 964 filtered ports, 32 closed ports 35 PORT STATE SERVICE 36 21/tcp open ftp 37 80/tcp open http 38 888/tcp open accessbuilder 39 8888/tcp open sun-answerbook 40 41 Nmap scan report for bogon (172.16.96.60) 42 Host is up (0.00067s latency). 43 Not shown: 988 closed ports 44 PORT STATE SERVICE 45 135/tcp open msrpc 46 139/tcp open netbios-ssn 47 445/tcp open microsoft-ds 48 1521/tcp open oracle 49 3389/tcp open ms-term-serv 50 49152/tcp open unknown 51 49153/tcp open unknown 52 49154/tcp open unknown 53 49156/tcp open unknown 54 49158/tcp open unknown 55 49160/tcp open unknown 56 49161/tcp open unknown 57 58 Nmap scan report for bogon (172.16.96.61) 59 Host is up (0.00071s latency). 60 Not shown: 988 closed ports 61 PORT STATE SERVICE 62 135/tcp open msrpc 63 139/tcp open netbios-ssn 64 445/tcp open microsoft-ds 65 3389/tcp open ms-term-serv 66 8009/tcp open ajp13 67 8080/tcp open http-proxy 68 49152/tcp open unknown 69 49153/tcp open unknown 70 49154/tcp open unknown 71 49155/tcp open unknown 72 49156/tcp open unknown 73 49159/tcp open unknown 74 75 Nmap scan report for bogon (172.16.96.80) 76 Host is up (0.0012s latency). 77 Not shown: 999 filtered ports 78 PORT STATE SERVICE 79 22/tcp open ssh 80 81 Nmap scan report for bogon (172.16.96.90) 82 Host is up (0.00093s latency). 83 Not shown: 994 filtered ports 84 PORT STATE SERVICE 85 22/tcp open ssh 86 80/tcp open http 87 1720/tcp closed H.323/Q.931 88 8080/tcp closed http-proxy 89 9943/tcp open unknown 90 9944/tcp open unknown 91 92 Nmap scan report for bogon (172.16.96.91) 93 Host is up (0.00091s latency). 94 Not shown: 997 filtered ports 95 PORT STATE SERVICE 96 22/tcp open ssh 97 80/tcp open http 98 8080/tcp closed http-proxy 99 100 Nmap scan report for bogon (172.16.96.100) 101 Host is up (0.00099s latency). 102 Not shown: 995 filtered ports 103 PORT STATE SERVICE 104 22/tcp open ssh 105 80/tcp open http 106 443/tcp open https 107 5988/tcp open wbem-http 108 5989/tcp open wbem-https 109 110 Nmap scan report for bogon (172.16.96.116) 111 Host is up (0.00070s latency). 112 Not shown: 985 closed ports 113 PORT STATE SERVICE 114 80/tcp open http 115 135/tcp open msrpc 116 139/tcp open netbios-ssn 117 443/tcp open https 118 445/tcp open microsoft-ds 119 593/tcp open http-rpc-epmap 120 3389/tcp open ms-term-serv 121 49152/tcp open unknown 122 49153/tcp open unknown 123 49154/tcp open unknown 124 49155/tcp open unknown 125 49156/tcp open unknown 126 49157/tcp open unknown 127 49159/tcp open unknown 128 49160/tcp open unknown 129 130 Nmap scan report for bogon (172.16.96.117) 131 Host is up (0.00062s latency). 132 Not shown: 984 closed ports 133 PORT STATE SERVICE 134 80/tcp open http 135 135/tcp open msrpc 136 139/tcp open netbios-ssn 137 443/tcp open https 138 445/tcp open microsoft-ds 139 1433/tcp open ms-sql-s 140 3389/tcp open ms-term-serv 141 49152/tcp open unknown 142 49153/tcp open unknown 143 49154/tcp open unknown 144 49155/tcp open unknown 145 49156/tcp open unknown 146 49157/tcp open unknown 147 49999/tcp open unknown 148 50000/tcp open ibm-db2 149 50002/tcp open iiimsf 150 151 Nmap scan report for bogon (172.16.96.119) 152 Host is up (0.00059s latency). 153 Not shown: 991 closed ports 154 PORT STATE SERVICE 155 22/tcp open ssh 156 80/tcp open http 157 111/tcp open rpcbind 158 389/tcp open ldap 159 443/tcp open https 160 636/tcp open ldapssl 161 3306/tcp open mysql 162 8009/tcp open ajp13 163 8080/tcp open http-proxy 164 165 Nmap scan report for bogon (172.16.96.121) 166 Host is up (0.00071s latency). 167 Not shown: 995 closed ports 168 PORT STATE SERVICE 169 21/tcp open ftp 170 135/tcp open msrpc 171 139/tcp open netbios-ssn 172 1025/tcp open NFS-or-IIS 173 1433/tcp open ms-sql-s 174 175 Nmap scan report for bogon (172.16.96.124) 176 Host is up (0.00058s latency). 177 Not shown: 996 closed ports 178 PORT STATE SERVICE 179 22/tcp open ssh 180 111/tcp open rpcbind 181 8009/tcp open ajp13 182 8080/tcp open http-proxy 183 184 Nmap scan report for bogon (172.16.96.125) 185 Host is up (0.00059s latency). 186 Not shown: 996 closed ports 187 PORT STATE SERVICE 188 22/tcp open ssh 189 111/tcp open rpcbind 190 8009/tcp open ajp13 191 8080/tcp open http-proxy 192 193 Nmap scan report for bogon (172.16.96.126) 194 Host is up (0.00063s latency). 195 Not shown: 998 closed ports 196 PORT STATE SERVICE 197 22/tcp open ssh 198 111/tcp open rpcbind 199 200 Nmap scan report for bogon (172.16.96.127) 201 Host is up (0.00057s latency). 202 Not shown: 995 closed ports 203 PORT STATE SERVICE 204 22/tcp open ssh 205 80/tcp open http 206 111/tcp open rpcbind 207 8009/tcp open ajp13 208 8080/tcp open http-proxy 209 210 Nmap scan report for bogon (172.16.96.128) 211 Host is up (0.00060s latency). 212 Not shown: 998 closed ports 213 PORT STATE SERVICE 214 22/tcp open ssh 215 111/tcp open rpcbind 216 217 Nmap scan report for bogon (172.16.96.129) 218 Host is up (0.00062s latency). 219 Not shown: 996 closed ports 220 PORT STATE SERVICE 221 22/tcp open ssh 222 111/tcp open rpcbind 223 8009/tcp open ajp13 224 8080/tcp open http-proxy 225 226 Nmap scan report for bogon (172.16.96.130) 227 Host is up (0.00056s latency). 228 Not shown: 993 closed ports 229 PORT STATE SERVICE 230 135/tcp open msrpc 231 139/tcp open netbios-ssn 232 445/tcp open microsoft-ds 233 912/tcp open apex-mesh 234 1026/tcp open LSA-or-nterm 235 1044/tcp open dcutility 236 3389/tcp open ms-term-serv 237 238 Nmap scan report for bogon (172.16.96.131) 239 Host is up (0.00059s latency). 240 Not shown: 995 closed ports 241 PORT STATE SERVICE 242 22/tcp open ssh 243 111/tcp open rpcbind 244 8009/tcp open ajp13 245 8080/tcp open http-proxy 246 8180/tcp open unknown 247 248 Nmap scan report for bogon (172.16.96.133) 249 Host is up (0.00061s latency). 250 Not shown: 997 closed ports 251 PORT STATE SERVICE 252 22/tcp open ssh 253 80/tcp open http 254 3306/tcp open mysql 255 256 Nmap scan report for bogon (172.16.96.135) 257 Host is up (0.00061s latency). 258 Not shown: 997 closed ports 259 PORT STATE SERVICE 260 22/tcp open ssh 261 80/tcp open http 262 111/tcp open rpcbind 263 264 Nmap scan report for bogon (172.16.96.136) 265 Host is up (0.00064s latency). 266 Not shown: 995 closed ports 267 PORT STATE SERVICE 268 22/tcp open ssh 269 80/tcp open http 270 111/tcp open rpcbind 271 8009/tcp open ajp13 272 8080/tcp open http-proxy 273 274 Nmap scan report for bogon (172.16.96.137) 275 Host is up (0.00062s latency). 276 Not shown: 995 closed ports 277 PORT STATE SERVICE 278 22/tcp open ssh 279 111/tcp open rpcbind 280 8009/tcp open ajp13 281 8080/tcp open http-proxy 282 9200/tcp open wap-wsp 283 284 Nmap scan report for bogon (172.16.96.138) 285 Host is up (0.00060s latency). 286 Not shown: 997 closed ports 287 PORT STATE SERVICE 288 22/tcp open ssh 289 80/tcp open http 290 111/tcp open rpcbind 291 292 Nmap scan report for bogon (172.16.96.139) 293 Host is up (0.00062s latency). 294 Not shown: 998 closed ports 295 PORT STATE SERVICE 296 22/tcp open ssh 297 80/tcp open http 298 299 Nmap scan report for bogon (172.16.96.140) 300 Host is up (0.00072s latency). 301 Not shown: 998 closed ports 302 PORT STATE SERVICE 303 22/tcp open ssh 304 8080/tcp open http-proxy 305 306 Nmap scan report for bogon (172.16.96.141) 307 Host is up (0.00058s latency). 308 Not shown: 998 closed ports 309 PORT STATE SERVICE 310 22/tcp open ssh 311 3306/tcp open mysql 312 313 Nmap scan report for bogon (172.16.96.143) 314 Host is up (0.00087s latency). 315 Not shown: 996 filtered ports 316 PORT STATE SERVICE 317 22/tcp open ssh 318 80/tcp open http 319 443/tcp closed https 320 3306/tcp open mysql 321 322 Nmap scan report for bogon (172.16.96.188) 323 Host is up (0.00064s latency). 324 Not shown: 991 closed ports 325 PORT STATE SERVICE 326 22/tcp open ssh 327 80/tcp open http 328 111/tcp open rpcbind 329 1234/tcp open hotline 330 1521/tcp open oracle 331 2809/tcp open corbaloc 332 9100/tcp open jetdirect 333 32768/tcp open filenet-tms 334 32776/tcp open sometimes-rpc15 335 336 Nmap scan report for bogon (172.16.96.200) 337 Host is up (0.00061s latency). 338 Not shown: 984 closed ports 339 PORT STATE SERVICE 340 80/tcp open http 341 81/tcp open hosts2-ns 342 135/tcp open msrpc 343 139/tcp open netbios-ssn 344 445/tcp open microsoft-ds 345 1521/tcp open oracle 346 1688/tcp open nsjtp-data 347 3389/tcp open ms-term-serv 348 4000/tcp open remoteanything 349 4001/tcp open newoak 350 8011/tcp open unknown 351 49152/tcp open unknown 352 49153/tcp open unknown 353 49154/tcp open unknown 354 49155/tcp open unknown 355 49158/tcp open unknown 356 357 Nmap scan report for bogon (172.16.96.205) 358 Host is up (0.00060s latency). 359 Not shown: 998 closed ports 360 PORT STATE SERVICE 361 22/tcp open ssh 362 111/tcp open rpcbind 363 364 Nmap scan report for bogon (172.16.96.222) 365 Host is up (0.00059s latency). 366 Not shown: 997 closed ports 367 PORT STATE SERVICE 368 22/tcp open ssh 369 80/tcp open http 370 3306/tcp open mysql 371 372 Nmap scan report for bogon (172.16.96.235) 373 Host is up (0.00064s latency). 374 Not shown: 987 closed ports 375 PORT STATE SERVICE 376 80/tcp open http 377 135/tcp open msrpc 378 139/tcp open netbios-ssn 379 445/tcp open microsoft-ds 380 1025/tcp open NFS-or-IIS 381 1026/tcp open LSA-or-nterm 382 1027/tcp open IIS 383 1074/tcp open warmspotMgmt 384 1433/tcp open ms-sql-s 385 2382/tcp open ms-olap3 386 3372/tcp open msdtc 387 5120/tcp open unknown 388 9001/tcp open tor-orport 389 390 Nmap scan report for bogon (172.16.96.236) 391 Host is up (0.00099s latency). 392 Not shown: 994 filtered ports 393 PORT STATE SERVICE 394 21/tcp open ftp 395 80/tcp open http 396 443/tcp open https 397 8080/tcp open http-proxy 398 8088/tcp open radan-http 399 49154/tcp open unknown 400 401 Nmap scan report for bogon (172.16.96.250) 402 Host is up (0.00098s latency). 403 Not shown: 994 filtered ports 404 PORT STATE SERVICE 405 80/tcp open http 406 135/tcp open msrpc 407 139/tcp open netbios-ssn 408 5120/tcp open unknown 409 49153/tcp open unknown 410 49154/tcp open unknown 411 412 Nmap scan report for bogon (172.16.96.254) 413 Host is up (0.0014s latency). 414 Not shown: 989 closed ports 415 PORT STATE SERVICE 416 23/tcp open telnet 417 50300/tcp filtered unknown 418 50389/tcp filtered unknown 419 50500/tcp filtered unknown 420 50636/tcp filtered unknown 421 50800/tcp filtered unknown 422 51493/tcp filtered unknown 423 52673/tcp filtered unknown 424 52822/tcp filtered unknown 425 52848/tcp filtered unknown 426 52869/tcp filtered unknown 427 428 Nmap done: 255 IP addresses (37 hosts up) scanned in 55.17 seconds 429 [root@yinzhengjie ~]#
7.扫描除过某一个文件中的ip外的子网主机命令
1 [root@yinzhengjie ~]# nmap 172.16.96.1/24 -excludefile ip.txt 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 13:57 CST 4 Nmap scan report for bogon (172.16.96.40) 5 Host is up (0.00089s latency). 6 Not shown: 999 filtered ports 7 PORT STATE SERVICE 8 22/tcp open ssh 9 10 Nmap scan report for bogon (172.16.96.53) 11 Host is up (0.00087s latency). 12 Not shown: 964 filtered ports, 32 closed ports 13 PORT STATE SERVICE 14 21/tcp open ftp 15 80/tcp open http 16 888/tcp open accessbuilder 17 8888/tcp open sun-answerbook 18 19 Nmap scan report for bogon (172.16.96.60) 20 Host is up (0.00054s latency). 21 Not shown: 988 closed ports 22 PORT STATE SERVICE 23 135/tcp open msrpc 24 139/tcp open netbios-ssn 25 445/tcp open microsoft-ds 26 1521/tcp open oracle 27 3389/tcp open ms-term-serv 28 49152/tcp open unknown 29 49153/tcp open unknown 30 49154/tcp open unknown 31 49156/tcp open unknown 32 49158/tcp open unknown 33 49160/tcp open unknown 34 49161/tcp open unknown 35 36 Nmap scan report for bogon (172.16.96.61) 37 Host is up (0.00064s latency). 38 Not shown: 988 closed ports 39 PORT STATE SERVICE 40 135/tcp open msrpc 41 139/tcp open netbios-ssn 42 445/tcp open microsoft-ds 43 3389/tcp open ms-term-serv 44 8009/tcp open ajp13 45 8080/tcp open http-proxy 46 49152/tcp open unknown 47 49153/tcp open unknown 48 49154/tcp open unknown 49 49155/tcp open unknown 50 49156/tcp open unknown 51 49159/tcp open unknown 52 53 Nmap scan report for bogon (172.16.96.80) 54 Host is up (0.00089s latency). 55 Not shown: 999 filtered ports 56 PORT STATE SERVICE 57 22/tcp open ssh 58 59 Nmap scan report for bogon (172.16.96.90) 60 Host is up (0.00082s latency). 61 Not shown: 994 filtered ports 62 PORT STATE SERVICE 63 22/tcp open ssh 64 80/tcp open http 65 1720/tcp closed H.323/Q.931 66 8080/tcp closed http-proxy 67 9943/tcp open unknown 68 9944/tcp open unknown 69 70 Nmap scan report for bogon (172.16.96.91) 71 Host is up (0.00089s latency). 72 Not shown: 997 filtered ports 73 PORT STATE SERVICE 74 22/tcp open ssh 75 80/tcp open http 76 8080/tcp closed http-proxy 77 78 Nmap scan report for bogon (172.16.96.100) 79 Host is up (0.00092s latency). 80 Not shown: 995 filtered ports 81 PORT STATE SERVICE 82 22/tcp open ssh 83 80/tcp open http 84 443/tcp open https 85 5988/tcp open wbem-http 86 5989/tcp open wbem-https 87 88 Nmap scan report for bogon (172.16.96.116) 89 Host is up (0.00070s latency). 90 Not shown: 985 closed ports 91 PORT STATE SERVICE 92 80/tcp open http 93 135/tcp open msrpc 94 139/tcp open netbios-ssn 95 443/tcp open https 96 445/tcp open microsoft-ds 97 593/tcp open http-rpc-epmap 98 3389/tcp open ms-term-serv 99 49152/tcp open unknown 100 49153/tcp open unknown 101 49154/tcp open unknown 102 49155/tcp open unknown 103 49156/tcp open unknown 104 49157/tcp open unknown 105 49159/tcp open unknown 106 49160/tcp open unknown 107 108 Nmap scan report for bogon (172.16.96.117) 109 Host is up (0.00082s latency). 110 Not shown: 984 closed ports 111 PORT STATE SERVICE 112 80/tcp open http 113 135/tcp open msrpc 114 139/tcp open netbios-ssn 115 443/tcp open https 116 445/tcp open microsoft-ds 117 1433/tcp open ms-sql-s 118 3389/tcp open ms-term-serv 119 49152/tcp open unknown 120 49153/tcp open unknown 121 49154/tcp open unknown 122 49155/tcp open unknown 123 49156/tcp open unknown 124 49157/tcp open unknown 125 49999/tcp open unknown 126 50000/tcp open ibm-db2 127 50002/tcp open iiimsf 128 129 Nmap scan report for bogon (172.16.96.119) 130 Host is up (0.00065s latency). 131 Not shown: 991 closed ports 132 PORT STATE SERVICE 133 22/tcp open ssh 134 80/tcp open http 135 111/tcp open rpcbind 136 389/tcp open ldap 137 443/tcp open https 138 636/tcp open ldapssl 139 3306/tcp open mysql 140 8009/tcp open ajp13 141 8080/tcp open http-proxy 142 143 Nmap scan report for bogon (172.16.96.121) 144 Host is up (0.00083s latency). 145 Not shown: 995 closed ports 146 PORT STATE SERVICE 147 21/tcp open ftp 148 135/tcp open msrpc 149 139/tcp open netbios-ssn 150 1025/tcp open NFS-or-IIS 151 1433/tcp open ms-sql-s 152 153 Nmap scan report for bogon (172.16.96.124) 154 Host is up (0.00060s latency). 155 Not shown: 996 closed ports 156 PORT STATE SERVICE 157 22/tcp open ssh 158 111/tcp open rpcbind 159 8009/tcp open ajp13 160 8080/tcp open http-proxy 161 162 Nmap scan report for bogon (172.16.96.125) 163 Host is up (0.00075s latency). 164 Not shown: 996 closed ports 165 PORT STATE SERVICE 166 22/tcp open ssh 167 111/tcp open rpcbind 168 8009/tcp open ajp13 169 8080/tcp open http-proxy 170 171 Nmap scan report for bogon (172.16.96.126) 172 Host is up (0.00073s latency). 173 Not shown: 998 closed ports 174 PORT STATE SERVICE 175 22/tcp open ssh 176 111/tcp open rpcbind 177 178 Nmap scan report for bogon (172.16.96.127) 179 Host is up (0.00060s latency). 180 Not shown: 995 closed ports 181 PORT STATE SERVICE 182 22/tcp open ssh 183 80/tcp open http 184 111/tcp open rpcbind 185 8009/tcp open ajp13 186 8080/tcp open http-proxy 187 188 Nmap scan report for bogon (172.16.96.128) 189 Host is up (0.00055s latency). 190 Not shown: 998 closed ports 191 PORT STATE SERVICE 192 22/tcp open ssh 193 111/tcp open rpcbind 194 195 Nmap scan report for bogon (172.16.96.129) 196 Host is up (0.00065s latency). 197 Not shown: 996 closed ports 198 PORT STATE SERVICE 199 22/tcp open ssh 200 111/tcp open rpcbind 201 8009/tcp open ajp13 202 8080/tcp open http-proxy 203 204 Nmap scan report for bogon (172.16.96.130) 205 Host is up (0.00067s latency). 206 Not shown: 993 closed ports 207 PORT STATE SERVICE 208 135/tcp open msrpc 209 139/tcp open netbios-ssn 210 445/tcp open microsoft-ds 211 912/tcp open apex-mesh 212 1026/tcp open LSA-or-nterm 213 1044/tcp open dcutility 214 3389/tcp open ms-term-serv 215 216 Nmap scan report for bogon (172.16.96.131) 217 Host is up (0.00066s latency). 218 Not shown: 995 closed ports 219 PORT STATE SERVICE 220 22/tcp open ssh 221 111/tcp open rpcbind 222 8009/tcp open ajp13 223 8080/tcp open http-proxy 224 8180/tcp open unknown 225 226 Nmap scan report for bogon (172.16.96.135) 227 Host is up (0.00061s latency). 228 Not shown: 997 closed ports 229 PORT STATE SERVICE 230 22/tcp open ssh 231 80/tcp open http 232 111/tcp open rpcbind 233 234 Nmap scan report for bogon (172.16.96.136) 235 Host is up (0.00061s latency). 236 Not shown: 995 closed ports 237 PORT STATE SERVICE 238 22/tcp open ssh 239 80/tcp open http 240 111/tcp open rpcbind 241 8009/tcp open ajp13 242 8080/tcp open http-proxy 243 244 Nmap scan report for bogon (172.16.96.137) 245 Host is up (0.00057s latency). 246 Not shown: 995 closed ports 247 PORT STATE SERVICE 248 22/tcp open ssh 249 111/tcp open rpcbind 250 8009/tcp open ajp13 251 8080/tcp open http-proxy 252 9200/tcp open wap-wsp 253 254 Nmap scan report for bogon (172.16.96.138) 255 Host is up (0.00056s latency). 256 Not shown: 997 closed ports 257 PORT STATE SERVICE 258 22/tcp open ssh 259 80/tcp open http 260 111/tcp open rpcbind 261 262 Nmap scan report for bogon (172.16.96.139) 263 Host is up (0.00066s latency). 264 Not shown: 998 closed ports 265 PORT STATE SERVICE 266 22/tcp open ssh 267 80/tcp open http 268 269 Nmap scan report for bogon (172.16.96.140) 270 Host is up (0.00073s latency). 271 Not shown: 998 closed ports 272 PORT STATE SERVICE 273 22/tcp open ssh 274 8080/tcp open http-proxy 275 276 Nmap scan report for bogon (172.16.96.141) 277 Host is up (0.00060s latency). 278 Not shown: 998 closed ports 279 PORT STATE SERVICE 280 22/tcp open ssh 281 3306/tcp open mysql 282 283 Nmap scan report for bogon (172.16.96.143) 284 Host is up (0.00086s latency). 285 Not shown: 996 filtered ports 286 PORT STATE SERVICE 287 22/tcp open ssh 288 80/tcp open http 289 443/tcp closed https 290 3306/tcp open mysql 291 292 Nmap scan report for bogon (172.16.96.188) 293 Host is up (0.00064s latency). 294 Not shown: 991 closed ports 295 PORT STATE SERVICE 296 22/tcp open ssh 297 80/tcp open http 298 111/tcp open rpcbind 299 1234/tcp open hotline 300 1521/tcp open oracle 301 2809/tcp open corbaloc 302 9100/tcp open jetdirect 303 32768/tcp open filenet-tms 304 32776/tcp open sometimes-rpc15 305 306 Nmap scan report for bogon (172.16.96.200) 307 Host is up (0.00062s latency). 308 Not shown: 984 closed ports 309 PORT STATE SERVICE 310 80/tcp open http 311 81/tcp open hosts2-ns 312 135/tcp open msrpc 313 139/tcp open netbios-ssn 314 445/tcp open microsoft-ds 315 1521/tcp open oracle 316 1688/tcp open nsjtp-data 317 3389/tcp open ms-term-serv 318 4000/tcp open remoteanything 319 4001/tcp open newoak 320 8011/tcp open unknown 321 49152/tcp open unknown 322 49153/tcp open unknown 323 49154/tcp open unknown 324 49155/tcp open unknown 325 49158/tcp open unknown 326 327 Nmap scan report for bogon (172.16.96.222) 328 Host is up (0.00064s latency). 329 Not shown: 997 closed ports 330 PORT STATE SERVICE 331 22/tcp open ssh 332 80/tcp open http 333 3306/tcp open mysql 334 335 Nmap scan report for bogon (172.16.96.235) 336 Host is up (0.00070s latency). 337 Not shown: 987 closed ports 338 PORT STATE SERVICE 339 80/tcp open http 340 135/tcp open msrpc 341 139/tcp open netbios-ssn 342 445/tcp open microsoft-ds 343 1025/tcp open NFS-or-IIS 344 1026/tcp open LSA-or-nterm 345 1027/tcp open IIS 346 1074/tcp open warmspotMgmt 347 1433/tcp open ms-sql-s 348 2382/tcp open ms-olap3 349 3372/tcp open msdtc 350 5120/tcp open unknown 351 9001/tcp open tor-orport 352 353 Nmap scan report for bogon (172.16.96.236) 354 Host is up (0.00097s latency). 355 Not shown: 994 filtered ports 356 PORT STATE SERVICE 357 21/tcp open ftp 358 80/tcp open http 359 443/tcp open https 360 8080/tcp open http-proxy 361 8088/tcp open radan-http 362 49154/tcp open unknown 363 364 Nmap scan report for bogon (172.16.96.250) 365 Host is up (0.00090s latency). 366 Not shown: 994 filtered ports 367 PORT STATE SERVICE 368 80/tcp open http 369 135/tcp open msrpc 370 139/tcp open netbios-ssn 371 5120/tcp open unknown 372 49153/tcp open unknown 373 49154/tcp open unknown 374 375 Nmap scan report for bogon (172.16.96.254) 376 Host is up (0.0016s latency). 377 Not shown: 989 closed ports 378 PORT STATE SERVICE 379 23/tcp open telnet 380 50300/tcp filtered unknown 381 50389/tcp filtered unknown 382 50500/tcp filtered unknown 383 50636/tcp filtered unknown 384 50800/tcp filtered unknown 385 51493/tcp filtered unknown 386 52673/tcp filtered unknown 387 52822/tcp filtered unknown 388 52848/tcp filtered unknown 389 52869/tcp filtered unknown 390 391 Nmap done: 252 IP addresses (35 hosts up) scanned in 55.38 seconds 392 [root@yinzhengjie ~]#
8.扫描特定主机上的端口
1 [root@yinzhengjie ~]# nmap -p80,20,21,23 172.16.96.205 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 14:01 CST 4 Nmap scan report for bogon (172.16.96.205) 5 Host is up (0.00064s latency). 6 PORT STATE SERVICE 7 20/tcp closed ftp-data 8 21/tcp open ftp 9 23/tcp closed telnet 10 80/tcp closed http 11 12 Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds 13 [root@yinzhengjie ~]#
四.Nmap的高逼格使用方法
1.Tcp SYN Scan (sS) 这是一个基本的扫描方式,它被称为半开放扫描,因为这种技术使得Nmap不需要通过完整的握手,就能获得远程主机的信息。Nmap发送SYN包到远程主机,但是它不会产生任何会话.因此不会在目标主机上产生任何日志记录,因为没有形成会话。这个就是SYN扫描的优势.如果Nmap命令中没有指出扫描类型,默认的就是Tcp SYN.但是它需要root/administrator权限.
1 [root@yinzhengjie ~]# nmap -sS 172.16.96.133 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 14:05 CST 4 Nmap scan report for bogon (172.16.96.133) 5 Host is up (0.00048s latency). 6 Not shown: 997 closed ports 7 PORT STATE SERVICE 8 22/tcp open ssh 9 80/tcp open http 10 3306/tcp open mysql 11 12 Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds 13 [root@yinzhengjie ~]#
2.想要通过Nmap准确的检测到远程操作系统是比较困难的,需要使用到Nmap的猜测功能选项,–osscan-guess猜测认为最接近目标的匹配操作系统类型。
1 [root@yinzhengjie ~]# nmap -O --osscan-guess 172.16.96.205 2 3 Starting Nmap 5.51 ( http://nmap.org ) at 2017-08-11 14:11 CST 4 Nmap scan report for bogon (172.16.96.205) 5 Host is up (0.00097s latency). 6 Not shown: 997 closed ports 7 PORT STATE SERVICE 8 21/tcp open ftp 9 22/tcp open ssh 10 111/tcp open rpcbind 11 Device type: WAP|general purpose|firewall|webcam|specialized|storage-misc 12 Running (JUST GUESSING): Netgear embedded (96%), Linux 2.6.X|2.4.X (93%), Check Point embedded (91%), AXIS Linux 2.6.X (91%), Crestron 2-Series (89%), Citrix Linux 2.6.X (89%), IBM embedded (88%), Linksys embedded (88%) 13 Aggressive OS guesses: Netgear DG834G WAP (96%), Linux 2.6.24 - 2.6.35 (93%), Linux 2.6.32 (92%), Linux 2.6.9 - 2.6.18 (92%), Check Point VPN-1 UTM appliance (91%), Linux 2.4.26 (Slackware 10.0.0) (91%), AXIS 211A Network Camera (Linux 2.6) (91%), AXIS 211A Network Camera (Linux 2.6.20) (91%), Linux 2.6.24 (90%), Linux 2.6.17 - 2.6.35 (90%) 14 No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). 15 TCP/IP fingerprint: 16 OS:SCAN(V=5.51%D=8/11%OT=21%CT=1%CU=31252%PV=Y%DS=1%DC=I%G=Y%TM=598D4AB9%P= 17 OS:x86_64-redhat-linux-gnu)SEQ(SP=105%GCD=1%ISR=10C%TI=Z%CI=Z%II=I%TS=A)OPS 18 OS:(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST1 19 OS:1NW7%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN 20 OS:(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=A 21 OS:S%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R 22 OS:=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F 23 OS:=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N% 24 OS:T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD 25 OS:=S) 26 27 Network Distance: 1 hop 28 29 OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . 30 Nmap done: 1 IP address (1 host up) scanned in 11.94 seconds 31 [root@yinzhengjie ~]#
更多详情可参考:http://jingyan.baidu.com/article/47a29f24312010c0142399f1.html