举例
使用nmap -O -Pn 192.168.43.101获取目标主机的操作系统
msf5 > nmap -O -Pn 192.168.43.101 #获取目标主机的操作系统 [*] exec: nmap -O -Pn 192.168.43.101 Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-09 13:40 CST Nmap scan report for 192.168.43.101 Host is up (0.30s latency). Not shown: 990 closed ports PORT STATE SERVICE 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 514/tcp filtered shell 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1027/tcp open IIS 1028/tcp open unknown 1029/tcp open ms-lsa 3306/tcp open mysql Device type: general purpose Running: Microsoft Windows XP|7|2012 OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012 OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012 OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 51.13 seconds
可以看到,目标机是Windows7操作系统