nmap的应用

操作环境：CentOS release 6.9 (Final)

[root@sky9890 ~]# /etc/init.d/iptables start

iptables: No config file. [WARNING]

[root@sky9890 ~]# /etc/init.d/iptables save #保存规则文件

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

[root@sky9890 ~]# /etc/init.d/iptables start #启动防火墙

iptables: Applying firewall rules: [ OK ]

[root@sky9890 ~]# nmap

-bash: nmap: command not found

[root@sky9890 ~]# yum install nmap

Loaded plugins: fastestmirror

Setting up Install Process

Loading mirror speeds from cached hostfile

Resolving Dependencies

--> Running transaction check

---> Package nmap.x86_64 2:5.51-6.el6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

Installing:

nmap x86_64 2:5.51-6.el6 base 2.8 M

Transaction Summary

=======================================================

Install 1 Package(s)

Total download size: 2.8 M

Installed size: 9.7 M

Is this ok [y/N]: y

Downloading Packages:

nmap-5.51-6.el6.x86_64.rpm

……

Installed:

nmap.x86_64 2:5.51-6.el6

Complete!

nmap有三个作用：

一是探测一组主机是否在线；

二是扫描主机端口，嗅探所提供的网络服务；

三是可以推断主机所用的操作系统。

[root@sky9890 ~]# nmap 113.195.210.151 -p 22 #查看连接服务端的22端口是否处于开通状态

Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-31 16:54 CST

Nmap scan report for 151.210.195.113.adsl-pool.jx.chinaunicom.com (113.195.210.151)

Host is up (0.020s latency).

PORT STATE SERVICE

22/tcp open ssh

Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds

[root@sky9890 ~]# nmap 114.55.53.205 #扫描主机开放的端口

Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-31 17:24 CST

Nmap scan report for 114.55.53.205

Host is up (0.0079s latency).

Not shown: 984 closed ports

PORT STATE SERVICE

25/tcp filtered smtp

42/tcp filtered nameserver

80/tcp open http

135/tcp filtered msrpc

139/tcp filtered netbios-ssn

445/tcp filtered microsoft-ds

3306/tcp open mysql

3389/tcp open ms-term-serv

7000/tcp open afs3-fileserver

8000/tcp open http-alt

8082/tcp open blackice-alerts

10001/tcp open scp-config

49152/tcp open unknown

49153/tcp open unknown

49154/tcp open unknown

49155/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 1.30 seconds

[root@sky9890 ~]# nmap -O 114.55.53.205 #探测目标主机的操作系统：Windows

Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-31 17:26 CST

Nmap scan report for 114.55.53.205

Host is up (0.0059s latency).

Not shown: 984 closed ports

PORT STATE SERVICE

25/tcp filtered smtp

42/tcp filtered nameserver

80/tcp open http

135/tcp filtered msrpc

139/tcp filtered netbios-ssn

445/tcp filtered microsoft-ds

3306/tcp open mysql

3389/tcp open ms-term-serv

7000/tcp open afs3-fileserver

8000/tcp open http-alt

8082/tcp open blackice-alerts

10001/tcp open scp-config

49152/tcp open unknown

49153/tcp open unknown

49154/tcp open unknown

49155/tcp open unknown

Device type: general purpose

Running (JUST GUESSING): Microsoft Windows Vista|7|2008|Longhorn (97%)

Aggressive OS guesses: Microsoft Windows Vista Enterprise (97%), Microsoft Windows 7 Ultimate (95%), Microsoft Windows Vista Home Premium SP1, Windows 7, or Server 2008 (94%), Microsoft Windows 7 Professional (93%), Microsoft Windows Vista (92%), Microsoft Windows Vista SP0 - SP2, Server 2008, or Windows 7 Ultimate (92%), Microsoft Windows Server 2008 R2 (92%), Microsoft Windows 7 (91%), Microsoft Windows Vista SP1 (91%), Microsoft Windows Server 2008 (90%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 9 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 6.80 seconds

[root@sky9890 ~]# nmap -O 113.195.210.151 #探测目标主机的操作系统：Linux

Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-31 17:18 CST

Nmap scan report for 151.210.195.113.adsl-pool.jx.chinaunicom.com (113.195.210.151)

Host is up (0.021s latency).

Not shown: 995 filtered ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

3306/tcp closed mysql

8080/tcp closed http-proxy

9090/tcp closed zeus-admin

Device type: general purpose|WAP|specialized

Running (JUST GUESSING): Linux 2.6.X|2.4.X (89%), Netgear embedded (89%), Linksys Linux 2.4.X (87%), Asus Linux 2.6.X (87%), Crestron 2-Series (86%)

Aggressive OS guesses: Linux 2.6.31 - 2.6.34 (89%), Linux 2.6.9 - 2.6.27 (89%), Netgear DG834G WAP (89%), Linux 2.6.22 (Fedora Core 6) (88%), Linux 2.6.32 (88%), Linux 2.6.34 (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (87%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (87%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (87%), Linux 2.6.24 - 2.6.35 (87%)

No exact OS matches for host (test conditions non-ideal).

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 9.32 seconds

[root@sky9890 ~]# nmap -A 114.55.53.205

Starting Nmap 5.51 ( http://nmap.org ) at 2018-03-31 17:28 CST

Stats: 0:01:33 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan

Service scan Timing: About 90.91% done; ETC: 17:29 (0:00:09 remaining)

Nmap scan report for 114.55.53.205

Host is up (0.0057s latency).

Not shown: 984 closed ports

PORT STATE SERVICE VERSION

25/tcp filtered smtp

42/tcp filtered nameserver

80/tcp open http Apache httpd 2.4.10 ((Win32) OpenSSL/0.9.8zb PHP/5.3.29)

| http-methods: Potentially risky methods: TRACE

|_See http://nmap.org/nsedoc/scripts/http-methods.html

|_http-title: 403 Forbidden

135/tcp filtered msrpc

139/tcp filtered netbios-ssn

445/tcp filtered microsoft-ds

3306/tcp open mysql MySQL (unauthorized)

3389/tcp open microsoft-rdp Microsoft Terminal Service

7000/tcp open tcpwrapped

8000/tcp open http-alt?

|_http-methods: No Allow or Public header in OPTIONS response (status code 302)

|_http-title: Requested resource was http://114.55.53.205:8000/accounts/login?next=/ and no page was returned.

8082/tcp open http Octoshape P2P streaming web service

|_http-methods: No Allow or Public header in OPTIONS response (status code 404)

10001/tcp open scp-config?

49152/tcp open msrpc Microsoft Windows RPC

49153/tcp open msrpc Microsoft Windows RPC

49154/tcp open msrpc Microsoft Windows RPC

49155/tcp open msrpc Microsoft Windows RPC

2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port8000-TCP:V=5.51%I=7%D=3/31%Time=5ABF54A8%P=x86_64-redhat-linux-gnu%

SF:x01\0\(\0\0\0\x0046e7c680871c5fe0ac4581b5c3d558e593bba4b4");

Device type: general purpose

Running (JUST GUESSING): Microsoft Windows Vista|7|2008|Longhorn (97%)

Aggressive OS guesses: Microsoft Windows Vista Enterprise (97%), Microsoft Windows 7 Ultimate (95%), Microsoft Windows Vista Home Premium SP1, Windows 7, or Server 2008 (94%), Microsoft Windows 7 Professional (93%), Microsoft Windows Vista (92%), Microsoft Windows Vista SP0 - SP2, Server 2008, or Windows 7 Ultimate (92%), Microsoft Windows Server 2008 R2 (92%), Microsoft Windows 7 (91%), Microsoft Windows Vista SP1 (91%), Microsoft Windows Server 2008 (90%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 10 hops

Service Info: OS: Windows

TRACEROUTE (using port 1723/tcp)

HOP RTT ADDRESS

1 ...

2 6.09 ms 11.218.123.13

3 7.29 ms 11.218.122.178

4 4.70 ms 11.217.0.26

5 4.11 ms 106.11.75.1

6 6.74 ms 140.205.24.21

7 4.95 ms 116.251.124.109

8 10.98 ms 11.182.220.17

9 13.50 ms 11.220.129.54

10 5.36 ms 114.55.53.205

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 127.84 seconds