Linux网络扫描和嗅探工具—Nmap命令

1、简介
Nmap , 也就是  , 是Linux下的网络扫描和嗅探工具包 。它由编写并维护 。由于Nmap品质卓越 , 使用灵活 , 它已经是渗透测试人员必备的工具 。
其基本功能有三个:
(1)是扫描主机端口 , 嗅探所提供的网络服务
(2)是探测一组主机是否在线
(3)还可以推断主机所用的操作系统 , 到达主机经过的路由 , 系统已开放端口的软件版本
2、安装
[root@redis-120-20 ~]# yum install nmap
3、Nmap命令常用格式
[root@redis-120-20 ~]# man nmap-sS: TCP SYN 扫描 (又称半开放,或隐身扫描)-P0: 允许你关闭 ICMP pings.-sV: 打开系统版本检测-O: 尝试识别远程操作系统-A: 同时打开操作系统指纹和版本检测-v: 详细输出扫描情况.
4、扫描出其对外开放的服务
[root@redis-120-20 ~]# nmap 172.17.120.11Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-2621:35 CSTNmap scan report forelasticsearch-01.crawler-beta (172.17.120.11)Host is up (0.00019s latency).Not shown: 998closed portsPORTSTATE SERVICE22/tcp openssh80/tcp open httpMAC Address: 02:00:1F:B5:00:6B (Unknown)Nmap done: 1IP address (1 host up) scanned in11.16 seconds# 可以看出只开放了22端口和80端口
5、nmap -p 端口 IP(域名) , 判断ip是否开放指定端口
[root@redis-120-20 ~]# nmap -p 80 172.17.120.11Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-2621:37 CSTNmap scan report forelasticsearch-01.crawler-beta (172.17.120.11)Host is up (0.00037s latency).PORTSTATE SERVICE80/tcp open httpMAC Address: 02:00:1F:B5:00:6B (Unknown)Nmap done: 1IP address (1 host up) scanned in11.09 seconds----------------------------------------------------------------------------------------[root@redis-120-20 ~]# nmap -p 8080 172.17.120.11Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-2621:38 CSTNmap scan report forelasticsearch-01.crawler-beta (172.17.120.11)Host is up (0.00039s latency).PORTSTATE SERVICE8080/tcp closed http-proxyMAC Address: 02:00:1F:B5:00:6B (Unknown)Nmap done: 1IP address (1 host up) scanned in11.10 seconds# 可以看出80端口开放 , 8080端口没有开放

Linux网络扫描和嗅探工具—Nmap命令

文章插图
6、在网络寻找所有在线主机
[root@redis-120-20 ~]# nmap -sP 172.17.120.*[root@redis-120-20 ~]# nmap -sP 172.17.120.0/24
7、增加端口和网段
[root@redis-120-20 ~]# nmap -p 443,22,80 172.17.120.11[root@redis-120-20 ~]# nmap -p 443,22,80 172.17.120.11-14
8、扫描地址段是排除某个IP地址
[root@redis-120-20 ~]# nmap 172.17.120.11-14 --exclude 172.17.120.13
9、扫描多个地址时排除文件里的IP地址
【Linux网络扫描和嗅探工具—Nmap命令】 [root@redis-120-20 ~]# cat ex.txt 172.17.120.11172.17.120.14[root@redis-120-20 ~]# nmap 172.17.120.11-14 --excludefile ex.txt
10、在某段子网上查找未占用的 IP
[root@redis-120-20 ~]# nmap -T4 -sP 172.17.120.0/24 && egrep “00:00:00:00:00:00″ /proc/net/arp
11、服务版本识别(-sV) , Nmap可以在进行端口扫描的时候检测服务端软件的版本信息
[root@redis-120-20 ~]# nmap -sV 172.17.120.11 -p 80Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-2621:42 CSTNmap scan report forelasticsearch-01.crawler-beta (172.17.120.11)Host is up (0.00041s latency).PORTSTATE SERVICE VERSION80/tcp open httpnginx 1.16.1MAC Address: 02:00:1F:B5:00:6B (Unknown)Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1IP address (1 host up) scanned in17.21 seconds