Linux网络扫描和嗅探工具—Nmap命令( 二 )


12、操作系统检测(-O) , Nmap还能识别目标主机的操作系统
[root@redis-120-20 ~]# nmap -O 172.17.120.11 Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-2621:44 CSTNmap scan report forelasticsearch-01.crawler-beta (172.17.120.11)Host is up (0.00037s latency).Not shown: 998closed portsPORTSTATE SERVICE22/tcp openssh80/tcp open httpMAC Address: 02:00:1F:B5:00:6B (Unknown)No exact OS matches forhost (If you know what OS is running on it, see http://nmap.org/submit/ ).TCP/IP fingerprint:OS:SCAN(V=6.40%E=4%D=3/26%OT=22%CT=1%CU=34467%PV=Y%DS=1%DC=D%G=Y%M=02001F%TOS:M=5E7CB1E6%P=x86_64-redhat-linux-gnu)SEQ(SP=107%GCD=1%ISR=10C%TI=Z%TS=U)OS:SEQ(SP=107%GCD=1%ISR=10C%TI=Z%II=I%TS=U)OPS(O1=M5B4NNSNW9%O2=M5B4NNSNW9%OS:O3=M5B4NW9%O4=M5B4NNSNW9%O5=M5B4NNSNW9%O6=M5B4NNS)WIN(W1=7210%W2=7210%W3OS:=7210%W4=7210%W5=7210%W6=7210)ECN(R=Y%DF=Y%T=40%W=7210%O=M5B4NNSNW9%CC=YOS:%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=4OS:0%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%OS:Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%OS:A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%OS:RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)Network Distance: 1hopOS detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1IP address (1 host up) scanned in22.89 seconds
13、找到目标主机开放了哪些 UDP端口 。为提高扫描速度 , 我们仅扫描 53端口 (DNS)和161端口(SNMP)
[root@redis-120-20 ~]# nmap -sU 172.17.120.11 -p 53,161Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-2622:01 CSTNmap scan report forelasticsearch-01.crawler-beta (172.17.120.11)Host is up (0.00044s latency).PORTSTATE SERVICE53/udp closed domain161/udp closed snmpMAC Address: 02:00:1F:B5:00:6B (Unknown)Nmap done: 1IP address (1 host up) scanned in11.09 seconds
14、启用Nmap的-6选项即可扫描IPv6的目标主机
[root@redis-120-20 ~]# nmap -6fe80::a00:27ff:fe43:1518
15、在局域网上扫找蠕虫病毒
[root@redis-120-20 ~]# nmap -PN -T4 -p139,445 -n -v –script=smb-check-vulns –script-args safe=1 172.17.120.1-254
16、扫描网络上的恶意接入点 (rogue APs)
[root@redis-120-20 ~]# nmap -A -p1-85,113,443,8080-8100 -T4 –min-hostgroup 50 –max-rtt-timeout 2000 –initial-rtt timeout 300 –max-retries 3 –host-timeout 20m –max-scan-delay 1000 -oA wapscan 172.17.120.0/24
17、使用诱饵扫描方法来扫描主机端口
[root@redis-120-20 ~]# nmap -sS 172.17.120.12 -D 172.17.120.20
18、显示网络上共有多少台 Linux 及 Win 设备
[root@redis-120-20 ~]# nmap -F -O 172.17.120.0-255 | grep “Running: ” > /tmp/os; echo “$(cat /tmp/os | grep Linux \| wc -l) Linux device(s)”; echo “$(cat /tmp/os | grep Windows | wc -l) Window(s) device”
如果文章有任何错误欢迎不吝赐教 , 其次大家有任何关于运维的疑难杂问 , 也欢迎和大家一起交流讨论 。关于运维学习、分享、交流 , 笔者开通了微信公众号【运维猫】 , 感兴趣的朋友可以关注下 , 欢迎加入 , 建立属于我们自己的小圈子 , 一起学运维知识 。群主还经营一家饰品店 , 喜欢的小伙伴欢迎????前来下单 。
扫描二维码