Nmap即网络映射器对Linux系统/网络打点员来说是一个开源且很是通用的东西。Nmap用于在长途呆板上探测网络,执行安详扫描,网络审计和搜寻开放端口。它会扫描长途在线主机,该主机的操纵系统,包过滤器和开放的端口。
我将用两个差异的部门来涵盖大部门NMAP的利用要领,这是nmap要害的第一部门。在下面的配置中,我利用两台已封锁防火墙的处事器来测试Nmap呼吁的事情环境。
192.168.0.100 – server1.tecmint.com
192.168.0.101 – server2.tecmint.com
NMAP呼吁用法
# nmap [Scan Type(s)] [Options] {target specification}
如安在Linux下安装NMAP
此刻大部门Linux的刊行版本像Red Hat,CentOS,Fedoro,Debian和Ubuntu在其默认的软件包揽理库(即Yum 和 APT)中都自带了Nmap,这两种东西都用于安装和打点软件包和更新。在刊行版上安装Nmap详细利用如下呼吁。
# yum install nmap [on Red Hat based systems]
$ sudo apt-get install nmap [on Debian based systems]
一旦你安装了最新的nmap应用措施,你就可以凭据本文中提供的示例说明来操纵。
1. 用主机名和IP地点扫描系统
Nmap东西提供各类要领来扫描系统。在这个例子中,我利用server2.tecmint.com主机名来扫描系统找出该系统上所有开放的端口,处事和MAC地点。
利用主机名扫描
[[email protected] ~]# nmap server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds
You have new mail in /var/spool/mail/root
利用IP地点扫描
[[email protected] ~]# nmap 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds
You have new mail in /var/spool/mail/root
2.扫描利用“-v”选项
你可以看到下面的呼吁利用“ -v “选项后给出了长途呆板更具体的信息。
[[email protected] ~]# nmap -v server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST
Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43
The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43
Discovered open port 22/tcp on 192.168.0.101
Discovered open port 80/tcp on 192.168.0.101
Discovered open port 8888/tcp on 192.168.0.101
Discovered open port 111/tcp on 192.168.0.101
Discovered open port 3306/tcp on 192.168.0.101
Discovered open port 957/tcp on 192.168.0.101
The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.tecmint.com (192.168.0.101) appears to be up ... good.
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
3.扫描多台主机
你可以简朴的在Nmap呼吁后加上多个IP地点或主机名来扫描多台主机。
[[email protected] ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds
4.扫描整个子网
你可以利用*通配符来扫描整个子网或某个范畴的IP地点。
[[email protected] ~]# nmap 192.168.0.*
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST
Interesting ports on server1.tecmint.com (192.168.0.100):
Not shown: 1677 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
851/tcp open unknown
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds
You have new mail in /var/spool/mail/root
从上面的输出可以看到,nmap扫描了整个子网,给出了网络中当前网络中在线主机的信息。
5.利用IP地点的最后一个字节扫描多台处事器
你可以简朴的指定IP地点的最后一个字节来对多个IP地点举办扫描。譬喻,我在下面执行中扫描了IP地点192.168.0.101,192.168.0.102和192.168.0.103。
[[email protected] ~]# nmap 192.168.0.101,102,103
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds
You have new mail in /var/spool/mail/root
6. 从一个文件中扫描主机列表
假如你有多台主机需要扫描且所有主机信息都写在一个文件中,那么你可以直接让nmap读取该文件来执行扫描,让我们来看看如何做到这一点。
建设一个名为“nmaptest.txt ”的文本文件,并界说所有你想要扫描的处事器IP地点或主机名。
[[email protected] ~]# cat > nmaptest.txt
localhost
server2.tecmint.com
192.168.0.101
接下来运行带“iL” 选项的nmap呼吁来扫描文件中列出的所有IP地点。
[[email protected] ~]# nmap -iL nmaptest.txt
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1675 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
857/tcp open unknown
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds
7.扫描一个IP地点范畴
你可以在nmap执行扫描时指定IP范畴。
[[email protected] ~]# nmap 192.168.0.101-110
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds
8.解除一些长途主机后再扫描
在执行全网扫描或用通配符扫描时你可以利用“-exclude”选项来解除某些你不想要扫描的主机。
[[email protected] ~]# nmap 192.168.0.* --exclude 192.168.0.100
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 seconds
You have new mail in /var/spool/mail/root
9.扫描操纵系统信息和路由跟踪
