Nmap即網(wǎng)絡(luò)映射器對(duì)Linux系統(tǒng)/網(wǎng)絡(luò)打點(diǎn)員來(lái)說(shuō)是一個(gè)開(kāi)源且很是通用的東西。Nmap用于在長(zhǎng)途呆板上探測(cè)網(wǎng)絡(luò),執(zhí)行安詳掃描,網(wǎng)絡(luò)審計(jì)和搜尋開(kāi)放端口。它會(huì)掃描長(zhǎng)途在線主機(jī),該主機(jī)的操縱系統(tǒng),包過(guò)濾器和開(kāi)放的端口。
我將用兩個(gè)差異的部門(mén)來(lái)涵蓋大部門(mén)NMAP的利用要領(lǐng),這是nmap要害的第一部門(mén)。在下面的配置中,我利用兩臺(tái)已封鎖防火墻的處事器來(lái)測(cè)試Nmap呼吁的事情環(huán)境。
192.168.0.100 – server1.tecmint.com
192.168.0.101 – server2.tecmint.com
NMAP呼吁用法
# nmap [Scan Type(s)] [Options] {target specification}
如安在Linux下安裝NMAP
此刻大部門(mén)Linux的刊行版本像Red Hat,CentOS,F(xiàn)edoro,Debian和Ubuntu在其默認(rèn)的軟件包攬理庫(kù)(即Yum 和 APT)中都自帶了Nmap,這兩種東西都用于安裝和打點(diǎn)軟件包和更新。在刊行版上安裝Nmap詳細(xì)利用如下呼吁。
# yum install nmap [on Red Hat based systems]
$ sudo apt-get install nmap [on Debian based systems]
一旦你安裝了最新的nmap應(yīng)用措施,你就可以憑據(jù)本文中提供的示例說(shuō)明來(lái)操縱。
1. 用主機(jī)名和IP地點(diǎn)掃描系統(tǒng)
Nmap東西提供各類(lèi)要領(lǐng)來(lái)掃描系統(tǒng)。在這個(gè)例子中,我利用server2.tecmint.com主機(jī)名來(lái)掃描系統(tǒng)找出該系統(tǒng)上所有開(kāi)放的端口,處事和MAC地點(diǎn)。
利用主機(jī)名掃描
[[email protected] ~]# nmap server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds
You have new mail in /var/spool/mail/root
利用IP地點(diǎn)掃描
[[email protected] ~]# nmap 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds
You have new mail in /var/spool/mail/root
2.掃描利用“-v”選項(xiàng)
你可以看到下面的呼吁利用“ -v “選項(xiàng)后給出了長(zhǎng)途呆板更具體的信息。
[[email protected] ~]# nmap -v server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST
Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43
The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43
Discovered open port 22/tcp on 192.168.0.101
Discovered open port 80/tcp on 192.168.0.101
Discovered open port 8888/tcp on 192.168.0.101
Discovered open port 111/tcp on 192.168.0.101
Discovered open port 3306/tcp on 192.168.0.101
Discovered open port 957/tcp on 192.168.0.101
The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.tecmint.com (192.168.0.101) appears to be up ... good.
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
3.掃描多臺(tái)主機(jī)
你可以簡(jiǎn)樸的在Nmap呼吁后加上多個(gè)IP地點(diǎn)或主機(jī)名來(lái)掃描多臺(tái)主機(jī)。
[[email protected] ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds
4.掃描整個(gè)子網(wǎng)
你可以利用*通配符來(lái)掃描整個(gè)子網(wǎng)或某個(gè)范疇的IP地點(diǎn)。
[[email protected] ~]# nmap 192.168.0.*
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST
Interesting ports on server1.tecmint.com (192.168.0.100):
Not shown: 1677 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
851/tcp open unknown
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds
You have new mail in /var/spool/mail/root
從上面的輸出可以看到,nmap掃描了整個(gè)子網(wǎng),給出了網(wǎng)絡(luò)中當(dāng)前網(wǎng)絡(luò)中在線主機(jī)的信息。
5.利用IP地點(diǎn)的最后一個(gè)字節(jié)掃描多臺(tái)處事器
你可以簡(jiǎn)樸的指定IP地點(diǎn)的最后一個(gè)字節(jié)來(lái)對(duì)多個(gè)IP地點(diǎn)舉辦掃描。譬喻,我在下面執(zhí)行中掃描了IP地點(diǎn)192.168.0.101,192.168.0.102和192.168.0.103。
[[email protected] ~]# nmap 192.168.0.101,102,103
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds
You have new mail in /var/spool/mail/root
6. 從一個(gè)文件中掃描主機(jī)列表
假如你有多臺(tái)主機(jī)需要掃描且所有主機(jī)信息都寫(xiě)在一個(gè)文件中,那么你可以直接讓nmap讀取該文件來(lái)執(zhí)行掃描,讓我們來(lái)看看如何做到這一點(diǎn)。
建設(shè)一個(gè)名為“nmaptest.txt ”的文本文件,并界說(shuō)所有你想要掃描的處事器IP地點(diǎn)或主機(jī)名。
[[email protected] ~]# cat > nmaptest.txt
localhost
server2.tecmint.com
192.168.0.101
接下來(lái)運(yùn)行帶“iL” 選項(xiàng)的nmap呼吁來(lái)掃描文件中列出的所有IP地點(diǎn)。
[[email protected] ~]# nmap -iL nmaptest.txt
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1675 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
857/tcp open unknown
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds
7.掃描一個(gè)IP地點(diǎn)范疇
你可以在nmap執(zhí)行掃描時(shí)指定IP范疇。
[[email protected] ~]# nmap 192.168.0.101-110
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds
8.解除一些長(zhǎng)途主機(jī)后再掃描
在執(zhí)行全網(wǎng)掃描或用通配符掃描時(shí)你可以利用“-exclude”選項(xiàng)來(lái)解除某些你不想要掃描的主機(jī)。
[[email protected] ~]# nmap 192.168.0.* --exclude 192.168.0.100
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 seconds
You have new mail in /var/spool/mail/root
9.掃描操縱系統(tǒng)信息和路由跟蹤
