Nmap即網(wǎng)絡(luò)映射器對Linux系統(tǒng)/網(wǎng)絡(luò)打點員來說是一個開源且很是通用的東西。Nmap用于在長途呆板上探測網(wǎng)絡(luò),執(zhí)行安詳掃描,網(wǎng)絡(luò)審計和搜尋開放端口。它會掃描長途在線主機,該主機的操縱系統(tǒng),包過濾器和開放的端口。
我將用兩個差異的部門來涵蓋大部門NMAP的利用要領(lǐng),這是nmap要害的第一部門。在下面的配置中,我利用兩臺已封鎖防火墻的處事器來測試Nmap呼吁的事情環(huán)境。
192.168.0.100 – server1.tecmint.com
192.168.0.101 – server2.tecmint.com
NMAP呼吁用法
# nmap [Scan Type(s)] [Options] {target specification}
如安在Linux下安裝NMAP
此刻大部門Linux的刊行版本像Red Hat,CentOS,F(xiàn)edoro,Debian和Ubuntu在其默認(rèn)的軟件包攬理庫(即Yum 和 APT)中都自帶了Nmap,這兩種東西都用于安裝和打點軟件包和更新。在刊行版上安裝Nmap詳細(xì)利用如下呼吁。
# yum install nmap [on Red Hat based systems]
$ sudo apt-get install nmap [on Debian based systems]
一旦你安裝了最新的nmap應(yīng)用措施,你就可以憑據(jù)本文中提供的示例說明來操縱。
1. 用主機名和IP地點掃描系統(tǒng)
Nmap東西提供各類要領(lǐng)來掃描系統(tǒng)。在這個例子中,我利用server2.tecmint.com主機名來掃描系統(tǒng)找出該系統(tǒng)上所有開放的端口,處事和MAC地點。
利用主機名掃描
[[email protected] ~]# nmap server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds
You have new mail in /var/spool/mail/root
利用IP地點掃描
[[email protected] ~]# nmap 192.168.0.101
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds
You have new mail in /var/spool/mail/root
2.掃描利用“-v”選項
你可以看到下面的呼吁利用“ -v “選項后給出了長途呆板更具體的信息。
[[email protected] ~]# nmap -v server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST
Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43
The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43
Discovered open port 22/tcp on 192.168.0.101
Discovered open port 80/tcp on 192.168.0.101
Discovered open port 8888/tcp on 192.168.0.101
Discovered open port 111/tcp on 192.168.0.101
Discovered open port 3306/tcp on 192.168.0.101
Discovered open port 957/tcp on 192.168.0.101
The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.tecmint.com (192.168.0.101) appears to be up ... good.
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
3.掃描多臺主機
你可以簡樸的在Nmap呼吁后加上多個IP地點或主機名來掃描多臺主機。
[[email protected] ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds
4.掃描整個子網(wǎng)
你可以利用*通配符來掃描整個子網(wǎng)或某個范疇的IP地點。
[[email protected] ~]# nmap 192.168.0.*
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST
Interesting ports on server1.tecmint.com (192.168.0.100):
Not shown: 1677 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
851/tcp open unknown
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds
You have new mail in /var/spool/mail/root
從上面的輸出可以看到,nmap掃描了整個子網(wǎng),給出了網(wǎng)絡(luò)中當(dāng)前網(wǎng)絡(luò)中在線主機的信息。
5.利用IP地點的最后一個字節(jié)掃描多臺處事器
你可以簡樸的指定IP地點的最后一個字節(jié)來對多個IP地點舉辦掃描。譬喻,我在下面執(zhí)行中掃描了IP地點192.168.0.101,192.168.0.102和192.168.0.103。
[[email protected] ~]# nmap 192.168.0.101,102,103
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds
You have new mail in /var/spool/mail/root
6. 從一個文件中掃描主機列表
假如你有多臺主機需要掃描且所有主機信息都寫在一個文件中,那么你可以直接讓nmap讀取該文件來執(zhí)行掃描,讓我們來看看如何做到這一點。
建設(shè)一個名為“nmaptest.txt ”的文本文件,并界說所有你想要掃描的處事器IP地點或主機名。
[[email protected] ~]# cat > nmaptest.txt
localhost
server2.tecmint.com
192.168.0.101
接下來運行帶“iL” 選項的nmap呼吁來掃描文件中列出的所有IP地點。
[[email protected] ~]# nmap -iL nmaptest.txt
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1675 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
857/tcp open unknown
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
958/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds
7.掃描一個IP地點范疇
你可以在nmap執(zhí)行掃描時指定IP范疇。
[[email protected] ~]# nmap 192.168.0.101-110
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds
8.解除一些長途主機后再掃描
在執(zhí)行全網(wǎng)掃描或用通配符掃描時你可以利用“-exclude”選項來解除某些你不想要掃描的主機。
[[email protected] ~]# nmap 192.168.0.* --exclude 192.168.0.100
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 EST
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 seconds
You have new mail in /var/spool/mail/root
9.掃描操縱系統(tǒng)信息和路由跟蹤