29个nmap命令使用实例

作者：手机用户2502926851 | 来源：互联网 | 2014-05-27 21:26

Nmap即网络映射器对Linux系统/网络管理员来说是一个开源且非常通用的工具。Nmap用于在远程机器上探测网络，执行安全扫描，网络审计和搜寻开放端口。它会扫描远程在线主机，该主机的操作系统，包过滤器和开放的端口。我将用两个不同的部分来涵盖大部分NMAP的

Nmap即网络映射器对Linux系统/网络管理员来说是一个开源且非常通用的工具。Nmap用于在远程机器上探测网络，执行安全扫描，网络审计和搜寻开放端口。它会扫描远程在线主机，该主机的操作系统，包过滤器和开放的端口。

我将用两个不同的部分来涵盖大部分NMAP的使用方法，这是nmap关键的第一部分。在下面的设置中，我使用两台已关闭防火墙的服务器来测试Nmap命令的工作情况。

192.168.0.100 ? server1.tecmint.com

192.168.0.101 ? server2.tecmint.com

NMAP命令用法

# nmap [Scan Type(s)] [Options] {target specification}

如何在Linux下安装NMAP

现在大部分Linux的发行版本像Red Hat，CentOS，Fedoro，Debian和Ubuntu在其默认的软件包管理库（即Yum 和 APT）中都自带了Nmap，这两种工具都用于安装和管理软件包和更新。在发行版上安装Nmap具体使用如下命令。

# yum install nmap [on Red Hat based systems]

$ sudo apt-get install nmap [on Debian based systems]

一旦你安装了最新的nmap应用程序，你就可以按照本文中提供的示例说明来操作。

1. 用主机名和IP地址扫描系统

Nmap工具提供各种方法来扫描系统。在这个例子中，我使用server2.tecmint.com主机名来扫描系统找出该系统上所有开放的端口，服务和MAC地址。

使用主机名扫描

[root@server1 ~]# nmap server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds

You have new mail in /var/spool/mail/root

使用IP地址扫描

[root@server1 ~]# nmap 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

958/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds

You have new mail in /var/spool/mail/root

2.扫描使用“-v”选项

你可以看到下面的命令使用“ -v “选项后给出了远程机器更详细的信息。

[root@server1 ~]# nmap -v server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST

Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43

The ARP Ping Scan took 0.01s to scan 1 total hosts.

Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43

Discovered open port 22/tcp on 192.168.0.101

Discovered open port 80/tcp on 192.168.0.101

Discovered open port 8888/tcp on 192.168.0.101

Discovered open port 111/tcp on 192.168.0.101

Discovered open port 3306/tcp on 192.168.0.101

Discovered open port 957/tcp on 192.168.0.101

The SYN Stealth Scan took 0.30s to scan 1680 total ports.

Host server2.tecmint.com (192.168.0.101) appears to be up ... good.

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds

Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)

3.扫描多台主机

你可以简单的在Nmap命令后加上多个IP地址或主机名来扫描多台主机。

[root@server1 ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds

4.扫描整个子网

你可以使用*通配符来扫描整个子网或某个范围的IP地址。

[root@server1 ~]# nmap 192.168.0.*

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST

Interesting ports on server1.tecmint.com (192.168.0.100):

Not shown: 1677 closed ports

PORT STATE SERVICE

22/tcp open ssh

111/tcp open rpcbind

851/tcp open unknown

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds

You have new mail in /var/spool/mail/root

从上面的输出可以看到，nmap扫描了整个子网，给出了网络中当前网络中在线主机的信息。

5.使用IP地址的最后一个字节扫描多台服务器

你可以简单的指定IP地址的最后一个字节来对多个IP地址进行扫描。例如，我在下面执行中扫描了IP地址192.168.0.101，192.168.0.102和192.168.0.103。

[root@server1 ~]# nmap 192.168.0.101,102,103

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds

You have new mail in /var/spool/mail/root

6. 从一个文件中扫描主机列表

如果你有多台主机需要扫描且所有主机信息都写在一个文件中，那么你可以直接让nmap读取该文件来执行扫描，让我们来看看如何做到这一点。

创建一个名为“nmaptest.txt ”的文本文件，并定义所有你想要扫描的服务器IP地址或主机名。

[root@server1 ~]# cat > nmaptest.txt

localhost

server2.tecmint.com

192.168.0.101

接下来运行带“iL” 选项的nmap命令来扫描文件中列出的所有IP地址。

[root@server1 ~]# nmap -iL nmaptest.txt

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST

Interesting ports on localhost.localdomain (127.0.0.1):

Not shown: 1675 closed ports

PORT STATE SERVICE

22/tcp open ssh

25/tcp open smtp

111/tcp open rpcbind

631/tcp open ipp

857/tcp open unknown

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

958/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

958/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds

7.扫描一个IP地址范围

你可以在nmap执行扫描时指定IP范围。

[root@server1 ~]# nmap 192.168.0.101-110

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds

8.排除一些远程主机后再扫描

在执行全网扫描或用通配符扫描时你可以使用“-exclude”选项来排除某些你不想要扫描的主机。

[root@server1 ~]# nmap 192.168.0.* --exclude 192.168.0.100

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 seconds

You have new mail in /var/spool/mail/root

9.扫描操作系统信息和路由跟踪

使用Nmap，你可以检测远程主机上运行的操作系统和版本。为了启用操作系统和版本检测，脚本扫描和路由跟踪功能，我们可以使用NMAP的“-A“选项。

[root@server1 ~]# nmap -A 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:25 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.3 (protocol 2.0)

80/tcp open http Apache httpd 2.2.3 ((CentOS))

111/tcp open rpcbind 2 (rpc #100000)

957/tcp open status 1 (rpc #100024)

3306/tcp open mysql MySQL (unauthorized)

8888/tcp open http lighttpd 1.4.32

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).

TCP/IP fingerprint:

SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52814B66%O=22%C=1%M=080027)

TSeq(Class=TR%IPID=Z%TS=1000HZ)

T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)

T2(Resp=N)

T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)

T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Uptime 0.169 days (since Mon Nov 11 12:22:15 2013)

Nmap finished: 1 IP address (1 host up) scanned in 22.271 seconds

从上面的输出你可以看到，Nmap显示出了远程主机操作系统的TCP / IP协议指纹，并且更加具体的显示出远程主机上的端口和服务。

10.启用Nmap的操作系统探测功能

使用选项“-O”和“-osscan-guess”也帮助探测操作系统信息。

[root@server1 ~]# nmap -O server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:40 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).

TCP/IP fingerprint:

SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52815CF4%O=22%C=1%M=080027)

TSeq(Class=TR%IPID=Z%TS=1000HZ)

T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)

T2(Resp=N)

T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW)

T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=Option -O and -osscan-guess also helps to discover OS

R%Ops=)

T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Uptime 0.221 days (since Mon Nov 11 12:22:16 2013)

Nmap finished: 1 IP address (1 host up) scanned in 11.064 seconds

You have new mail in /var/spool/mail/root

11.扫描主机侦测防火墙

下面的命令将扫描远程主机以探测该主机是否使用了包过滤器或防火墙。

[root@server1 ~]# nmap -sA 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 EST

All 1680 scanned ports on server2.tecmint.com (192.168.0.101) are UNfiltered

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.382 seconds

You have new mail in /var/spool/mail/root

12.扫描主机检测是否有防火墙保护

扫描主机检测其是否受到数据包过滤软件或防火墙的保护。

[root@server1 ~]# nmap -PN 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds

13.找出网络中的在线主机

使用“-sP”选项，我们可以简单的检测网络中有哪些在线主机，该选项会跳过端口扫描和其他一些检测。

[root@server1 ~]# nmap -sP 192.168.0.*

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:01 EST

Host server1.tecmint.com (192.168.0.100) appears to be up.

Host server2.tecmint.com (192.168.0.101) appears to be up.

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.109 seconds

14.执行快速扫描

你可以使用“-F”选项执行一次快速扫描，仅扫描列在nmap-services文件中的端口而避开所有其它的端口。

[root@server1 ~]# nmap -F 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:47 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1234 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.322 seconds

15.查看Nmap的版本

你可以使用“-V”选项来检测你机子上Nmap的版本。

[root@server1 ~]# nmap -V

Nmap version 4.11 ( http://www.insecure.org/nmap/ )

You have new mail in /var/spool/mail/root

16.顺序扫描端口

使用“-r”选项表示不会随机的选择端口扫描。

[root@server1 ~]# nmap -r 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:52 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds

17.打印主机接口和路由

你可以使用nmap的“?iflist”选项检测主机接口和路由信息。

[root@server1 ~]# nmap --iflist

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:07 EST

************************INTERFACES************************

DEV (SHORT) IP/MASK TYPE UP MAC

lo (lo) 127.0.0.1/8 loopback up

eth0 (eth0) 192.168.0.100/24 ethernet up 08:00:27:11:C7:89

**************************ROUTES**************************

DST/MASK DEV GATEWAY

192.168.0.0/0 eth0

169.254.0.0/0 eth0

从上面的输出你可以看到，nmap列举出了你系统上的接口以及它们各自的路由信息。

18.扫描特定的端口

使用Nmap扫描远程机器的端口有各种选项，你可以使用“-P”选项指定你想要扫描的端口，默认情况下nmap只扫描TCP端口。

[root@server1 ~]# nmap -p 80 server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:12 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

80/tcp open http

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) sca

19.扫描TCP端口

你可以指定具体的端口类型和端口号来让nmap扫描。

[root@server1 ~]# nmap -p T:8888,80 server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

80/tcp open http

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds

20.扫描UDP端口

[root@server1 ~]# nmap -sU 53 server2.tecmint.com

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

53/udp open http

8888/udp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds

21.扫描多个端口

你还可以使用选项“-P”来扫描多个端口。

[root@server1 ~]# nmap -p 80,443 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:56 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

80/tcp open http

443/tcp closed https

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.190 seconds

22.扫描指定范围内的端口

您可以使用表达式来扫描某个范围内的端口。

[root@server1 ~]# nmap -p 80-160 192.168.0.101

23.查找主机服务版本号

我们可以使用“-sV”选项找出远程主机上运行的服务版本。

[root@server1 ~]# nmap -sV 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:48 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.3 (protocol 2.0)

80/tcp open http Apache httpd 2.2.3 ((CentOS))

111/tcp open rpcbind 2 (rpc #100000)

957/tcp open status 1 (rpc #100024)

3306/tcp open mysql MySQL (unauthorized)

8888/tcp open http lighttpd 1.4.32

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 12.624 seconds

24.使用TCP ACK (PA)和TCP Syn (PS)扫描远程主机

有时候包过滤防火墙会阻断标准的ICMP ping请求，在这种情况下，我们可以使用TCP ACK和TCP Syn方法来扫描远程主机。

[root@server1 ~]# nmap -PS 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:51 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.360 seconds

You have new mail in /var/spool/mail/root

25.使用TCP ACK扫描远程主机上特定的端口

[root@server1 ~]# nmap -PA -p 22,80 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:02 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.166 seconds

You have new mail in /var/spool/mail/root

26. 使用TCP Syn扫描远程主机上特定的端口

[root@server1 ~]# nmap -PS -p 22,80 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:08 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.165 seconds

You have new mail in /var/spool/mail/root

27.执行一次隐蔽的扫描

[root@server1 ~]# nmap -sS 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:10 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.383 seconds

You have new mail in /var/spool/mail/root

28.使用TCP Syn扫描最常用的端口

[root@server1 ~]# nmap -sT 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:12 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

111/tcp open rpcbind

957/tcp open unknown

3306/tcp open mysql

8888/tcp open sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 0.406 seconds

You have new mail in /var/spool/mail/root

29.执行TCP空扫描以骗过防火墙

[root@server1 ~]# nmap -sN 192.168.0.101

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 19:01 EST

Interesting ports on server2.tecmint.com (192.168.0.101):

Not shown: 1674 closed ports

PORT STATE SERVICE

22/tcp open|filtered ssh

80/tcp open|filtered http

111/tcp open|filtered rpcbind

957/tcp open|filtered unknown

3306/tcp open|filtered mysql

8888/tcp open|filtered sun-answerbook

MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)

Nmap finished: 1 IP address (1 host up) scanned in 1.584 seconds

You have new mail in /var/spool/mail/root

以上就是NMAP的基本使用，我会在第二部分带来NMAP更多的创意选项。至此，敬请关注我们，不要忘记分享您的宝贵意见。

推荐阅读

go
Android 新闻App的本地服务器搭建教程

本文介绍了在开发Android新闻App时，搭建本地服务器的步骤。通过使用XAMPP软件，可以一键式搭建起开发环境，包括Apache、MySQL、PHP、PERL。在本地服务器上新建数据库和表，并设置相应的属性。最后，给出了创建new表的SQL语句。这个教程适合初学者参考。 ... [详细]

蜡笔小新 2023-12-14 17:15:19
post
【译】发送表单数据

这是原文链接：sendingformdata许多情况下，我们使用表单发送数据到服务器。服务器处理数据并返回响应给用户。这看起来很简单，但是 ... [详细]

蜡笔小新 2023-12-14 16:19:10
post
Centos7.6安装Gitlab教程及注意事项

本文介绍了在Centos7.6系统下安装Gitlab的详细教程，并提供了一些注意事项。教程包括查看系统版本、安装必要的软件包、配置防火墙等步骤。同时，还强调了使用阿里云服务器时的特殊配置需求，以及建议至少4GB的可用RAM来运行GitLab。 ... [详细]

蜡笔小新 2023-12-14 14:01:06
post
如何在服务器主机上实现文件共享的方法和工具

本文介绍了在服务器主机上实现文件共享的方法和工具，包括Linux主机和Windows主机的文件传输方式，Web运维和FTP/SFTP客户端运维两种方式，以及使用WinSCP工具将文件上传至Linux云服务器的操作方法。此外，还介绍了在迁移过程中需要安装迁移Agent并输入目的端服务器所在华为云的AK/SK，以及主机迁移服务会收集的源端服务器信息。 ... [详细]

蜡笔小新 2023-12-13 13:23:48
install
在Kubernetes上部署JupyterHub的步骤和实验依赖

本文介绍了在Kubernetes上部署JupyterHub的步骤和实验所需的依赖，包括安装Docker和K8s，使用kubeadm进行安装，以及更新下载的镜像等。 ... [详细]

蜡笔小新 2023-12-14 20:27:14
install
如何实现织梦DedeCms全站伪静态

本文介绍了如何通过修改织梦DedeCms源代码来实现全站伪静态，以提高管理和SEO效果。全站伪静态可以避免重复URL的问题，同时通过使用mod_rewrite伪静态模块和.htaccess正则表达式，可以更好地适应搜索引擎的需求。文章还提到了一些相关的技术和工具，如Ubuntu、qt编程、tomcat端口、爬虫、php request根目录等。 ... [详细]

蜡笔小新 2023-12-14 19:45:47
command
解决Docker中volume的权限问题的方法

在Docker中，将主机目录挂载到容器中作为volume使用时，常常会遇到文件权限问题。这是因为容器内外的UID不同所导致的。本文介绍了解决这个问题的方法，包括使用gosu和suexec工具以及在Dockerfile中配置volume的权限。通过这些方法，可以避免在使用Docker时出现无写权限的情况。 ... [详细]

蜡笔小新 2023-12-14 18:48:02
command
Ubuntu安装常用软件详细步骤

目录1.GoogleChrome浏览器2.搜狗拼音输入法3.Pycharm4.Clion5.其他软件1.GoogleChrome浏览器通过直接下载安装GoogleChro ... [详细]

蜡笔小新 2023-12-12 21:26:41
post
31.项目部署

目录1一些概念1.1项目部署1.2WSGI1.3uWSGI1.4Nginx2安装环境与迁移项目2.1项目内容2.2项目配置2.2.1DEBUG2.2.2STAT ... [详细]

蜡笔小新 2023-12-12 12:15:41
post
MySQL语句大全：创建、授权、查询、修改等【MySQL】的使用方法详解

本文详细介绍了MySQL语句的使用方法，包括创建用户、授权、查询、修改等操作。通过连接MySQL数据库，可以使用命令创建用户，并指定该用户在哪个主机上可以登录。同时，还可以设置用户的登录密码。通过本文，您可以全面了解MySQL语句的使用方法。 ... [详细]

蜡笔小新 2023-12-11 15:34:14
spring
分享css中提升优先级属性!important的用法总结

web前端|css教程css!importantweb前端-css教程本文分享css中提升优先级属性!important的用法总结微信门店展示源码,vscode如何管理站点,ubu ... [详细]

蜡笔小新 2023-12-11 11:25:16
rsa
SpringBoot整合SpringSecurity+JWT实现单点登录

SpringBoot整合SpringSecurity+JWT实现单点登录,Go语言社区,Golang程序员人脉社 ... [详细]

蜡笔小新 2023-12-11 08:21:41
jar
2016 linux发行版排行_灵越7590 安装 linux (manjarognome)

RT之前做了一次灵越7590黑苹果炒作业的文章，希望能够分享给更多不想折腾的人。kawauso：教你如何给灵越7590黑苹果抄作业zhuanlan.z ... [详细]

蜡笔小新 2023-12-10 19:11:07
js
主从数据库架构配置及实验环境搭建方法

本文介绍了在Web应用系统中，数据库性能是导致系统性能瓶颈最主要的原因之一，尤其是在大规模系统中，数据库集群已经成为必备的配置之一。文章详细介绍了主从数据库架构的好处和实验环境的搭建方法，包括主数据库的配置文件修改和设置需要同步的数据库等内容。MySQL的主从复制功能在国内外大型网站架构体系中被广泛采用，本文总结了作者在实际的Web项目中的实践经验。 ... [详细]

蜡笔小新 2023-12-10 12:20:19
uri
GSIOpenSSH PAM_USER 安全绕过漏洞

漏洞名称：GSI-OpenSSHPAM_USER安全绕过漏洞CNNVD编号：CNNVD-201304-097发布时间：2013-04-09 ... [详细]

蜡笔小新 2023-12-10 06:34:54

手机用户2502926851

这个家伙很懒，什么也没留下！

Tags | 热门标签

RankList | 热门文章