nmap典型用法
[root@node01 ~]# nmap 192.168.1.220
Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-21 13:08 CST
Nmap scan report for 192.168.1.220
Host is up (0.00012s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:C5:19:99 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
由输出可知,192.168.1.220主机处于UP状态,并且主机开放了22端口,同时还侦测到端口对应的服务,最后还给出了目标主机网卡的MAC地址。
了解目标主机的更多信息。
[root@node01 ~]# nmap -T4 -A -v 192.168.1.220
Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-21 13:12 CST
NSE: Loaded 110 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 13:12
Scanning 192.168.1.220 [1 port]
Completed ARP Ping Scan at 13:12, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:12
Completed Parallel DNS resolution of 1 host. at 13:12, 0.01s elapsed
Initiating SYN Stealth Scan at 13:12
Scanning 192.168.1.220 [1000 ports]
Discovered open port 22/tcp on 192.168.1.220
Completed SYN Stealth Scan at 13:12, 0.05s elapsed (1000 total ports)
Initiating Service scan at 13:12
Scanning 1 service on 192.168.1.220
Completed Service scan at 13:12, 0.04s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against 192.168.1.220
Retrying OS detection (try #2) against 192.168.1.220
Retrying OS detection (try #3) against 192.168.1.220
Retrying OS detection (try #4) against 192.168.1.220
Retrying OS detection (try #5) against 192.168.1.220
NSE: Script scanning 192.168.1.220.
Initiating NSE at 13:13
Completed NSE at 13:13, 0.08s elapsed
Nmap scan report for 192.168.1.220
Host is up (0.00089s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey: 2048 e5:a6:1b:ba:13:4e:84:7e:21:2e:4f:23:f6:0e:a8:80 (RSA)
|_256 6c:e7:fe:f6:b4:a6:b1:e4:04:47:fc:6b:e6:51:55:8b (ECDSA)
MAC Address: 00:0C:29:C5:19:99 (VMware)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.40%E=4%D=3/21%OT=22%CT=1%CU=33000%PV=Y%DS=1%DC=D%G=Y%M=000C29%T
OS:M=5E75A260%P=x86_64-redhat-linux-gnu)SEQ(SP=106%GCD=1%ISR=10E%TI=Z%TS=A)
OS:OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4
OS:ST11NW7%O6=M5B4ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)
OS:ECN(R=Y%DF=Y%T=40%W=7210%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%
OS:F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T
OS:5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=
OS:Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF
OS:=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40
OS:%CD=S)
Uptime guess: 0.004 days (since Sat Mar 21 13:07:06 2020)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE
HOP RTT ADDRESS
1 0.89 ms 192.168.1.220
NSE: Script Post-scanning.
Initiating NSE at 13:13
Completed NSE at 13:13, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.57 seconds
Raw packets sent: 1111 (52.918KB) | Rcvd: 1072 (46.334KB)
-A:用于开启全面扫描,
-T4:指定扫描过程中使用的时序的模板,总共有6个等级(0~5),等级越高扫描速度越快,但也越容易被防火墙或者入侵检测设备发现并屏蔽,推荐使用-T4。
-v:显示扫描细节。
第一部分是对主机是否在线的扫描
Host is up (0.00068s latency).
第二部分是对端口进行扫描,在默认情况下nmap会扫描1000个最有可能会开放的端口,因为只扫描到22号端口是开放的,所以在输出中会显示
Not shown: 999 closed ports
第三部分是对端口上运行的服务以及版本号进行统计
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
| ssh-hostkey: 2048 e5:a6:1b:ba:13:4e:84:7e:21:2e:4f:23:f6:0e:a8:80 (RSA)
|_256 6c:e7:fe:f6:b4:a6:b1:e4:04:47:fc:6b:e6:51:55:8b (ECDSA)
第四部分是对操作系统类型和版本进行探测。
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
第五部分是对目标主机路由跟踪信息。
TRACEROUTE
HOP RTT ADDRESS
1 0.75 ms 192.168.1.220
nmap主机发现方法
| 选项 | |
|---|---|
| -sn | 只进行主机发现扫描,不进行端口扫描 |
| -Pn | 路过主机发现扫描,将所有指定的主机都视为在线状态,进行端口扫描 |
| -sL | 仅仅列出指定主机的IP地址,不进行主机发现扫描 |
| -PS/PA/PU/PY[printlist] | 指定nmap使用TCP SYN、TCP ACK、UDP、SCTP方式进行主机发现,例如:nmap -PS80,21 |
| -PE/PP/PM | 指定nmap使用ICMP echo、timestamp、netmask请求报文发现主机。 |
| -PO | 使用ip协议包探测目标主机是否在线, |
| -n/-R | 指定是否使用DNS解析,其中-n表示不进行dns解析,-R表示总是进行DNS解析 |
比较常用的是-sn和-Pn,
[root@node01 ~]# nmap -sn -PE -PS22,80 -PU53 www.baidu.com
Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-21 13:47 CST
Nmap scan report for www.baidu.com (39.156.66.14)
Host is up (0.019s latency).
Other addresses for www.baidu.com (not scanned): 39.156.66.18
Nmap done: 1 IP address (1 host up) scanned in 6.59 seconds
nmap端口扫描
侦测到的端口状态分为6种状态。
端口扫描的用法
[root@node01 ~]# nmap -sS -sU -F www.baidu.com
Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-21 14:09 CSTNmap scan report for www.baidu.com (39.156.66.18)Host is up (0.013s latency).Other addresses for www.baidu.com (not scanned): 39.156.66.14Not shown: 100 open|filtered ports, 98 filtered portsPORT STATE SERVICE80/tcp open http443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 10.13 seconds
-sS:使用TCP SYN扫描TCP端口
-sU:扫描UDP端口
-F:表示使用快速扫描方式,扫描最有可能开放的前100个端口,(TCP、UDP各一百个端口)
nmap版本侦测
[root@node01 ~]# nmap -sV www.baidu.com
Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-21 14:15 CSTNmap scan report for www.baidu.com (39.156.66.18)Host is up (0.016s latency).Other addresses for www.baidu.com (not scanned): 39.156.66.14Not shown: 998 filtered portsPORT STATE SERVICE VERSION80/tcp open http-proxy sslstrip443/tcp open ssl/http-proxy sslstrip
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 27.15 seconds
nmap操作系统侦测
[root@node01 ~]# nmap -O --osscan-guess 192.168.1.220
Starting Nmap 6.40 ( http://nmap.org ) at 2020-03-21 14:18 CSTNmap scan report for 192.168.1.220Host is up (0.00078s latency).Not shown: 999 closed portsPORT STATE SERVICE22/tcp open sshMAC Address: 00:0C:29:C5:19:99 (VMware)Aggressive OS guesses: Linux 2.6.32 - 3.9 (96%), Netgear DG834G WAP or Western Digital WD TV media player (96%), Linux 2.6.32 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6) (94%), Linux 2.6.32 - 2.6.35 (94%), Linux 2.6.32 - 3.2 (94%), Linux 3.0 - 3.9 (93%), Linux 2.6.32 - 3.6 (93%)No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).TCP/IP fingerprint:OS:SCAN(V=6.40%E=4%D=3/21%OT=22%CT=1%CU=44396%PV=Y%DS=1%DC=D%G=Y%M=000C29%TOS:M=5E75B1D5%P=x86_64-redhat-linux-gnu)SEQ(SP=104%GCD=1%ISR=10D%TI=Z%II=I%OS:TS=A)SEQ(SP=104%GCD=1%ISR=10D%TI=Z%TS=A)OPS(O1=M5B4ST11NW7%O2=M5B4ST11NWOS:7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)WIN(W1=7120%OS:W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M5B4NOS:NSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=OS:Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AOS:R%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=4OS:0%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=OS:G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 12.21 seconds
零基础入门网络安全
【----帮助网安学习,以下所有学习资料文末免费领取!----】
> ① 网安学习成长路径思维导图
> ② 60+网安经典常用工具包
> ③ 100+SRC漏洞分析报告
> ④ 150+网安攻防实战技术电子书
> ⑤ 最权威CISSP 认证考试指南+题库
> ⑥ 超1800页CTF实战技巧手册
> ⑦ 最新网安大厂面试题合集(含答案)
> ⑧ APP客户端安全检测指南(安卓+IOS)
大纲
首先要找一份详细的大纲。
学习教程
第一阶段:零基础入门系列教程
该阶段学完即可年薪15w+
第二阶段:技术入门
弱口令与口令爆破
XSS漏洞
CSRF漏洞
SSRF漏洞
XXE漏洞
SQL注入
任意文件操作漏洞
业务逻辑漏洞
该阶段学完年薪25w+
阶段三:高阶提升
反序列化漏洞
RCE
综合靶场实操项目
内网渗透
流量分析
日志分析
恶意代码分析
应急响应
实战训练
该阶段学完即可年薪30w+
面试刷题
最后,我其实要给部分人泼冷水,因为说实话,上面讲到的资料包获取没有任何的门槛。
但是,我觉得很多人拿到了却并不会去学习。
大部分人的问题看似是“如何行动”,其实是“无法开始”。
几乎任何一个领域都是这样,所谓“万事开头难”,绝大多数人都卡在第一步,还没开始就自己把自己淘汰出局了。
如果你真的确信自己喜欢网络安全/黑客技术,马上行动起来,比一切都重要。
资料领取
上述这份完整版的网络安全学习资料已经上传网盘,朋友们如果需要可以微信扫描下方二维码 ↓↓↓ 或者 点击以下链接都可以领取
扫一扫
938
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
