nmap扫描工具安装使用介绍

最新推荐文章于 2025-04-09 14:01:14 发布

吉甫作诵

最新推荐文章于 2025-04-09 14:01:14 发布

阅读量2.1k

点赞数

分类专栏： linux 文章标签：运维扫描安全

本文链接：https://blog.csdn.net/fly0512/article/details/109960150

版权

linux 专栏收录该内容

24 篇文章

订阅专栏

本文介绍了Nmap网络扫描工具的安装及使用方法，包括通过ICMP、ARP进行主机发现，TCP/UDP端口扫描，以及服务识别等核心功能。同时提供了详细的命令示例。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

nmap扫描工具安装使用介绍

官网：https://nmap.org

这是一个开源的网络探测工具，可以快速扫描大型网络，也可对单一主机做全端口扫描。

源码安装nmap

在centos7.6上操作安装：

cd /opt
#下载nmap最新版本源码
wget https://nmap.org/dist/nmap-7.91.tar.bz2

参考官方说明安装：

bzip2 -cd nmap-7.91.tar.bz2 | tar xvf -
cd nmap-7.91
./configure
make
su root
make install

rpm安装

#官方提供了的安装包
rpm -vhU https://nmap.org/dist/nmap-7.91-1.x86_64.rpm

安装完成后，验证nmap的版本：

nmap -v
Starting Nmap 7.91 ( https://nmap.org ) at 2020-11-22 17:56 CST
Read data files from: /usr/bin/../share/nmap
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.03 seconds
           Raw packets sent: 0 (0B) | Rcvd: 0 (0B)

使用nmap进行主机发现

通过ICMP的Echo Request（回显请求）。

nmap -v -n -sn -PE 118.250.120.0/24 
#参数说明
#-v指定详细输出；-n指定不进行DNS解析；-sn指定使用ping扫描；-PE指定使用IMCP Echo Request发现主机；118.250.120.0/24 为目标网段
Starting Nmap 7.91 ( https://nmap.org ) at 2020-11-22 17:56 CST
Initiating Ping Scan at 17:56
Scanning 256 hosts [1 port/host]
Completed Ping Scan at 17:57, 10.28s elapsed (256 total hosts)
Nmap scan report for 118.250.120.0 [host down]
...
Nmap scan report for 118.250.120.31
Host is up (0.14s latency).
...
Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (1 host up) scanned in 10.32 seconds
           Raw packets sent: 515 (14.420KB) | Rcvd: 5 (140B)

使用ARP请求发现同局域网主机

nmap -v -n -sn -PR 118.250.120.0/24 
#参数说明
#-PR指定使用ARP Request
he -PR option is deprecated. ARP scan is always done when possible.
Starting Nmap 7.91 ( https://nmap.org ) at 2020-11-22 18:00 CST
Initiating Ping Scan at 18:00
Scanning 256 hosts [4 ports/host]
Completed Ping Scan at 18:00, 4.69s elapsed (256 total hosts)
Nmap scan report for 118.250.120.0
Host is up (0.00029s latency).
Nmap scan report for 118.250.120.1
Host is up (0.00026s latency).
Nmap scan report for 118.250.120.2
Host is up (0.00028s latency).
Nmap scan report for 118.250.120.3
...

使用ARP扫描需要发起机器在目标局域网内。

使用nmap进行TCP/UDP端口扫描

#以tcp connect方法扫描
nmap -v -n -sT --max-retries 1 -p1-65535 118.250.120.5
#参数说明
#-sT指定使用TCP，--max-retries指定重试次数，-p1-65535指定端口范围

#以tcp syn方法扫描
nmap -v -n -sS --max-retries 1 -p1-65535 118.250.120.5
#-sS指定使用TCP SYN方法
nmap -v -n -sS --max-retries 1 -p1-65535 106.55.19.244
Starting Nmap 7.91 ( https://nmap.org ) at 2020-11-22 18:29 CST
Initiating Ping Scan at 18:29
Scanning 106.55.19.244 [4 ports]
Completed Ping Scan at 18:29, 0.02s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 18:29
Scanning 106.55.19.244 [65535 ports]
Discovered open port 139/tcp on 106.55.19.244
Discovered open port 3389/tcp on 106.55.19.244
Discovered open port 135/tcp on 106.55.19.244
Discovered open port 5985/tcp on 106.55.19.244

#进行UDP扫描
nmap -v -n -sU --max-retries 1 -p1-65535 118.250.120.5
#-sU指定进行UDP端口扫描

使用nmap识别应用

nmap -v -n -sV -p5985 106.55.19.244
#-sV识别运行的应用,-p指定端口
Starting Nmap 7.91 ( https://nmap.org ) at 2020-11-22 18:31 CST
NSE: Loaded 45 scripts for scanning.
Initiating Ping Scan at 18:31
Scanning 106.55.19.244 [4 ports]
Completed Ping Scan at 18:31, 0.02s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 18:31
Scanning 106.55.19.244 [1 port]
Discovered open port 5985/tcp on 106.55.19.244
Completed SYN Stealth Scan at 18:31, 0.06s elapsed (1 total ports)
Initiating Service scan at 18:31
Scanning 1 service on 106.55.19.244
Completed Service scan at 18:31, 6.10s elapsed (1 service on 1 host)
NSE: Script scanning 106.55.19.244.
Initiating NSE at 18:31
Completed NSE at 18:31, 0.17s elapsed
Initiating NSE at 18:31
Completed NSE at 18:31, 0.13s elapsed
Nmap scan report for 106.55.19.244
Host is up (0.0043s latency).

PORT     STATE SERVICE VERSION
5985/tcp open  http    Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.97 seconds
           Raw packets sent: 5 (196B) | Rcvd: 8 (312B)

组合使用

nmap -T4 -n -sS -sV -O 106.55.19.244
参数解释：
   -T<0-5> 设置一个时间模板（数字越大速度越快，毋庸置疑快会牺牲扫描质量）
   -n 不做 DNS 解析
   -sS TCP SYN 半连接扫描
   -sV 探测开放端口以确定服务版本信息
   -O 开启操作系统探测