Linux 網路掃瞄工具 — nmap

Nmap 是開源的網路掃描與檢測工具, 對於系統管理員十分實用, 以下是 nmap 的實用例子。

如果系統內沒有安裝 nmap, 可以用系統的套件管理工具安裝:

RHEL, CentOS, Fedora:

# yum install nmap

Debian, Ubuntu:

# apt-get install nmap

安裝 nmap 後, 便可以開始使用 nmap.

掃瞄 IP 地址或 Hostname:

# nmap phpini.com

[[email protected] ~]# nmap server2.tecmint.com

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-26 14:29 HKT
Nmap scan report for phpini.com (104.27.168.11)
Host is up (0.0016s latency).
Other addresses for phpini.com (not scanned): 104.27.169.11
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt

改成 IP 地址:

# nmap 104.27.169.11

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-26 14:30 HKT
Nmap scan report for 104.27.169.11
Host is up (0.0020s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt

Nmap done: 1 IP address (1 host up) scanned in 4.65 seconds

如果加上 -v 參數, 會顯示更為詳細的資訊:

# nmap -v phpini.com

Starting Nmap 5.51 ( http://nmap.org ) at 2015-08-26 14:33 HKT
Initiating Ping Scan at 14:33
Scanning phpini.com (104.27.169.11) [4 ports]
Completed Ping Scan at 14:33, 0.02s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:33
Completed Parallel DNS resolution of 1 host. at 14:33, 0.01s elapsed
Initiating SYN Stealth Scan at 14:33
Scanning phpini.com (104.27.169.11) [1000 ports]
Discovered open port 80/tcp on 104.27.169.11
Discovered open port 8080/tcp on 104.27.169.11
Discovered open port 443/tcp on 104.27.169.11
Discovered open port 8443/tcp on 104.27.169.11
Completed SYN Stealth Scan at 14:33, 4.73s elapsed (1000 total ports)
Nmap scan report for phpini.com (104.27.169.11)
Host is up (0.0018s latency).
Other addresses for phpini.com (not scanned): 104.27.168.11
Not shown: 996 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
8080/tcp open http-proxy
8443/tcp open https-alt

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.84 seconds
Raw packets sent: 2002 (88.064KB) | Rcvd: 7 (308B)

掃瞄多台主機

例如要掃瞄多台主機, 指令是這樣:

# nmap 192.168.1.10 192.168.1.11 192.168.1.12

掃瞄整個 class C 網路:

# nmap 192.168.1.*

# nmap 192.168.1.0/24

掃瞄 192.168.1.121, 192.168.1.125 及 192.168.1.130 三台主機:

# nmap 192.168.1.121,125,130

從檔案讀取主機掃瞄:

# nmap -iL host_list.txt

掃瞄作業系統及服務的版本資訊:

# nmap -A 192.168.1.100

掃瞄主機是否有防火牆:

[r# nmap -sA 192.168.1.100

掃瞄有開機的主機:

# nmap -sP 192.168.1.*

掃瞄埠號, 例如想掃瞄埠號 80:

# nmap -p 80 192.168.1.100

掃瞄多個埠號, 例如掃瞄 80 及 443 埠號:

# nmap -p 80,443 192.168.1.100



Leave a Reply