(1)查看主机当前开放的端口
[root@Mr_chen ~]# nmap 192.168.0.1 #直接接目标主机,默认会扫描1~1000端口 Starting Nmap 5.51 ( ) at 2018-02-28 08:23 EST Nmap scan report for localhost (192.168.0.1) Host is up (0.014s latency). #目标主机正在运行 Not shown: 999 closed ports #999个端口关闭 PORT STATE SERVICE 80/tcp open http #开放的80端口http服务 MAC Address: CC:B2:55:DF:3C:83 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds(2)扫描主机的指定端口
[root@Mr_chen ~]# nmap -p 1024-65535 192.168.0.1 #-p选项指定扫描范围 Starting Nmap 5.51 ( ) at 2018-02-28 08:26 EST Nmap scan report for localhost (192.168.0.1) Host is up (0.039s latency). Not shown: 64511 closed ports PORT STATE SERVICE 1780/tcp open unknown MAC Address: CC:B2:55:DF:3C:83 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 17.46 seconds(3)扫描局域网内所有的IP
[root@Mr_chen ~]# nmap 192.168.0.0/24 #使用网段的格式扫描局域网 Starting Nmap 5.51 ( ) at 2018-02-28 08:29 EST Nmap scan report for localhost (192.168.0.1) Host is up (0.0072s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http MAC Address: CC:B2:55:DF:3C:83 (Unknown) Nmap scan report for localhost (192.168.0.129) Host is up (0.092s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http MAC Address: F0:FE:6B:69:5B:1E (Unknown) Nmap scan report for localhost (192.168.0.133) Host is up (0.33s latency). All 1000 scanned ports on localhost (192.168.0.133) are closed MAC Address: BC:3D:85:FE:3F:DA (Unknown) Nmap scan report for localhost (192.168.0.233) Host is up (0.0000010s latency). Not shown: 999 closed ports PORT STATE SERVICE 22/tcp open ssh Nmap scan report for localhost (192.168.0.254) Host is up (0.00016s latency). Not shown: 992 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 902/tcp open iss-realsecure 912/tcp open apex-mesh 5678/tcp open rrac 10000/tcp open snet-sensor-mgmt MAC Address: 30:B4:9E:74:1B:3B (Unknown) Nmap done: 256 IP addresses (5 hosts up) scanned in 19.27 seconds [root@Mr_chen ~]# nmap -sn 192.168.0.0/24 #使用-sn选项不扫描端口 Starting Nmap 5.51 ( ) at 2018-02-28 08:32 EST Nmap scan report for localhost (192.168.0.1) Host is up (0.0027s latency). MAC Address: CC:B2:55:DF:3C:83 (Unknown) Nmap scan report for localhost (192.168.0.233) Host is up. Nmap scan report for localhost (192.168.0.254) Host is up (0.000071s latency). MAC Address: 30:B4:9E:74:1B:3B (Unknown) Nmap done: 256 IP addresses (3 hosts up) scanned in 2.56 seconds [root@Mr_chen ~]# nmap -sn 192.168.0.232-234 #使用这种地址范围进行扫描 Starting Nmap 5.51 ( ) at 2018-02-28 08:34 EST Nmap scan report for localhost (192.168.0.233) Host is up. Nmap done: 3 IP addresses (1 host up) scanned in 0.81 seconds(4)探测目标主机的服务和操作系统的版本
[root@Mr_chen ~]# nmap -O -sV 192.168.0.1 Starting Nmap 5.51 ( ) at 2018-02-28 08:43 EST Nmap scan report for localhost (192.168.0.1) Host is up (0.0037s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 80/tcp open http Linksys wireless-G WAP http config (Name D-Link Wireless N Router DIR-600M) MAC Address: CC:B2:55:DF:3C:83 (Unknown) Device type: general purpose Running: Linux 2.4.X OS details: Linux 2.4.18 - 2.4.35 (likely embedded) Network Distance: 1 hop Service Info: Device: WAP OS and Service detection performed. Please report any incorrect results at . Nmap done: 1 IP address (1 host up) scanned in 2.93 seconds