Nmap應用

Nmap 是一個開放原始碼的網路掃描與探測工具，可以讓網路管理者掃描整個子網域或主機的連接埠等，功能非常強大。

快速掃描區網並取得MAC(無須root)

nmap -F 192.168.43.0/24 && arp -a

掃描區網

sudo nmap -sP 192.168.43.0/24

加上 -v 參數，會有更詳細的輸出

掃描其中幾台設備，有無提供連線 port

sudo nmap 192.168.43.101 192.168.43.100

Starting Nmap 7.60 ( https://nmap.org ) at 2019-12-21 13:48 CST
Nmap scan report for 192.168.43.101
Host is up (0.028s latency).
Not shown: 999 closed ports
PORT     STATE SERVICE
8022/tcp open  oa-system

Nmap scan report for 192.168.43.100
Host is up (0.00011s latency).
Not shown: 992 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
3389/tcp open  ms-wbt-server
7070/tcp open  realserver
9090/tcp open  zeus-admin

Nmap done: 2 IP addresses (2 hosts up) scanned in 14.10 seconds

偵測作業系統與服務資訊

<pre>nmap -p 80 -A 192.168.43.100

Starting Nmap 7.60 ( https://nmap.org ) at 2019-12-21 13:58 CST
Nmap scan report for 192.168.43.100
Host is up (0.00010s latency).

PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 19.57 seconds
</pre>

掃描有防火牆的主機

掃描在防火牆保護下的主機：

設定firewall 保護

sudo iptables -A INPUT --dport  80 -j DROP
sudo iptables -L | grep http
DROP       tcp  --  anywhere             anywhere             tcp dpt:http

#從192.168.43.101來做nmap
sudo nmap -PN 192.168.43.100

指定 TCP 連接埠 80：

nmap -p T:80 192.168.43.100

指定 UDP 連接埠 53：

nmap -p U:53 192.168.43.100

掃描兩個連接埠：

sudo nmap -p 80,445 192.168.43.100

指定連接埠範圍：

sudo nmap -p 80-3389 192.168.43.100