日日操夜夜添-日日操影院-日日草夜夜操-日日干干-精品一区二区三区波多野结衣-精品一区二区三区高清免费不卡

官網(wǎng)：

https://nmap.org/

文檔：

Nmap(Network MApper，網(wǎng)絡(luò)映射器)是一款開放源代碼的網(wǎng)絡(luò)探測和安全審核工具，被用來快速掃描大型網(wǎng)絡(luò)，包括主機(jī)探測與發(fā)現(xiàn)、開放的端口情況、操作系統(tǒng)與應(yīng)用服務(wù)指紋識(shí)別、WAF識(shí)別及常見安全漏洞。

圖形化界面：Zenmap

分布式框架：DNmap

特點(diǎn)：

主機(jī)探測

端口掃描

版本檢測

系統(tǒng)檢測

支持探測腳本的編寫：Nmap的腳本引擎(NSE)和Lua編程語言

(share/nmap/scripts)

windows下：

Kali linux 2020.2：

工作原理：

(一切英文說明來源于官方文檔)

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, 
what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running,what type of packet filters/firewalls are in use, and dozens of other characteristics. 
Nmap is commonly used for security audits！

Nmap使用TCP/IP協(xié)議棧對(duì)目標(biāo)主機(jī)進(jìn)行一系列的測試，利用測試結(jié)果建立相應(yīng)目標(biāo)主機(jī)的Nmap指紋，Nmap會(huì)對(duì)指紋進(jìn)行匹配，輸出相應(yīng)的結(jié)果。

When a hostname is given as a target, 
it is resolved via the Domain Name System (DNS) to determine the IP address to scan.
If the name resolves to more than one IP address, only the first one will be scanned.To make Nmap scan all the resolved addresses instead of only the first one, 
use the --resolve-all option.

==========實(shí)驗(yàn)環(huán)境==========

Windows Server 2008：192.168.10.128

Kali Linux 2020.2：192.168.10.133

==========實(shí)驗(yàn)環(huán)境==========

nmap --help					// 版本：7.8

Target Specification：指定掃描目標(biāo)(主機(jī)名、IP地址、網(wǎng)段等)

Can pass hostnames, IP addresses, networks, etc.

Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254

-iL <inputfilename>: Input from list of hosts/networks

如果對(duì)大量的系統(tǒng)進(jìn)行掃描，就可以在文本文件中輸入IP地址（或主機(jī)名），并使用該文件作為輸入。

nmap -iL ip.txt

-iR <num hosts>: Choose random targets(隨機(jī)選擇主機(jī)數(shù)量進(jìn)行掃描)

--exclude <host1[,host2][,host3],...>: Exclude hosts/networks(排除的主機(jī)/網(wǎng)段)

nmap 192.168.10.0/24 --exclude 192.168.10.133

--excludefile <exclude_file>: Exclude list from file(文件中指定排除的主機(jī)/網(wǎng)段)

nmap 192.168.10.0/24 --exclude targets.txt 	// 相對(duì)路徑

Host Discovery(主機(jī)發(fā)現(xiàn))

不使用任何參數(shù)：

nmap 192.168.10.128

If no host discovery options are given, 
Nmap sends an ICMP echo request, a TCP SYN packet to port 443,
a TCP ACK packet to port 80,
and an ICMP timestamp request. (For IPv6, the ICMP timestamp request is omitted because it is not part of ICMPv6.) 
These defaults are equivalent to the -PE -PS443 -PA80 -PP options. The exceptions to this are the ARP (for IPv4) and Neighbor Discovery (for IPv6) scans which are used for any targets on a local ethernet network. 
For unprivileged Unix shell users, 
the default probes are a SYN packet to ports 80 and 443 using the connect system call. 
This host discovery is often sufficient when scanning local networks, 
but a more comprehensive set of discovery probes is recommended for security auditing.

等價(jià)于：

namp -PE -PS443 -PA80 -PP 192.168.10.128

其他：

nmap 192.168.10.128 192.168.10.166 // 掃描多個(gè)目標(biāo)地址
nmap 192.168.10.128-188 // 掃描范圍內(nèi)目標(biāo)地址
nmpa 192.168.10.128/24 // 掃描目標(biāo)地址所在的網(wǎng)段

ping掃描：-sP

Host discovery is sometimes called ping scan,
but it goes well beyond the simple ICMP echo request packets associated with the ubiquitous ping tool.

注意：這里的ping方式，不是ping命令I(lǐng)MCP協(xié)議方式，它發(fā)送一個(gè)arp廣播包請(qǐng)求，是ping echo檢查，但是不會(huì)發(fā)送ICMP、TCP協(xié)議數(shù)據(jù)包給目標(biāo)主機(jī)！

-sP效率非常的快，比ICMP的協(xié)議還快！

-Pn (No ping)：Treat all hosts as online -- skip host discovery

將指定的主機(jī)視作開啟的，跳過主機(jī)發(fā)現(xiàn)的過程。

-PS <port list> (TCP SYN Ping)：TCP SYN Ping掃描

這個(gè)選項(xiàng)發(fā)送一個(gè)設(shè)置了SYN標(biāo)志的空TCP包。
默認(rèn)的目標(biāo)端口是80(在編譯時(shí)可以通過更改nmap.h中的DEFAULT_TCP_PROBE_PORT_SPEC進(jìn)行配置)。

-PA <port list> (TCP ACK Ping)

-PU <port list> (UDP Ping)

-PY <port list> (SCTP INIT Ping)

-PE; -PP; -PM (ICMP Ping Types)：ICMP echo、timestamp、netmask

-PO <protocol list> (IP Protocol Ping)

如果沒有指定協(xié)議，默認(rèn)是為ICMP(協(xié)議1)、IGMP(協(xié)議2)和IP-in-IP(協(xié)議4)發(fā)送多個(gè)IP包。
注意，對(duì)于ICMP、IGMP、TCP(協(xié)議6)、UDP(協(xié)議17)和SCTP(協(xié)議132)，數(shù)據(jù)包發(fā)送時(shí)帶有適當(dāng)?shù)膮f(xié)議標(biāo)頭，
而其他協(xié)議發(fā)送時(shí)除了IP標(biāo)頭之外沒有其他數(shù)據(jù)(除非指定了——data、——data-string或——data-length選項(xiàng))。

-sL (List Scan)：列表掃描，僅列舉指定目標(biāo)的IP，不進(jìn)行主機(jī)發(fā)現(xiàn)。

-sn (No port scan)：只進(jìn)行主機(jī)發(fā)現(xiàn)，不進(jìn)行端口掃描。

-n (No DNS resolution)：禁止解析域名

告訴Nmap不要對(duì)它找到的活動(dòng)IP地址執(zhí)行反向DNS解析。因?yàn)榻馕鏊俣嚷赃@個(gè)選項(xiàng)可以減少掃描的時(shí)間。(多在指定IP地址范圍時(shí)使用)

--resolve-all (Scan each resolved address)

-R (DNS resolution for all targets)：域名解析

告訴Nmap始終對(duì)目標(biāo)IP地址執(zhí)行反向DNS解析

-R -sL

--dns-servers <serv1[,serv2],...>: Specify custom DNS servers(指定DNS服務(wù)器)

--system-dns: Use OS's DNS resolver(使用系統(tǒng)的域名解析器)

--traceroute: Trace hop path to each host(路由跟蹤)