nmap [Scan Type...] [Options] {target specification}
-O #激活探测操作 -P0 #只进行扫描,不ping主机 -PT #是同TCP的ping -sV #显示服务版本信息 -sP #ping扫描,仅发现目标主机是否存活 -ps #发送同步(SYN)报文 -PU #发送udp ping -PE #强制执行直接的ICMPping -PB #默认模式 -6 #使用IPv6地址 -v #详细信息 -d #增加调试信息地输出 -A #使用所有高级扫描选项 --resume #恢复(继续上次)中止的扫描 -P #指定要扫描的端口,可以是一个端口,用逗号隔开多个端口,使用“-”表示端口范围 -e #在多网络接口Linux系统中,指定扫描使用的网络接口 -g #将指定的端口作为源端口进行扫描 --ttl #指定发送的扫描报文的生存期 --packet-trace #显示扫描过程中收发报文统计 --scanflags #设置在扫描报文中的TCP标志 --send-eth/--send-ip #使用原始以太网发送/构造指定IP发送
[root@CentOS7-1 ~]# nmap -A www.baidu.com Starting Nmap 6.40 ( http://nmap.org ) at 2021-03-13 04:30 EST Nmap scan report for www.baidu.com ( Host is up (0.012s latency). Other addresses for www.baidu.com (not scanned): Not shown: 998 filtered ports PORT STATE SERVICE VERSION 80/tcp open http-proxy sslstrip |_http-methods: No Allow or Public header in OPTIONS response (status code 302) | http-robots.txt: 10 disallowed entries | /baidu /s? /ulink? /link? /home/news/data/ /bh /shifen/ |_/homepage/ /cpro / |_http-title: xE7x99xBExE5xBAxA6xE4xB8x80xE4xB8x8BxEFxBCx8CxE4xBDxA0xE5xB0xB1xE7x9FxA5xE9x81x93 443/tcp open ssl/http-proxy sslstrip |_http-methods: No Allow or Public header in OPTIONS response (status code 302) | http-robots.txt: 10 disallowed entries | /baidu /s? /ulink? /link? /home/news/data/ /bh /shifen/ |_/homepage/ /cpro / |_http-title: Site doesn't have a title (text/html). | ssl-cert: Subject: commonName=baidu.com/organizationName=Beijing Baidu Netcom Science Technology Co., Ltd/stateOrProvinceName=beijing/countryName=CN | Not valid before: 2020-04-02T06:04:58+00:00 |_Not valid after: 2021-07-26T04:31:02+00:00 |_ssl-date: 2021-03-16T03:14:21+00:00; +2d17h43m18s from local time. | tls-nextprotoneg: |_ http/1.1 Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|switch Running (JUST GUESSING): AVtech embedded (88%), HP embedded (86%) OS CPE: cpe:/h:hp:procurve_switch_4000m Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (88%), HP 4000M ProCurve switch (J4121A) (86%) No exact OS matches for host (test conditions non-ideal). Network Distance: 10 hops TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 0.97 ms 2 4.96 ms 3 ... 9 10 15.25 ms OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 37.64 seconds
TCP 端口扫描
[root@CentOS7-1 ~]# nmap -sT Starting Nmap 6.40 ( http://nmap.org ) at 2021-03-13 04:32 EST Nmap scan report for Host is up (0.00037s latency). Not shown: 999 closed ports PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
[root@CentOS7-1 ~]# nmap -p 1-65535 -T4 -A -v Starting Nmap 6.40 ( http://nmap.org ) at 2021-03-13 04:33 EST NSE: Loaded 110 scripts for scanning. NSE: Script Pre-scanning. Initiating Parallel DNS resolution of 1 host. at 04:33 Completed Parallel DNS resolution of 1 host. at 04:33, 0.00s elapsed Initiating SYN Stealth Scan at 04:33 Scanning [65535 ports] Discovered open port 22/tcp on Discovered open port 19999/tcp on Completed SYN Stealth Scan at 04:33, 6.82s elapsed (65535 total ports) Initiating Service scan at 04:33 Scanning 2 services on Completed Service scan at 04:33, 19.10s elapsed (2 services on 1 host) Initiating OS detection (try #1) against NSE: Script scanning Initiating NSE at 04:34 Completed NSE at 04:34, 0.14s elapsed Nmap scan report for Host is up (0.000032s latency). Not shown: 65533 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4 (protocol 2.0) | ssh-hostkey: 2048 37:71:8e:4a:db:cc:ac:29:f2:a2:20:93:23:8c:f6:e8 (RSA) |_256 cc:4b:7d:b6:59:0f:77:83:a9:a5:32:70:4e:87:0d:41 (ECDSA) 19999/tcp open unknown 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port19999-TCP:V=6.40%I=7%D=3/13%Time=604C86FA%P=x86_64-redhat-linux-gnu SF:%r(GenericLines,190,"HTTP/1.1x20400x20Badx20RequestrnConnection: SF:x20closernServer:x20NetDatax20Embeddedx20HTTPx20Serverx20v1.29 SF:.3rnAccess-Control-Allow-Origin:x20*rnAccess-Control-Allow-Creden SF:tials:x20truernContent-Type:x20text/plain;x20charset=utf-8rnDate SF::x20Sat,x2013x20Marx202021x2009:33:46x20GMTrnCache-Control:x20 SF:no-cache,x20no-store,x20must-revalidaternPragma:x20no-cachernExp SF:ires:x20Sat,x2013x20Marx202021x2009:33:47x20GMTrnContent-Length SF::x2027rnrnIx20don'tx20understandx20you...rn")%r(GetRequest SF:,5580,"HTTP/1.1x20200x20OKrnConnection:x20closernServer:x20Net SF:Datax20Embeddedx20HTTPx20Serverx20v1.29.3rnAccess-Control-Allow SF:-Origin:x20*rnAccess-Control-Allow-Credentials:x20truernContent- SF:Type:x20text/html;x20charset=utf-8rnDate:x20Tue,x2009x20Febx202 SF:021x2010:11:54x20GMTrnCache-Control:x20publicrnExpires:x20Sun, SF:x2014x20Marx202021x2009:33:46x20GMTrnContent-Length:x2085228rn SF:rnnetdatax20dash SF:board SF: UDP 端口扫描
[root@CentOS7-1 ~]# nmap -sU Starting Nmap 6.40 ( http://nmap.org ) at 2021-03-13 04:34 EST Nmap scan report for Host is up (0.0000040s latency). All 1000 scanned ports on are closed Nmap done: 1 IP address (1 host up) scanned in 1.65 seconds至此关于Linux常用命令nmap命令的使用方法分享结束,大家如果对nmap命令的使用方法还有问题可以通过评论区将问题提交我们。
