nmap实用命令

发表于

nmap实用命令

自己总结了几条nmap的实用命令,主要是用来格式化输出,感觉不错,所以记录一下
几个参数

1
2
3
-sS  隐蔽扫描(半开syn)
-sN  不管是否存在直接扫描
-sI 完全隐藏。以一个跳板主机{无流量}扫描另一台主机

最常用

1
nmap -v -sT -sV -Pn

快速扫描

1
nmap -F 192.168.0.101

syn快速扫描指定端口 格式化输出

1
2
3
4
nmap -p80 -PS80 -oG - 10.193.179.0/24 | awk '/open/{print $2}'
10.193.179.9
10.193.179.17
10.193.179.29

syn快速扫描指定端口 格式化输出带域名

1
2
3
4
5
nmap -p80 -PS80 -oG - 10.1.1.0/24 | awk '/open/{print $2 " " $3}'
10.1.1.72 (userA.corp.foocompany.biz)
10.1.1.73 (userB.corp.foocompany.biz)
10.1.1.75 (userC.corp.foocompany.biz)

指定端口扫描 格式化输出

1
2
3
4
nmap -vv -p 80,4848,7001,7002,7071,8000,8001,8002,8080,8081,8888,9999,9043,9080 10.193.179.0/24 | grep "Discovered open port" | awk {'print $6":"$4'} | awk -F/ {'print $1'} 
10.193.179.130:22
10.193.179.130:22

指定域名文件 格式化输出

1
2
3
4
5
6
7
8
9
10
nmap -vv -iL yuming.txt | grep "Discovered open port" | awk {'print $6":"$4'} | awk -F/ {'print $1'} > output.txt
Warning: Hostname baidu.com resolves to 4 IPs. Using 111.13.101.208.
Warning: Hostname www.baidu.com resolves to 2 IPs. Using 119.75.218.70.
119.75.222.122:443
119.75.218.70:443
111.13.101.208:443
119.75.222.122:80
119.75.218.70:80
111.13.101.208:80

1
2
3
从一款扫描器上扒下来的
nmap  -sS -T5 -PP -PE -PM -PI -PA20,53,80,113,443,5060,10043 --host-timeout=300m -O --max-rtt-timeout=3000ms --initial-rtt-timeout=1000ms --min-rtt-timeout=1000ms --max-retries=2 --stats-every 10s --traceroute --min-hostgroup=64 -PS1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,873,888,902,910,912,921,993,995,998,1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3389,3460,3500,3628,3632,3690,3780,3790,3817,4000,4322,4433,4444-4445,4659,4672,4679,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6905,6988,7000-7001,7021,7071,7080,7144,7181,7210,7272,7426,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7879,7902,8000-8001,8008,8014,8020,8023,8028,8030,8080-8082,8087,8090,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8800,8812,8834,8880,8888-8890,8899,8901-8903,9000,9002,9010,9080-9081,9084,9090,9099-9100,9111,9152,9200,9390-9391,9495,9788,9809-9815,9855,9999-10001,10008,10050-10051,10080,10098,10162,10202-10203,10443,10616,10628,11000,11099,11211,11234,11333,12174,12203,12221,12345,12397,12401,13364,13500,13838,14330,15200,16102,17185,17200,18881,19300,19810,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,27000,27017,27888,27960,28222,28784,30000,30718,31001,31099,32764,32913,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48899,49152,50000-50004,50013,50500-50504,52302,55553,57772,62078,62514,65535 --min-rate=500 -PU46303 -p1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,873,888,902,910,912,921,993,995,998,1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3389,3460,3500,3628,3632,3690,3780,3790,3817,4000,4322,4433,4444-4445,4659,4672,4679,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,6000,6050,6060,6070,6080,6101,6106,6112,6262,6379,6405,6502-6504,6542,6660-6661,6667,6905,6988,7000-7001,7021,7071,7080,7144,7181,7210,7272,7426,7443,7510,7579-7580,7700,7770,7777-7778,7787,7800-7801,7879,7902,8000-8001,8008,8014,8020,8023,8028,8030,8080-8082,8087,8090,8095,8161,8180,8205,8222,8300,8303,8333,8400,8443-8444,8503,8800,8812,8834,8880,8888-8890,8899,8901-8903,9000,9002,9010,9080-9081,9084,9090,9099-9100,9111,9152,9200,9390-9391,9495,9788,9809-9815,9855,9999-10001,10008,10050-10051,10080,10098,10162,10202-10203,10443,10616,10628,11000,11099,11211,11234,11333,12174,12203,12221,12345,12397,12401,13364,13500,13838,14330,15200,16102,17185,17200,18881,19300,19810,20010,20031,20034,20101,20111,20171,20222,22222,23472,23791,23943,25000,25025,26000,26122,27000,27017,27888,27960,28222,28784,30000,30718,31001,31099,32764,32913,34205,34443,37718,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48899,49152,50000-50004,50013,50500-50504,52302,55553,57772,62078,62514,65535    10.193.179.0/24

http脚本扫描

1
nmap -sV -p 80 -T4 --script http*,default   baidu.com

nmap脚本列表

1
2
3
4
5
6
7
8
9
10
11
12
13
auth: 负责处理鉴权证书(绕开鉴权)的脚本  
broadcast: 在局域网内探查更多服务开启状况,如dhcp/dns/sqlserver等服务  
brute: 提供暴力破解方式,针对常见的应用如http/snmp等  
default: 使用-sC或-A选项扫描时候默认的脚本,提供基本脚本扫描能力  
discovery: 对网络进行更多的信息,如SMB枚举、SNMP查询等  
dos: 用于进行拒绝服务攻击  
exploit: 利用已知的漏洞入侵系统  
external: 利用第三方的数据库或资源,例如进行whois解析  
fuzzer: 模糊测试的脚本,发送异常的包到目标机,探测出潜在漏洞 intrusive: 入侵性的脚本,此类脚本可能引发对方的IDS/IPS的记录或屏蔽  
malware: 探测目标机是否感染了病毒、开启了后门等信息  
safe: 此类与intrusive相反,属于安全性脚本  
version: 负责增强服务与版本扫描(Version Detection)功能的脚本  
vuln: 负责检查目标机是否有常见的漏洞(Vulnerability),如是否有MS08_067

参考链接

1
2
3
4
https://nmap.org/man/zh/
http://gdd.gd/1159.html
http://www.2cto.com/article/201203/125686.html
http://www.vuln.cn/2444