nmap简介
一款强大的网络探测利器工具
支持多种探测技术
ping 扫描
多端口扫描
TCP/IP指纹校验

nmap 扫描类型 选项 扫描目标

部署nmap 环境

语法格式 ：nmap 扫描类型 选项 扫描目标

nmap -sP 172.25.0.11 //测试172.25.0.11是否开启

Starting Nmap 6.40 ( http://nmap.org ) at 2018-09-07 16:44 CST
Nmap scan report for server0 (172.25.0.11)
Host is up (0.00018s latency).
MAC Address: 52:54:00:00:00:0A (QEMU Virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds

//host is up ip地址开启 ， 用时 0.04秒

nmap -sP 172.25.0.0/24 //测试 172.25.0.0网段有哪些机器是活的

Starting Nmap 6.40 ( http://nmap.org ) at 2018-09-07 16:48 CST
Nmap scan report for server0 (172.25.0.11)
Host is up (0.00010s latency).
MAC Address: 52:54:00:00:00:0A (QEMU Virtual NIC)
Nmap scan report for 172.25.0.250
Host is up.
Nmap done: 256 IP addresses (2 hosts up) scanned in 5.47 seconds
查看 172.25.0.11 开启的所有端口
nmap -sT 172.25.0.11

Starting Nmap 6.40 ( http://nmap.org ) at 2018-09-07 16:52 CST
Nmap scan report for server0 (172.25.0.11)
Host is up (0.020s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 52:54:00:00:00:0A (QEMU Virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 12.45 seconds
扫描 172.25.0.0网段 开启了哪些端口

nmap -sT 172.25.0.0/24

MAC Address: 52:54:00:00:00:0A (QEMU Virtual NIC)

Nmap scan report for 172.25.0.250
Host is up (0.00046s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
2049/tcp open nfs
5900/tcp open vnc

检查192.168.4.0/24网段内哪些主机开启了FTP、SSH服务
[root@proxy ~]# nmap -p 21-22 192.168.4.0/24
Starting Nmap 5.51 ( http://nmap.org ) at 2017-05-17 18:00 CST
Nmap scan report for 192.168.4.1
Host is up (0.000025s latency).
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
Nmap scan report for 192.168.4.7
Host is up.
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp filtered ssh