扫描全端口判断服务
nmap ip -T4 -Pn -sV -p 1-65535 ip
扫描端口并且标记可以爆破的服务
nmap
ip
--script=ftp-brute,imap-brute,smtp-brute,pop3-brute,mongodb-brute,redis-brute,ms-sql-brute,rlogin-brute,rsync-brute,mysql-brute,pgsql-brute,oracle-sid-brute,oracle-brute,rtsp-url-brute,snmp-brute,svn-brute,telnet-brute,vnc-brute,xmpp-brute
判断常见的漏洞并扫描端口
nmap
ip --script=auth,vuln
精确判断漏洞并扫描端口
nmap
ip --script=dns-zone-transfer,ftp-anon,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-
4221
,http-backup-finder,http-cisco-anyconnect,http-iis-short-name-brute,http-put,http-php-version,http-shellshock,http-robots.txt,http-svn-enum,http-webdav-scan,iis-buffer-overflow,iax2-version,memcached-
info
,mongodb-
info
,msrpc-enum,ms-sql-
info
,mysql-
info
,nrpe-enum,pptp-version,redis-
info
,rpcinfo,samba-vuln-cve-
2012
-
1182
,smb-vuln-ms08-
067
,smb-vuln-ms17-
010
,snmp-
info
,sshv1,xmpp-
info
,tftp-enum,teamspeak2-version
批量扫描端口和漏洞检测
nmap
-iL
ip
.txt --script=auth,vuln,ftp-brute,imap-brute,smtp-brute,pop3-brute,mongodb-brute,redis-brute,ms-sql-brute,rlogin-brute,rsync-brute,mysql-brute,pgsql-brute,oracle-sid-brute,oracle-brute,rtsp-url-brute,snmp-brute,svn-brute,telnet-brute,vnc-brute,xmpp-brute > scan.txt