**
Nmap description:
**
a network connection is nmap scanning software, used to scan the Internet computer network connection open. Determine which services to run in what connection, and infers which computer is running the operating system (which is also known as fingerprinting). It is one of the network administrator will use the software, as well as to assess the network security system.
As with most tools are used for network security, nmap is a lot of hackers and hacker (also known as script kiddies) like to use the tool. System administrators can use nmap to detect unauthorized use of the work environment of the server, but hackers will use nmap to collect the target computer's network settings so that the planned method of attack.
Nmap often with software Nessus vulnerability assessment system confused. Nmap in a secret way, to avoid the intrusion detection system monitoring, and does not affect the daily operations of the target system as much as possible. (From Baidu)
**
effect:
**
- Host detection
- Port Scan
- Service version scanning
- Host fingerprint identification system
- Password cracking
- Vulnerability detection
- Create a scan script
**
Instructions:
**
1, panel detects
below my win2003 I scan the host, 172.20.10.14 I win2003 ip address, "1/24" is from 1 to 255, as shown:
Other commands you to try on their own.
2. Port scanning
nmap -F -sT -v 172.20.10.14 FIG effect commands:
(1) Port scan state:
Open: the port is open, for example: When using nmap TCP SYN to the target host a range of port scanning, we know the TCP SYN packet is the first step in establishing TCP connection, so if the target host is returned SYN + ACK message, we believe that this port open and use the TCP service.
Closed: the port is closed. For example: TCP SYN type of scan, if the return type RST packet, the port management in the state. Here we noteworthy that closed ports are also accessible, but there is no upper service listening on this port, and, just in this moment we scan is off, when we scan in another time period, these closed the port may be in the open state.
Filtered (filtered): As the packet fails to reach the designated port, nmap can not determine the status of the port open, mainly due to some network or host firewalls installed it caused. When nmap receive packets icmp host unreachable messages: status (for example, type as 3, code is 13 (communication administratively prohibit) packets) or destination host no answer will often target host is set to filtered.
Unfiltered (unfiltered), when nmap can not determine whether the port is open when the marked state, the difference between this state and filtered in that: unfiltered nmap port can be accessed, but nmap returned messages can not be determined based on the port open state, and filtered ports can be no nmap no direct access. Port is defined as Unfilterd only happen when ack TCP scan type when returned RST packet. The reason and the port is defined as the state is filtered packets containing intercepted firewall device, router rules, or firewall software, you can not send reach port, which manifests itself NMAP sending host receives ICMP error messages, such as: TYPE 3 , code 13 message (communication is considered a prohibited communication administratively prohibited), or the host by repeatedly sending many times did not receive any response).
Open | filtered state, this state can not be distinguished mainly nmap port is open or filtered state status. This state will only appear in the scan type open port of the messages without response, as: udp, ip protocol, TCP null, fin, and xmas scan type.
Closed | filtered state, this state is found in its nmap can not distinguish between port is closed or filtered. This status will only appear in the IP ID idle scan (the type I now do not quite understand, summarize some of the over time) in.
(2) port scan mode:
3. Scan Service version:
Example: nmap -sV 172.20.10.14
see the scan results, we can see nmap scan is quite accurate
4. Host fingerprinting
We try nmap -O 172.20.10.14 effect
5. password cracking
When the specific use, as long as the IP password dictionary location and change the target host on the line. nmap rarely crack this feature with a password, it is important to use port scanning function
- Vulnerability detection
7. Create a scan script
reference blog: https://blog.csdn.net/whatday/article/details/85247901
(1), introduced
in the last article Nmap Scripting Engine principle , we introduced the basic knowledge of the NSE, this based on article describes how to write a simple framework Nmap NSE script file, the next article, Nmap script file analysis (AMQP protocol as an example) will analyze in detail the implementation process Nmap comes with a script, and the meaning of each sentence.
According to an article in the knowledge that we know NSE script writing, mostly written rule function and action, when the function returns true rule, action function to perform.
(2), examples
(1) If an IP port 80 is open Script scan output "This IP open 80 port!" .
We shodan search, that opened the port 92.62.34.104 under 80.
Script http_test.nse, on the Nmap installation path scripts folder below (based on Windows, you can also put other below)
portrule = function(host, port)
return port.protocol == "tcp"
and port.number == 80
and port.state == "open"
end
– The Action Section –
action = function(host, port)
return "This IP ".. host.ip .." open 80 port!"
end
output:
Reference blog: https://blog.csdn.net/m0_37268841/article/details/80234365
strongly recommended Address: Official Nmap Reference Guide (ultra-detailed ) **: https://nmap.org/book/man.html
If infringement, please contact deleted