Nmap network security audit
What is Nmap
Nmap was designed by Gordon Lyon and implemented in 1997 began publishing. Nmap was originally designed purpose only hope to build a powerful port scanning tool. But over time, Nmap function more comprehensive. July 17, 2009, open source network security scanning tool Nmap officially released version 5.00, representing Nmap transition from simple network connection and network security scanning software to all aspects of the tool assembly
Nmap features:
1. Host Discovery : sending a special packet to the target computer composition, then the reaction is determined according to whether it is on the target and connected to the status of the network.
2. Port Scan: Specifies the target computer transmits a special port of data packets, and then it is determined whether the destination port opening in accordance with the reaction.
3. Detection Service and version: sending a special packet to a combination of the target port of the computer, and then detects a service type and version of the service according to the reaction to run its target.
4. The operating system detects: sending a special packet to the target computer composition, then it is detected the operating system type and version of the target in accordance with the reaction.
In addition to these basic functions, Nmap also implement some advanced auditing techniques such as fake identity to initiate scanning side, covert scanning device to circumvent the security and defense objectives, the system security vulnerability detection, and provide comprehensive reporting options. In addition Nmap also launched a powerful scripting engine (NSE).
Nmap installation
Something so simple do not write ...
The basic operation of Nmap
The easiest way is to directly enter the command line:
Nmap 192.168.0.1Here you can take your own Ethernet ip do the test at
the scan results Needless to say, port, port status, running services
Determine the scan range
When know your IP address, how to find other hosts on the network to survive, if our IP address 192.168.0.103, how will this subnet 192.168.0 survival host to find out what
nmap -sn 192.168.0.1-255
By scanning the results we can see three devices in this segment, the results can be found by scanning a tp-link router Ha
To scan the entire subnet
Nmap支持使用CIDR(无类别域间路由)的方式来扫描整个子网
nmap -sn 192.168.0.1/24 我这里是多新连接了一台设备,显示为四台设备,可以看到括号里的内容,我这里是一台oneplus一加手机
对多个不连续的主机进行扫描
Nmap可以一次扫描多个主机,如果这些扫描的地址没有任何关系,那么可以通过将目标地址用空格隔开的方式来同时对这些主机进行扫描
我们根据上面扫描的四个ip进行测试,扫描结果都是一样的这里也就不贴图了
nmap -sn 192.168.0.1 192.168.0.100 192.168.0.101 192.168.0.103在扫描的时候排除指定目标
我们进行批量主机扫描的时候,如果需要排除某些指定主机,可以使用 exclude选项
根据上面扫描子网的方式我这里对路由器进行排除
nmap -sn 192.168.0.1/24 --exclude 192.168.0.100这里语法的先后顺序发生了变化,我感觉上面的这种方式好记一些,只要输上以后nmap会自动变更一下,并无大碍
这里可能要问了,为什么之前扫描子网的时候是192.168.0.1网段,这里就成了192.168.0.0了,因为当我输入192.168.0.1/24进行扫描的时候它可能会认为你要扫描的是192.168.0.1网段,但实际上我们需要的是192.168.0网段,懂我意思就好。
对一个文件文本中的IP地址进行扫描
如果需要经常针对某些IP地址进行扫描的话,每次输入很麻烦,我们这时候就可以把这些IP地址编写到文本中。我这里将四个地址写到了ip.txt文本中,我们使用nmap的 iL参数
nmap -sn -iL ip.txt当然你创建完文档后直接扫描当然是报错的,你需要将编写完的文本放到nmap的文件目录下即可
随机确定扫描目标
nmap中的 iR参数可以随机产生一些目标,然后对其进行扫描,iR参数后跟目标的数量
nmap -sn -iR 10这里建议多扫描一些数量,数量太少的话没法发现存活主机
常见问题
1. If, when you install Nmap to scan prompt Failed time to open device eth0, and for this reason may be because your npcap not the latest version, if you are in the official website to download the latest version of Nmap, that your version of this npcap of it should be 0.9982, 0.9983 normal, then it should be, so you need to go after being given a npcap official website to download the latest version of npcap, then you can, put the pro-test directory under the Nmap
postscript
Will be continually updated to use Nmap, and I am also watching to write learn while, wrong place also please promptly pointed out, not to keep scanning site, host, network security Jinzun law, test use its own address or build a virtual web hosting ...