nmap命令:端口扫描工具 ##################### 简单使用:: nmap .. note:: CentOS使用nmap-ncat.x86_64软件的, nmap与nc命令一样. 而原始的nmap命令是要安装nmap.x86_64软件 :: //进行ping扫描,打印出对扫描做出响应的主机,不做进一步测试(如端口扫描或者操作系统探测) nmap -sP 192.168.1.0/24 //仅列出指定网络上的每台主机,不发送任何报文到目标主机 nmap -sL 192.168.1.0/24 //使用UDP ping探测主机 nmap -PU 192.168.1.0/24 //【常用】SYN扫描,又称为半开放扫描,它不打开一个完全的TCP连接,执行得很快 nmap -sS 192.168.1.0/24 //【常用】当SYN扫描不能用时,TCP Connect()扫描就是默认的TCP扫描 nmap -sT 192.168.1.0/24 //UDP扫描用-sU选项,UDP扫描发送空的(没有数据)UDP报头到每个目标端口 nmap -sU 192.168.1.0/24 //扫描主机scanme.nmap.org中 所有的保留TCP端口。选项-v启用细节模式 nmap -sS -O scanme.nmap.org/24 其他选项:: -p (只扫描指定的端口) //将扫描 UDP 端口53,111,和137,同时扫描列出的TCP端口 -p U:53,111,137,T:21-25,80,139,8080 //探测目标主机开放的端口,可以指定一个以逗号分隔的端口列表(如-PS22,23,25,80) nmap -PS 192.168.1.234 // 确定目标机支持哪些IP协议 (TCP,ICMP,IGMP等): nmap -sO 192.168.1.19 //探测目标主机的操作系统 nmap -O 192.168.1.19 nmap -A 192.168.1.19 实战 ==== 察看指定域名支持的 https 加密套件 --------------------------------- 命令:: $ nmap -script ssl-enum-ciphers www.zhaoweiguo.com 1. 一种结果: 只支持 TLSv1.2, 且加密套件要求严格:: Starting Nmap 7.40 ( https://nmap.org ) at 2021-09-24 18:10 CST Nmap scan report for www.zhaoweiguo.com (39.107.143.41) Host is up (0.025s latency). Not shown: 999 filtered ports PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server |_ least strength: A Nmap done: 1 IP address (1 host up) scanned in 8.51 seconds 2. 另一种结果: 各种加密套件都支持:: Starting Nmap 7.40 ( https://nmap.org ) at 2021-09-24 18:09 CST Nmap scan report for www.zhaoweiguo.com (120.26.164.111) Host is up (0.00038s latency). Not shown: 993 closed ports PORT STATE SERVICE 80/tcp open http 111/tcp open rpcbind 443/tcp open https | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | TLSv1.1: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: client | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CCM (rsa 2048) - A | TLS_RSA_WITH_AES_128_CCM_8 (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CCM (rsa 2048) - A | TLS_RSA_WITH_AES_256_CCM_8 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 2048) - A | compressors: | NULL | cipher preference: client |_ least strength: A 3306/tcp open mysql 7000/tcp open afs3-fileserver 8080/tcp open http-proxy 8082/tcp open blackice-alerts Nmap done: 1 IP address (1 host up) scanned in 2.76 seconds