[root@centos8 ~]#nmap -sP 10.0.0.1-10
Starting Nmap 7.70( https://nmap.org ) at 2022-01-23 12:30 CST
Nmap scan report for10.0.0.1
Host is up (0.000081s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for10.0.0.2
Host is up (0.00034s latency).
MAC Address: 00:50:56:F0:1E:25 (VMware)
Nmap scan report for10.0.0.6
Host is up (0.00031s latency).
MAC Address: 00:0C:29:4D:EF:2C (VMware)
Nmap scan report for10.0.0.7
Host is up (0.00036s latency).
MAC Address: 00:0C:29:29:F9:26 (VMware)
Nmap scan report for10.0.0.8
Host is up.
Nmap done: 10 IP addresses (5 hosts up) scanned in2.89 seconds
批量扫描一个网段的主机存活数
nmap -sP -v 192.168.1.0/24
nmap –v –sn ip/24
有些主机关闭了ping检测,所以可以使用-P0跳过ping的探测,可以加快扫描速度.
nmap -P0 192.168.1.100
扫描主机
nmap –v –A IP
一次性扫描多台目标主机
[root@centos8 ~]#nmap 10.0.0.6 10.0.0.7
Starting Nmap 7.70( https://nmap.org ) at 2022-01-23 12:39 CST
Nmap scan report for10.0.0.6
Host is up (0.00055s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp openssh111/tcp open rpcbind
MAC Address: 00:0C:29:4D:EF:2C (VMware)
Nmap scan report for10.0.0.7
Host is up (0.00050s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp openssh
MAC Address: 00:0C:29:29:F9:26 (VMware)
Nmap done: 2 IP addresses (2 hosts up) scanned in101.01 seconds
从一个文件中导入IP地址,并进行扫描
[root@centos8 ~]#cat hosts.txt10.0.0.7
10.0.0.6
58.87.87.99
[root@centos8 ~]#nmap -iL hosts.txt
Starting Nmap 7.70( https://nmap.org ) at 2022-01-23 12:43 CST
Nmap scan report for10.0.0.7
Host is up (0.0024s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp openssh
MAC Address: 00:0C:29:29:F9:26 (VMware)
Nmap scan report for10.0.0.6
Host is up (0.0032s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp openssh111/tcp open rpcbind
MAC Address: 00:0C:29:4D:EF:2C (VMware)
Nmap scan report for58.87.87.99
Host is up (0.016s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
3306/tcp open mysql
Nmap done: 3 IP addresses (3 hosts up) scanned in120.33 seconds
探测目标主机开放的端口,可指定一个以逗号分隔的端口列表(如-PS22,443,80)
[root@centos8 ~]#nmap -PS22,80,443 10.0.0.1
Starting Nmap 7.70( https://nmap.org ) at 2022-01-23 12:31 CST
Nmap scan report for10.0.0.1
Host is up (0.00042s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8082/tcp open blackice-alerts
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1host up) scanned in12.65 seconds
使用SYN半开放扫描
[root@centos8 ~]#nmap -sS 10.0.0.1
Starting Nmap 7.70( https://nmap.org ) at 2022-01-23 12:33 CST
Nmap scan report for10.0.0.1
Host is up (-0.052s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8082/tcp open blackice-alerts
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1host up) scanned in10.07 seconds
扫描开放了TCP端口的设备
[root@centos8 ~]#nmap -sT 10.0.0.1
Starting Nmap 7.70( https://nmap.org ) at 2022-01-23 12:34 CST
Nmap scan report for10.0.0.1
Host is up (0.00040s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
8082/tcp open blackice-alerts
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1host up) scanned in4.52 seconds
扫描开放了UDP端口的设备
[root@centos8 ~]#nmap -sU 10.0.0.1
Starting Nmap 7.70( https://nmap.org ) at 2022-01-23 12:34 CST
Nmap scan report for10.0.0.1
Host is up (0.00046s latency).
Not shown: 999open|filtered ports
PORT STATE SERVICE
137/udp open netbios-ns
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap done: 1 IP address (1host up) scanned in18.52 seconds
只扫描UDP端口
nmap –e eth1 -sU -O 10.0.0.1
扫描TCP和UDP端口
nmap -sTU -O 10.0.0.1
用于扫描目标主机服务版本号
[root@centos8 ~]#nmap -sV 10.0.0.7
Starting Nmap 7.70( https://nmap.org ) at 2022-01-23 12:37 CST
Nmap scan report for10.0.0.7
Host is up (0.0011s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp openssh OpenSSH 7.4(protocol 2.0)
MAC Address: 00:0C:29:29:F9:26 (VMware)
Service detection performed. Please report any incorrect results at
https://nmap.org/submit/ .
Nmap done: 1 IP address (1host up) scanned in1.97 seconds