nmapの使い方＃１

NWのトラブルシュートメモ
nmap

syntax

nmap [Scan Type(s)] [Options] {target specification}

TARGET SPECIFICATION:

• scanme.nmap.org, microsoft.com/24
• 192.168.0.1, 10.0.0-255.1-254

Scan Type

option	what
-sL	List Scan -- simply list targets to scan
-sn	Ping Scan -- disable port scan
-sP	Ping Scan -- go no further than determining if host is online
-sS/sT/sA/ sW/sM	TCP SYN/Connect()/ACK/ Window/Maimon scans
-sV	Probe open ports to determine service/version info
-sU	UDP Scan
-sO	IP protocol scan -- ICMP,EIGRP,
-b	FTP bounce scan
-n/-R	Never do DNS resolution/Always resolve [default: sometimes]

Options

• -p <port ranges> : Only scan specified ports
  
• -p22
• -p1-65535
• -p U:53,111,137,T:21-25,80,139,8080,S:9
• -O: Enable OS detection
• -P0: Treat all hosts as online -- skip host discovery
• -e <iface>: Use specified interface

sample

1. ping scan

$ nmap -sn 192.168.0.0/24
$ nmap -v -sn 192.168.0.0/24
Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 04:39 JST
Nmap scan report for kddi (192.168.0.1)
Host is up (0.0031s latency).
....

2. port scan

all ports

$ nmap -v -PO localhost
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 5900/tcp on 127.0.0.1
Discovered open port 2968/tcp on 127.0.0.1

speified port only

$ nmap -v -PO -p 22 192.168.0.0/24

post scan & service name

$ nmap -v -sV 192.168.0.110
PORT      STATE  SERVICE       VERSION
22/tcp    open   ssh           OpenSSH 6.6.1 (protocol 2.0)
80/tcp    open   http          Apache httpd 2.4.6 ((CentOS) PHP/5.4.16)
443/tcp   closed https
3333/tcp  open   http          Golang net/http server
3389/tcp  open   ms-wbt-server Microsoft Terminal Service
5432/tcp  closed postgresql
49160/tcp open   ssh           OpenSSH 7.2p2 Ubuntu 4ubuntu2.1 (Ubuntu Linux; protocol 2.0)
49161/tcp open   oracle-tns    Oracle TNS Listener (unauthorized)