Nmap网络安全扫描器说明(5)

/ns/cn/tool/data/20020804014334.htm

Nmap网络安全扫描器说明(5)


作者：作者：Fyodor 译者：quack
发布日期：2002-2-6
上传日期：2002-2-6
来源：不详


扫描范例
--------*

这里是一些运用nmap的扫描范例，从最简单普通的到有一些复杂的例子都有。注意这里有真实的数字以及
一些真实的域名――这样可以让扫描行为看起来更具体。在这里你可以用自己的网络里的名称代替其中的
addresses/names。虽然端口扫描的结果分析可能会使某些人容易攻击，但我不认为它是不合法的,我曾经
扫描过成百上千的机器但只收到一次抱怨。但我不是律师而一些（anal)人们对nmap探测觉得烦恼，所以最
好在取得允许后扫描或者――冒险，后果由你自己承担。

nmap -v target.example.com

这样对target.example.com上所有的保留TCP端口做了一次扫描，-v表示用详细模式。

nmap -sS -O target.example.com/24

这将开始一次SYN的半开扫描，针对的目标是target.example.com所在的C类子网，它还试图确定在其上运
行的是什么系统。这需要root权限，因为用到了半开扫描以及系统侦测。

nmap -sX -p 22,53,110,143,4564 128.210.*.1-127

发送一个Xmas tree扫描到B类128.210所在子网的一半范围内，我们将检测系统是否运行sshd, DNS,
pop3d, imapd, 或者端口4564。要注意由于微软TCP堆栈的不完善，Xmas扫描将不能在其平台上运行成功，
同样的问题可能存在于CISCO, IRIX, HP/UX, 和BSDI。

nmap -v -p 80 '*.*.2.3-5'

这是定位一个网域（将整个网络分隔成许多小部份）再进行扫描的方式，这里扫描的是所有以.2.3,.2.4,
或.2.5结束的IP地址。如果你是ROOT的话也可以用-sS。同样的你可以从127开始搜寻更多有趣的机器，你
可以用'127-222'替代前面的星号――恕我直言，那个区域有着大量有趣的机器。

host -l company.com | cut '-d ' -f 4 | ./nmap -v -i -

做一个DNS zone transfer来寻找在company.com进而的主机并且将IP地址送至nmap(feed the IP
addresses to nmap)。这个命令是在我的GNU/Linux平台下运行的，你可能需要用不同的选项参数或者不同
的操作系统。


臭虫
----*
臭虫？有什么臭虫？如果你找到了，请告诉我，修订版将会更完善:)，记住要连同OS的“指印”一起给我，
这样我才能有足够的数据进行修改……

作者
----*

Fyodor <fyodor@dhp.com>

发放
----*

最新版本的nmap可以从以下URL获得（以下为版权信息）

http://www.insecure.org/nmap/

nmap is (C) 1997,1998,1999 by Fyodor (fyodor@dhp.com, fyodor@insecure.org)

libpcap is also distributed along with nmap. It is copy-righted by Van Jacobson, Craig Leres
and Steven McCanne,all of the Lawrence Berkeley National Laboratory, University of
California, Berkeley, CA.The Version distributed with nmap may be modified,pristine sources
are available from ftp://ftp.ee.lbl.gov/libpcap.tar.Z .

This program is free software; you can redistribute it and/or modify it under the terms of
the GNU General Public License as published by the Free Software Foundation; Version 2. This
guarantees your right to use, modify, and redistribute Nmap under certain conditions. If this
license is unacceptable to you, Insecure.Org may be willing to sell alternative licenses
(contact fyodor@dhp.com).

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
the GNU General Public License for more details (it is in the COPYING file of the nmap
distribution).

It should also be noted that Nmap has been known to crash certain poorly written
applications, TCP/IP stacks, and even operating systems. Nmap should never be run against
mission critical systems unless you are prepared to suffer downtime. We acknowledge here that
Nmap may crash your systems or networks and we disclaim all liability for any damage or
problems Nmap could cause.

All versions of Nmap equal to or greater than 2.0 are believed (through informal testing) to
be Year 2000 (Y2K) compliant in all respects. That being said, we reiterate that Nmap comes
with no warranty. There is no reason to believe versions earlier than 2.0 are susceptible to
problems, but we have not tested them.


附：

nmap的运行平台
--------------*

可移植性
NMAP发展于LINUX下，但现在可以在许多平台上运行。这得感谢Lamont Granquist
<lamontg@u.washington.edu>他为NMAP自动控制台运行于许多我无法存取的平台做出了巨大的帮助。下面
是支持NAMP运行的系统的简表：

OS Compiles TCP scan (-sT) SYN scan (-sS) FIN scan (-sF) Frag scan (-f) OS Detection (-O)
Linux Yes! Yes! Yes! Yes! Yes! Yes!
FreeBSD Yes! Yes! Yes! Yes! Yes! Yes!
OpenBSD Yes! Yes! Yes! Yes! Yes! Yes!
NetBSD Yes! Yes! Yes! Yes! Yes! Yes!
Solaris 2.4-7 Yes! Yes! Yes! Yes! No :( Yes!
SunOS4.1.4 w/gcc Yes! Yes! Yes! Yes! No :( Yes!
IRIX 5.3-6.4 Yes! Yes! Yes! Yes! No :( Yes!
HP/UX 10.20 Yes! Yes! Yes! Yes! Yes! Unknown
BSDI 2.1 and up Yes! Yes! Yes! Yes! Unknown Yes!
AIX(use cc,not gcc) Yes! Yes! No :( No :( No :( No :(
Digital UNIX/Alpha Yes! Yes! POSSIBLE KERNEL PANIC!
Cray UNICOS 10.0 Yes! Yes! No :( No :( No :( No :(