码迷,mobileinhere.cn
首页 > windows程序 > 详细

nmap for windows 下命令行使用

时间:2017-06-11 12:59:50      阅读:8141      评论:0      收藏:0      [点我收藏+]

标签:端口扫描   nmap   

从事it方面的工作,无论是开发或运维,当测试某些系统服务端口时,总会遇到tcp或 udp 两种协议。众所周知,tcp 服务端口,可以通过telnet 进行远程测试,而udp 端口,一般来说都会使用nmap,无论是在linux 还是 windows环境下。

在windows 下的nmap软件有图形界面也有命令行模式,但大多数人使用熟练的人,更偏向于命令行模式,因为操作简便而快速。

下载地址:

nmap.org/download.html

技术分享

在windows上安装完毕后,直接运行打开图形界面

技术分享

如何使用命令模式?

1、直接cmd,cd到安装目录下,执行nmap命令

2、修改环境变量,这样随时可执行nmap

在我的电脑-属性-高级-环境变量environment variables-system variables-path

path路径修改:添加完整的安装目录路径,前后用分号隔开。

%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;%systemroot%\system32\windowspowershell\v1.0\;e:\software\bind9.11.1.x64;c:\program files (x86)\nmap;

技术分享

测试命令行扫描udp端口

打开xshell或cmd

扫描dns 114.114.114.114 的udp 53端口,结果是端口state 为 closed

技术分享

扫描dns 8.8.8.8 的udp 53端口,结果是端口state为up

技术分享

当然也可以扫描站点的tcp端口

技术分享

在命令行下,直接输入 nmap ,可查看具体命令使用说明

[c:\~]$ nmap  
nmap 6.46 ( nmap.org )    
usage: nmap [scan type(s)] [options] {target specification}    
target specification:    
  can pass hostnames, ip addresses, networks, etc.    
  ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254    
  -il <inputfilename>: input from list of hosts/networks    
  -ir <num hosts>: choose random targets    
  --exclude <host1[,host2][,host3],...>: exclude hosts/networks    
  --excludefile <exclude_file>: exclude list from file    
host discovery:    
  -sl: list scan - simply list targets to scan    
  -sn: ping scan - disable port scan    
  -pn: treat all hosts as online -- skip host discovery    
  -ps/pa/pu/py[portlist]: tcp syn/ack, udp or sctp discovery to given ports    
  -pe/pp/pm: icmp echo, timestamp, and netmask request discovery probes    
  -po[protocol list]: ip protocol ping    
  -n/-r: never do dns resolution/always resolve [default: sometimes]    
  --dns-servers <serv1[,serv2],...>: specify custom dns servers    
  --system-dns: use os‘s dns resolver    
  --traceroute: trace hop path to each host    
scan techniques:    
  -ss/st/sa/sw/sm: tcp syn/connect()/ack/window/maimon scans    
  -su: udp scan    
  -sn/sf/sx: tcp null, fin, and xmas scans    
  --scanflags <flags>: customize tcp scan flags    
  -si <zombie host[:probeport]>: idle scan    
  -sy/sz: sctp init/cookie-echo scans    
  -so: ip protocol scan    
  -b <ftp relay host>: ftp bounce scan    
port specification and scan order:    
  -p <port ranges>: only scan specified ports    
    ex: -p22; -p1-65535; -p u:53,111,137,t:21-25,80,139,8080,s:9    
  -f: fast mode - scan fewer ports than the default scan    
  -r: scan ports consecutively - don‘t randomize    
  --top-ports <number>: scan <number> most common ports    
  --port-ratio <ratio>: scan ports more common than <ratio>    
service/version detection:    
  -sv: probe open ports to determine service/version info    
  --version-intensity <level>: set from 0 (light) to 9 (try all probes)    
  --version-light: limit to most likely probes (intensity 2)    
  --version-all: try every single probe (intensity 9)    
  --version-trace: show detailed version scan activity (for debugging)    
script scan:    
  -sc: equivalent to --script=default    
  --script=<lua scripts>: <lua scripts> is a comma separated list of    
           directories, script-files or script-categories    
  --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts    
  --script-args-file=filename: provide nse script args in a file    
  --script-trace: show all data sent and received    
  --script-updatedb: update the script database.    
  --script-help=<lua scripts>: show help about scripts.    
           < lua scripts> is a comma-separated list of script-files or    
           script-categories.    
os detection:    
  -o: enable os detection    
  --osscan-limit: limit os detection to promising targets    
  --osscan-guess: guess os more aggressively    
timing and performance:    
  options which take <time> are in seconds, or append ‘ms‘ (milliseconds),    
  ‘s‘ (seconds), ‘m‘ (minutes), or ‘h‘ (hours) to the value (e.g. 30m).    
  -t<0-5>: set timing template (higher is faster)    
  --min-hostgroup/max-hostgroup <size>: parallel host scan group sizes    
  --min-parallelism/max-parallelism <numprobes>: probe parallelization    
  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: specifies    
      probe round trip time.    
  --max-retries <tries>: caps number of port scan probe retransmissions.    
  --host-timeout <time>: give up on target after this long    
  --scan-delay/--max-scan-delay <time>: adjust delay between probes    
  --min-rate <number>: send packets no slower than <number> per second    
  --max-rate <number>: send packets no faster than <number> per second    
firewall/ids evasion and spoofing:    
  -f; --mtu <val>: fragment packets (optionally w/given mtu)    
  -d <decoy1,decoy2[,me],...>: cloak a scan with decoys    
  -s <ip_address>: spoof source address    
  -e <iface>: use specified interface    
  -g/--source-port <portnum>: use given port number    
  --proxies <url1,[url2],...>: relay connections through http/socks4 proxies    
  --data-length <num>: append random data to sent packets    
  --ip-options <options>: send packets with specified ip options    
  --ttl <val>: set ip time-to-live field    
  --spoof-mac <mac address/prefix/vendor name>: spoof your mac address    
  --badsum: send packets with a bogus tcp/udp/sctp checksum    
output:    
  -on/-ox/-os/-og <file>: output scan in normal, xml, s|<ript kiddi3,    
     and grepable format, respectively, to the given filename.    
  -oa <basename>: output in the three major formats at once    
  -v: increase verbosity level (use -vv or more for greater effect)    
  -d: increase debugging level (use -dd or more for greater effect)    
  --reason: display the reason a port is in a particular state    
  --open: only show open (or possibly open) ports    
  --packet-trace: show all packets sent and received    
  --iflist: print host interfaces and routes (for debugging)    
  --log-errors: log errors/warnings to the normal-format output file    
  --append-output: append to rather than clobber specified output files    
  --resume <filename>: resume an aborted scan    
  --stylesheet <path/url>: xsl stylesheet to transform xml output to html    
  --webxml: reference stylesheet from nmap.org for more portable xml    
  --no-stylesheet: prevent associating of xsl stylesheet w/xml output    
misc:    
  -6: enable ipv6 scanning    
  -a: enable os detection, version detection, script scanning, and traceroute    
  --datadir <dirname>: specify custom nmap data file location    
  --send-eth/--send-ip: send using raw ethernet frames or ip packets    
  --privileged: assume that the user is fully privileged    
  --unprivileged: assume the user lacks raw socket privileges    
  -v: print version number    
  -h: print this help summary page.    
examples:    
  nmap -v -a scanme.nmap.org    
  nmap -v -sn 192.168.0.0/16 10.0.0.0/8    
  nmap -v -ir 10000 -pn -p 80    
see the man page (nmap.org/book/man.html) for more options and examples

nmap for windows 下命令行使用

标签:端口扫描   nmap   

原文地址:talk1985.blog.51cto.com/1175287/1934186

(1)
(7)
   
举报
评论 一句话评论(0
0条  
登录后才能评论!
2014 mobileinhere.cn 版权所有 京icp备13008772号-2
华人娱乐注册