# 对目标192.168.1.1实施服务探测 $ nmap -sV 192.168.1.1 Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-28 21:17 China Standard Time Nmap scan report for 192.168.1.1 Host is up (0.0040s latency). Not shown: 993 closed tcp ports (reset) PORT STATE SERVICE VERSION 21/tcp open ftp D-Link/Comtrend DSL modem ftp firmware update 23/tcp open telnet D-Link DSL-2640B ADSL router telnetd 80/tcp open http 445/tcp open netbios-ssn Samba smbd 4.6.2 8080/tcp open http-proxy ty_httpd 32768/tcp open filenet-tms ? 49152/tcp open upnp Cisco-Linksys E4200 WAP upnpd (UPnP 1.0) MAC Address: 28:93:7D:1D:A7:90 (Sichuan Tianyi Comheart Telecom) Service Info: Device: broadband router; CPE: cpe:/h:dlink:dsl-2640b, cpe:/h:cisco:e4200 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 145.08 seconds
服务探测模式
探测所有端口
–allports: 该选项指定扫描所有端口
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
# 探测所有端口 $ nmap -sV --allports 192.168.1.1 Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-28 23:14 China Standard Time Nmap scan report for TianYi.Home (192.168.1.1) Host is up (0.0042s latency). Not shown: 993 closed tcp ports (reset) PORT STATE SERVICE VERSION 21/tcp open ftp D-Link/Comtrend DSL modem ftp firmware update 23/tcp open telnet D-Link DSL-2640B ADSL router telnetd 80/tcp open http 445/tcp open netbios-ssn Samba smbd 4.6.2 8080/tcp open http-proxy ty_httpd 32768/tcp open filenet-tms? 49152/tcp open upnp Cisco-Linksys E4200 WAP upnpd (UPnP 1.0) MAC Address: 28:93:7D:1D:A7:90 (Sichuan Tianyi Comheart Telecom) Service Info: Device: broadband router; CPE: cpe:/h:dlink:dsl-2640b, cpe:/h:cisco:e4200 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 143.43 seconds
# 对目标主机实施系统探测 $ nmap -Pn -O 192.168.1.4 Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-28 23:31 China Standard Time Nmap scan report for DIAOAN (192.168.1.4) Host is up (0.00048s latency). Not shown: 991 closed tcp ports (reset) PORT STATE SERVICE 25/tcp open smtp 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2179/tcp open vmrdp 3306/tcp open mysql 3389/tcp open ms-wbt-server 5357/tcp open wsdapi 10000/tcp open snet-sensor-mgmt No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=7.92%E=4%D=1/28%OT=25%CT=1%CU=44770%PV=Y%DS=0%DC=L%G=Y%TM=61F40C6 OS:D%P=i686-pc-windows-windows)SEQ(SP=106%GCD=2%ISR=10C%TI=I%CI=I%II=I%SS=S OS:%TS=U)OPS(O1=MFFD7NW8NNS%O2=MFFD7NW8NNS%O3=MFFD7NW8%O4=MFFD7NW8NNS%O5=MF OS:0)ECN(R=Y%DF=Y%T=40%W=FFFF%O=MFFD7NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A= OS:S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=Y OS:%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=40%W=0%S=A%A=O%F=R%O=%RD OS:=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0 OS:%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1 OS:(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=G%RUD=G)IE(R=Y%DFI OS:=N%T=40%CD=Z) Network Distance: 0 hops OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .