Главная

Monday, 13 June 2022

Nmap scanning and discovering.

Всем привет.

Сегодня у нас вторая часть из серии "Анализ сетевых пакетов" и сегодня оперируем Nmap.

Nmap (network mapper) is an open source tool for network traffic analysis and security auditing. 

It uses raw network packets to determine:

  • what hosts are available on networks,
  • what services (application name and versions),
  • what operating systems and OS versions they are running,
  • what type of packet filters/firewalls are in use,

 and many more...


Single Target Scanning:

## Scan a single ip address ###

nmap 192.168.1.1


## Scan a host name ###

nmap www.google.com


## Scan a host name with more info###

nmap –v myhost.ieu.edu.tr


Multiple Target Scanning:

nmap 192.168.1.1 192.168.1.2 192.168.1.3

nmap 192.168.1.1,2,3


## You can scan a range of IP address:

nmap 192.168.1.1-20 


## IP address range using a wildcard:

nmap 192.168.1.* 


## Read list of hosts/networks from a file:

namp –iL ./hosts.txt


More Nmap Commands: 

## Detect OS and OS version

nmap -A 192.168.1.254

nmap -v -A 192.168.1.1

nmap -A -iL /tmp/scanlist.txt 


## Is a host/network protected by a firewall

nmap -sA 192.168.1.254


## Scan it  when protected by the firewall

nmap -PN 192.168.1.1


## host discovery or ping scan:

nmap -sP 192.168.1.0/24


## perform a fast scan

nmap -F 192.168.1.1


## Show only open ports

nmap --open 192.168.1.1


## Show all packets sent and received

nmap --packet-trace 192.168.1.1


Show host interfaces and routes

nmap --iflist


Show host interfaces and routes

nmap --iflist


Scan Specific ports: 

nmap -p [port] hostName


## Scan port 80

nmap -p 80 192.168.1.1

 

## Scan TCP port 80

nmap -p T:80 192.168.1.1

 

## Scan UDP port 53

nmap -p U:53 192.168.1.1


## Scan two ports ##

nmap -p 80,443 192.168.1.1


## Scan port ranges ##

nmap -p 80-200 192.168.1.1


## Combine all options ##

nmap -p U:53,111,137,T:21-25,80,139,8080 192.168.1.1

nmap -v -sU -sT -p U:53,111,137,T:21-25,80,139,8080 192.168.1.254 


## Scan all ports with * wildcard:

nmap -p  *  192.168.1.1


## Scan top 10 most common ports ##

nmap --top-ports 10 192.168.1.1 


Host Discovery #1:

## host discovery or ping scan:

nmap -sP 192.168.1.0/24


Host 192.168.1.1 is up (0.00035s latency).

MAC Address: BC:AE:C5:C3:16:93 (Unknown)

Host 192.168.1.2 is up (0.0038s latency).

MAC Address: 74:44:01:40:57:FB (Unknown)

Host 192.168.1.5 is up.

Host nas03 (192.168.1.12) is up (0.0091s latency).

MAC Address: 00:11:32:11:15:FC (Synology Incorporated)

Nmap done: 256 IP addresses (4 hosts up) scanned in 2.80 second


Host Discovery #2:

nmap -O 192.168.1.1

nmap -O  --osscan-guess 192.168.1.1

nmap -v -O --osscan-guess 192.168.1.1


Starting Nmap 5.00 ( http://nmap.org ) at 2012-11-27 01:29 IST

NSE: Loaded 0 scripts for scanning.

Initiating ARP Ping Scan at 01:29

Scanning 192.168.1.1 [1 port]

Completed ARP Ping Scan at 01:29, 0.01s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 01:29

Completed Parallel DNS resolution of 1 host. at 01:29, 0.22s elapsed

Initiating SYN Stealth Scan at 01:29

Scanning 192.168.1.1 [1000 ports]

Discovered open port 80/tcp on 192.168.1.1

Discovered open port 22/tcp on 192.168.1.1

Completed SYN Stealth Scan at 01:29, 0.16s elapsed (1000 total ports)

Initiating OS detection (try #1) against 192.168.1.1

Retrying OS detection (try #2) against 192.168.1.1

Retrying OS detection (try #3) against 192.168.1.1

Retrying OS detection (try #4) against 192.168.1.1

Retrying OS detection (try #5) against 192.168.1.1

Host 192.168.1.1 is up (0.00049s latency).

Interesting ports on 192.168.1.1:

Not shown: 998 closed ports


Host Discovery #3:

PORT   STATE SERVICE

22/tcp open  ssh

80/tcp open  http

MAC Address: BC:AE:C5:C3:16:93 (Unknown)

Device type: WAP|general purpose|router|printer|broadband router

Running (JUST GUESSING) : Linksys Linux 2.4.X (95%), Linux 2.4.X|2.6.X (94%), MikroTik RouterOS 3.X (92%), Lexmark embedded (90%), Enterasys embedded (89%), D-Link Linux 2.4.X (89%), Netgear Linux 2.4.X (89%)

Aggressive OS guesses: OpenWrt White Russian 0.9 (Linux 2.4.30) (95%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (94%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (94%), Linux 2.4.21 - 2.4.31 (likely embedded) (92%), Linux 2.6.15 - 2.6.23 (embedded) (92%), Linux 2.6.15 - 2.6.24 (92%), MikroTik RouterOS 3.0beta5 (92%), MikroTik RouterOS 3.17 (92%), Linux 2.6.24 (91%), Linux 2.6.22 (90%)

No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=5.00%D=11/27%OT=22%CT=1%CU=30609%PV=Y%DS=1%G=Y%M=BCAEC5%TM=50B3CA

OS:4B%P=x86_64-unknown-linux-gnu)SEQ(SP=C8%GCD=1%ISR=CB%TI=Z%CI=Z%II=I%TS=7

OS:)OPS(O1=M2300ST11NW2%O2=M2300ST11NW2%O3=M2300NNT11NW2%O4=M2300ST11NW2%O5

OS:=M2300ST11NW2%O6=M2300ST11)WIN(W1=45E8%W2=45E8%W3=45E8%W4=45E8%W5=45E8%W

OS:6=45E8)ECN(R=Y%DF=Y%T=40%W=4600%O=M2300NNSNW2%CC=N%Q=)T1(R=Y%DF=Y%T=40%S

OS:=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%R

OS:D=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=

OS:0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID

OS:=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Uptime guess: 12.990 days (since Wed Nov 14 01:44:40 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=200 (Good luck!)

IP ID Sequence Generation: All zeros

Read data files from: /usr/share/nmap

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 12.38 seconds

Raw packets sent: 1126 (53.832KB) | Rcvd: 1066 (46.100KB)


No comments:

Post a Comment

А что вы думаете по этому поводу?