nmap探测学习

nmap是一款十分强大的工具，下面讲一下nmap的使用吧，用作记录，大牛勿喷，一直学习，持续更新

1.扫描网段内存活主机

nmap 192.168.1.1/24 | grep 192.168.1

Nmap scan report for bogon (192.168.1.1)Nmap scan report for bogon (192.168.1.2)All 1000 scanned ports on bogon (192.168.1.2) are closedNmap scan report for bogon (192.168.1.4)All 1000 scanned ports on bogon (192.168.1.4) are closedNmap scan report for bogon (192.168.1.5)

2.探测目标主机的操作系统类型

nmap -O 192.168.1.5

Starting Nmap 7.01 ( https://nmap.org ) at 2017-07-26 11:23 CSTNmap scan report for bogon (192.168.1.5)Host is up (0.0014s latency).Not shown: 989 closed portsPORT      STATE SERVICE135/tcp   open  msrpc139/tcp   open  netbios-ssn445/tcp   open  microsoft-ds2869/tcp  open  icslap5357/tcp  open  wsdapi49152/tcp open  unknown49153/tcp open  unknown49154/tcp open  unknown49155/tcp open  unknown49156/tcp open  unknown49157/tcp open  unknownMAC Address: 08:00:27:16:7B:B8 (Oracle VirtualBox virtual NIC)Device type: general purpose|media deviceRunning: Microsoft Windows 2008|10|7|8.1, Microsoft embeddedOS CPE: cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows_10 cpe:/h:microsoft:xbox_one cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_8.1OS details: Microsoft Windows Server 2008 SP2 or Windows 10 Tech Preview or Xbox One, Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, Windows 8, or Windows 8.1 Update 1Network Distance: 1 hopOS detection performed. Please report any incorrect results at https://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 98.75 seconds

可以看到简直就是神器！连是不是虚拟机都可以识别出来。但是识别的精确度不是百分百准确，我们可以看到有很多结果的可能性。

3.精细扫描

nmap -T4 -A -v 192.168.1.5