Day20 TryHackME - Nmap 資安小白解釋 - iT 邦幫忙::一起幫忙解決難題，拯救 IT 人的一天

2022 iThome 鐵人賽

DAY 11

Security

從 Tryhackme 靶機中學習資安系列第 20 篇

Day20 TryHackME - Nmap 資安小白解釋

14th鐵人賽

Yvonne

團隊那團名要叫什麼？

2022-10-13 14:48:44

1200 瀏覽

分享至

Day20 TryHackME - Nmap 資安小白解釋
https://tryhackme.com/room/furthernmap
Nmap:
Nmap 最有名就是掃瞄 port (端口)
可以發現主機有開啟那些Port和作業系統偵測，服務版本偵測

可以參考下面官網的document，也有中文翻譯的。
英文：https://nmap.org/book/man.html
中文：https://nmap.org/man/zh/
網路上也有很多其他教學
Nmap 使用的技巧、達到的成效cp值算是很棒的工具

簡單介紹一下 Nmap 的指令:
直接使用 IP 位址來指定掃描的主機：
nmap 202.39.253.11
如果加上 -v 參數，會有更詳細的輸出：

nmap -v www.hinet.net
輸出為

Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 08:32 CST
Initiating Ping Scan at 08:32
Scanning www.hinet.net (202.39.253.11) [2 ports]
Completed Ping Scan at 08:32, 1.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:32
Completed Parallel DNS resolution of 1 host. at 08:32, 0.00s elapsed
Initiating Connect Scan at 08:32
Scanning www.hinet.net (202.39.253.11) [1000 ports]
Discovered open port 80/tcp on 202.39.253.11
Completed Connect Scan at 08:32, 4.81s elapsed (1000 total ports)
Nmap scan report for www.hinet.net (202.39.253.11)
Host is up (0.0044s latency).
rDNS record for 202.39.253.11: 202-39-253-11.HINET-IP.hinet.net
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
113/tcp closed ident

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 6.13 seconds

掃描多台主機
如果要一次掃描多台主機，就直接把所有的主機名稱都放進 nmap 的參數中即可：

nmap www.hinet.net tw.yahoo.com www.google.com.tw

輸出為

Starting Nmap 6.40 ( http://nmap.org ) at 2014-10-02 08:36 CST
Nmap scan report for www.hinet.net (202.39.253.11)
Host is up (0.0038s latency).
rDNS record for 202.39.253.11: 202-39-253-11.HINET-IP.hinet.net
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
113/tcp closed ident

Nmap scan report for tw.yahoo.com (202.43.192.109)
Host is up (0.0046s latency).
rDNS record for 202.43.192.109: ir1.fp.vip.tw1.yahoo.com
Not shown: 997 filtered ports
PORT STATE SERVICE
80/tcp open http
113/tcp closed ident
443/tcp open https

Nmap scan report for www.google.com.tw (74.125.31.94)
Host is up (0.011s latency).
rDNS record for 74.125.31.94: tb-in-f94.1e100.net
Not shown: 997 filtered ports
PORT STATE SERVICE
80/tcp open http
113/tcp closed ident
443/tcp open https

Nmap done: 3 IP addresses (3 hosts up) scanned in 9.97 seconds