Nmap It's an open source and free network discovery (Network Discovery) And security audit (Security Auditing) Tools . Software name Nmap yes Network Mapper For short .

nmap Scanning mainly includes four scanning functions: host discovery (Host Discovery)、 Port scanning (Port Scanning)、 Application and version detection (Version Detection)、 Operating system detection (Operating System Detection). Between these four functions , There is also a general dependency .

This article teaches you how to proceed based on Nmap Scan

There are video version and text version below

I don't know how to operate. Please see the text version , Detailed steps inside .

Attention to official account rogue Baron reply 【kali System 】

Video version ↓：

Network security /kali/ hackers /web Security / Penetration test /-3-5 Monthly network security course - Xiaobai beginner to master ！_ Bili, Bili _bilibili

Text version ↓：

At the end of the year, the owner used all my skills “ Practical projects done - Intranet actual shooting range environment - Penetration tools ” There are many penetrating thought maps ！

Nmap The basic scanning method

Nmap, That is to say Network Mapper, The first is Linux Under the network scanning and sniffing Kit .

notes ：Nmap The function of is very powerful, which will be explained in a separate class later

example ： scanning 192.168.1.0 This segment

┌──(rootxuegod53)-[~]

└─# nmap -sn 192.168.1.0/24

or

┌──(rootxuegod53)-[~]

└─# nmap -sn 192.168.1.1-254

-sn Parameter description ： Means only ping scanning , No port scan

4.3.2 Use nmap Perform a half connection scan

nmap The main scanning types are TCP Full connection scan for （ Will leave a record on the scanned machine ）, Half connected scan （ There will be no record ）

┌──(rootxuegod53)-[~]

└─# nmap -sS 101.200.128.35 -p 80,81,21,25,110,443

-sS Said the use of SYN Perform a half connection scan

4.3.3 Use nc Scan port

nc yes netcat Abbreviation , With the reputation of Swiss Army knife in the Internet world . Because it's short and sharp 、 Functional and practical , Designed as a simple 、 Reliable Internet tools

nc The role of :

1. To achieve arbitrary TCP/UDP Port listening ,nc It can be used as server With TCP or UDP Mode to listen on the specified port

2. Port scan ,nc It can be used as client launch TCP or UDP Connect

3. Transfer files between machines

4. Network speed measurement between machines

nc Parameters ：

-nv It means the target of our scan is IP Address does not do domain name resolution

-w Time out

-z Indicates port scanning

┌──(rootxuegod53)-[~]

└─# nc -nv -w 1 -z 192.168.1.1 1-100

(UNKNOWN) [192.168.1.1] 80 (http) open

(UNKNOWN) [192.168.1.1] 23 (telnet) : Connection timed out

(UNKNOWN) [192.168.1.1] 21 (ftp) open