常用端口号:
代理服务器常用以下端口:
(1). HTTP协议代理服务器常用端口号:80/8080/3128/8081/9080
(2). SOCKS代理协议服务器常用端口号:1080
(3). FTP(文件传输)协议代理服务器常用端口号:21
(4). Telnet(远程登录)协议代理服务器常用端口:23
HTTP服务器,默认的端口号为80/tcp(木马Executor开放此端口);
HTTPS(securely transferring web pages)服务器,默认的端口号为443/tcp 443/udp;
Telnet(不安全的文本传送),默认端口号为23/tcp(木马Tiny Telnet Server所开放的端口);
FTP,默认的端口号为21/tcp(木马Doly Trojan、Fore、Invisible FTP、WebEx、WinCrash和Blade Runner所开放的端口);
TFTP(Trivial File Transfer Protocol ),默认的端口号为69/udp;
SSH(安全登录)、SCP(文件传输)、端口重定向,默认的端口号为22/tcp;
SMTP Simple Mail Transfer Protocol (E-mail),默认的端口号为25/tcp(木马Antigen、Email Password Sender、Haebu Coceda、Shtrilitz Stealth、WinPC、WinSpy都开放这个端口);
POP3 Post Office Protocol (E-mail) ,默认的端口号为110/tcp;
WebLogic,默认的端口号为7001;
WebSphere应用程序,默认的端口号为9080;
WebSphere管理工具,默认的端口号为9090;
JBOSS,默认的端口号为8080;
TOMCAT,默认的端口号为8080;
WIN2003远程登陆,默认的端口号为3389;
Symantec AV/Filter for MSE ,默认端口号为 8081;
Oracle 数据库,默认的端口号为1521;
ORACLE EMCTL,默认的端口号为1158;
Oracle XDB( XML 数据库),默认的端口号为8080;
Oracle XDB FTP服务,默认的端口号为2100;
MS SQL*SERVER数据库server,默认的端口号为1433/tcp 1433/udp;
MS SQL*SERVER数据库monitor,默认的端口号为1434/tcp 1434/udp;
QQ,默认的端口号为1080/udp
nmap使用方法
1、nmap简单扫描 nmap默认发送一个ARP的PING数据包,来探测目标主机1-10000范围内所开放的所有端口 命令语法: nmap <target ip address> 其中:target ip address是扫描的目标主机的ip地址 例子:nmap 173.22.90.10 [root@docker-node4 ~]# nmap 173.22.90.10 PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 扫描出开放的端口
2、nmap简单扫描,并对结果返回详细的描述输出 命令语法:namp -vv <target ip address> 介绍:-vv参数设置对结果的详细输出 例子:nmap -vv 173.22.90.10 效果如下: [root@docker-node4 ~]# nmap -vv 173.22.90.10 Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 04:48 CST Initiating ARP Ping Scan at 04:48 Scanning 173.22.90.10 [1 port] Completed ARP Ping Scan at 04:48, 0.01s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 04:48 Completed Parallel DNS resolution of 1 host. at 04:48, 6.53s elapsed Initiating SYN Stealth Scan at 04:48 Scanning 173-22-90-10.client.mchsi.com (173.22.90.10) [1000 ports] Discovered open port 111/tcp on 173.22.90.10 Discovered open port 80/tcp on 173.22.90.10 Discovered open port 22/tcp on 173.22.90.10
3、nmap自定义扫描 命令语法:nmap -p(range) <target IP> 介绍:(range)为要扫描的端口范围,端口大小不能超过65535 例子:扫描目标主机的20-120号端口 nmap -p20-120 173.22.90.10
4、nmap 指定端口扫描 命令语法:nmap -p(port1,port2,…) <target IP> 介绍:port1,port2…为想要扫描的端口号 例子:扫描目标主机的80,22端口 [root@docker-node4 ~]# nmap -p22,80 173.22.90.10 Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 04:57 CST Nmap scan report for 173-22-90-10.client.mchsi.com (173.22.90.10) Host is up (0.00032s latency). PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 00:0C:29:CF:A7:30 (VMware)
5、nmap ping 扫描 nmap可以利用类似windows/linux系统下的ping 方式进行扫描 命令语法: nmap -sP <target ip> 例子:nmap sP 10.1.112.89 [root@docker-node4 ~]# nmap -sP 173.22.90.10 扫描存活的主机,这个机器存活 Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:00 CST Nmap scan report for 173-22-90-10.client.mchsi.com (173.22.90.10) Host is up (0.00048s latency). MAC Address: 00:0C:29:CF:A7:30 (VMware) Nmap done: 1 IP address (1 host up) scanned in 6.77 seconds [root@docker-node4 ~]# nmap -sP 173.22.90.16 Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:00 CST Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.43 seconds 这个就是显示不是存活状态的主机,没有ping成功
6、nmap 路由跟踪 路由器追踪功能,能够帮助网络管理员了解网络通行情况,同时也是网络管理人员很好的辅助工具,通过路由器追踪可以轻松的查处从我们电脑所在地到目的地之间所经常的网络节点,并可以看到通过各个结点所花费的时间 命令语法: nmap –traceroute <target IP> 例子:namp –traceroute 8.8.8.8(geogle dns服务器ip) [root@docker-node4 ~]# nmap --traceroute 8.8.8.8 Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:04 CST Nmap scan report for dns.google (8.8.8.8) Host is up (0.045s latency). Not shown: 999 filtered ports PORT STATE SERVICE 53/tcp open domain TRACEROUTE (using port 53/tcp) HOP RTT ADDRESS 1 2.77 ms 192.168.1.1 2 5.63 ms 113.45.32.1 3 6.26 ms 124.205.97.50 4 6.31 ms 124.205.97.50 5 6.41 ms 218.241.165.41 6 8.75 ms 124.205.98.41 7 6.52 ms 202.99.1.173 8 6.58 ms 218.241.244.98
7、nmap设置扫描一个网段下的ip 命令语法: nmap -sP <network address> </CIDR> 介绍:CIDR为设置的子网掩码(/24,/16,/8等) 例子:nmap -sP 10.1.1.0 /24 [root@docker-node4 ~]# nmap -sP 192.168.1.1 /24 Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:11 CST Failed to resolve "". Nmap scan report for 192.168.1.1 Host is up (0.0061s latency). MAC Address: B0:95:8E:5F:98:85 (Unknown) Nmap done: 1 IP address (1 host up) scanned in 13.04 seconds
8、nmap 操作系统类型的探测 命令语法: nmap -0 <target IP> 例子:nmap -O(大写的o) 10.1.112.89 效果: [root@docker-node4 ~]# nmap -O 192.168.1.103 Running (JUST GUESSING): AVtech embedded (87%), FreeBSD 6.X (86%), Microsoft Windows XP (85%) 扫描出是windows的系统 不过不准确我的这个是windows10的系统
9、nmap万能开关 包含了1-10000端口ping扫描,操作系统扫描,脚本扫描,路由跟踪,服务探测 命令语法: nmap -A <target ip> 例子:nmap -A 10.1.112.89 [root@docker-node4 ~]# nmap -A 192.168.1.105 Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-18 05:23 CST Stats: 0:01:09 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 86.40% done; ETC: 05:24 (0:00:09 remaining) Nmap scan report for 192.168.1.105 Host is up (0.064s latency). All 1000 scanned ports on 192.168.1.105 are filtered MAC Address: F4:D1:08:BE:1C:CA (Unknown) Too many fingerprints match this host to give specific OS details Network Distance: 1 hop TRACEROUTE HOP RTT ADDRESS 1 63.61 ms 192.168.1.105 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 82.40 seconds
10、nmap命令混合式扫描 可以做到类似参数-A所完成的功能,但又能细化我们的需求要求 命令语法: nmap -vv -p1-100 -O <target ip> 例子: nmap -vv -p1-100 -O 10.1.112.89 [root@docker-node4 ~]# nmap -vv -p1-100 -o 173.22.90.10 PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 00:0C:29:CF:A7:30 (VMware) No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=6.40%E=4%D=8/18%OT=22%CT=1%CU=39398%PV=N%DS=1%DC=D%G=Y%M=000C29%T OS:M=5D58714F%P=x86_64-redhat-linux-gnu)SEQ(SP=107%GCD=1%ISR=10D%TI=Z%TS=A)
