Nmap Concept
NMap, also known as Network Mapper, is the first web scan and sniffer toolkit under Linux.
Nmap is a network-side scanning software used to scan Internet computers open Network connections. Determine which services are running on which connections, and infer which operating system the computer is running (this is also known as fingerprinting). It is one of the required software for network administrators and is used to evaluate network system security.
Like most of the tools used for cyber security, Nmap is also a tool for hackers and hackers (also known as Scripting Boys) to love. The system administrator can use NMAP to detect unapproved servers in the working environment, but hackers use Nmap to collect network settings from the target computer to plan the attack.
Nmap is often confused with the evaluation System vulnerability software Nessus. Nmap avoids the intrusion detection system by stealth, and as far as possible does not affect the target system daily operation.
In the Matrix, Nmap, together with SSH1 's 32-bit cyclic redundancy check vulnerability, was Trinity as an energy management system used to invade power stations.
Nmap function
There are three basic functions, one is to detect whether a group of hosts is online, the second is to scan the host port, sniff the network services provided, and also infer the operating system used by the host. Nmap can be used to scan a LAN with only two nodes up to 500 nodes above the network. Nmap also allows users to customize scanning techniques. Typically, a simple ping using the ICMP protocol can meet general requirements, or you can drill down into UDP or TCP ports until the operating system is used by the host, and you can log all the probe results to a variety of formats for further analysis.
Perform a ping scan to print a host that responds to the scan without further testing (such as port scanning or operating system probing):
NMAP-SP 192.168.1.0/24
Lists only each host on the specified network and does not send any messages to the target host:
NMAP-SL 192.168.1.0/24
To probe open ports on the target host, you can specify a comma-delimited list of ports (such as-ps22,23,25,80):
Nmap-ps 192.168.1.234
To probe a host using UDP ping:
Nmap-pu 192.168.1.0/24
The most Frequently used scan option: A SYN Scan, also known as a semi-open scan, does not open a full TCP connection and executes quickly:
Nmap-ss 192.168.1.0/24
Nmap Installation
This article takes Linux Ubuntu16.04 as an example, and finally mainly uses python to manipulate
1. Install Nmap First
sudo apt-get install Nmap
2. Re-install Python-nmap
sudo pip install Python-nmap
After the installation, Python import nmap test verification is successful
com@pythontab:~# Pythonpython 2.7.12 (default, Dec 3, 10:42:27) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)] on linux2 Type "Help", "copyright", "credits" or "license" for more information.>>> import Nmap
Python Operation Nmap
1. Simple Small case
Create a Portscanner instance, and then scan the port of 20-443 114.114.114.114 this IP.
Import NMAPNM = Nmap. Portscanner () ret = Nm.scan (' 114.114.114.114 ', ' a ') print RET
The return format is as follows:
{' nmap ': {' scanstats ': {' uphosts ': ' 1 ', ' timestr ': ' Tue Oct 11:30:47 ', ' downhosts ': ' 0 ', ' totalhosts ': ' 1 ', ' elapsed ': ' 1.11 '}, ' Scaninfo ': {' tcp ': {' services ': ' + ', ' method ': ' Connect '}}, ' command_line ': ' Nmap-ox ---P 20-SV 115.239.210.26 ' }, ' Scan ': { ' 115.239.210.26 ': {' status ': {' state ': ' Up ', ' reason ': ' Syn-ack '}, ' hostnames ': [{' Type ': ', ' Name ': '} ', ' vendor ': {}, ' addresses ': {' IPv4 ': ' 115.239.210.26 ' }, ' TCP ': {: {' product ': ', ' state ': ' Filtered ', ' Version ': ', ' name ': ' Ftp-data ', ' conf ': ' 3 ', ' extrainfo ': ', ' Reason ': ' No-response ', ' CPE ': '}}}}
2. Built-in method:
You can also print out simple information
Import nmap nm = Nmap. Portscanner () print nm.scaninfo () # {u ' tcp ': {' Services ': U ' 20-443 ', ' method ': U ' syn '}}print nm.command_line () # u ' nmap-o X-P 20-443-SV 114.114.114.114 '
See how many Host
Print nm.all_hosts ()
[u ' 114.114.114.114 ']
View details about this host
nm[' 114.114.114.114 ']
View all the protocols that the host contains
nm[' 114.114.114.114 '].all_protocols ()
View which ports of the host provide the TCP protocol
nm[' 114.114.114.114 ' [' TCP ']nm[' 114.114.114.114 '] [' TCP '].keys ()
See if the port provides the TCP protocol
nm[' 114.114.114.114 '].has_tcp (21)
You can also set the parameters for Nmap to execute like this
nm.scan (hosts= ' 192.168.1.0/24 ', arguments= '-n-sp-pe-pa21,23,80,3389 ')