Nmap - Comandos úteis para um administrador de sistemas Linux
O Nmap é um programa que permite fazer um scan completo em uma rede, ou hosts, para podermos obter informações como: quais hosts estão ativos, quais portas estão abertas, dentre outras. O scan pode determinar as portas abertas em um IP, qual o sistema operacional dele, se ele possui ou não um firewall e assim por diante. Esse é um verdadeiro canivete suíço para os administradores de servidores.
Introdução
O Nmap é um programa que permite fazer um scan completo em uma rede, ou em um host, para podermos obter informações como: quais hosts estão ativos, quais portas estão abertas, dentre outras. O scan pode determinar as portas abertas em um IP, qual o sistema operacional dele, se ele possui ou não um firewall e assim por diante. Esse é um verdadeiro canivete suíço para os administradores de servidores, de redes, ou desenvolvedores.
O Nmap pode ser instalado no Linux, MacOS ou no Windows, sendo multiplataforma. Pode ser ser executado através de linha de comando, como iremos demonstrar nesse artigo, ou através de interfaces gráficas.
Aproveite esse material e deixe seus servidores mais seguros.
# apt install nmap
# nmap 192.168.0.28
Exemplo de retorno:
# nmap 192.168.0.1 192.168.0.28 192.168.0.222
Exemplo de retorno:
# nmap 192.168.0.*
ou
# nmap 192.168.0.0/24
Exemplo de retorno:
# nmap -A 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 13:56 -03
Nmap scan report for 192.168.0.28
Host is up (0.00099s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
80/tcp open http nginx 1.17.10 (Ubuntu)
|_http-server-header: nginx/1.17.10 (Ubuntu)
|_http-title: Welcome to nginx!
3306/tcp open mysql?
| fingerprint-strings:
| NULL:
|_ Host '192.168.0.177' is not allowed to connect to this MariaDB server
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3306-TCP:V=7.80%I=7%D=5/2%Time=5EADA62F%P=x86_64-pc-linux-gnu%r(NUL
SF:L,4C,"H\0\0\x01\xffj\x04Host\x20'192\.168\.0\.177'\x20is\x20not\x20allo
SF:wed\x20to\x20connect\x20to\x20this\x20MariaDB\x20server");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.74 seconds
Observe que no servidor acima está instalado o Ubuntu, com o SSH, Nginx e o MariaDB em execução.
Caso seja necessário descobrir também as versões, adicione o parâmetro -v.
# nmap -v -A 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 13:56 -03
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating Ping Scan at 13:56
Scanning 192.168.0.28 [2 ports]
Completed Ping Scan at 13:56, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:56
Completed Parallel DNS resolution of 1 host. at 13:56, 0.00s elapsed
Initiating Connect Scan at 13:56
Scanning 192.168.0.28 [1000 ports]
Discovered open port 80/tcp on 192.168.0.28
Discovered open port 22/tcp on 192.168.0.28
Discovered open port 3306/tcp on 192.168.0.28
Completed Connect Scan at 13:56, 0.03s elapsed (1000 total ports)
Initiating Service scan at 13:56
Scanning 3 services on 192.168.0.28
Completed Service scan at 13:56, 6.01s elapsed (3 services on 1 host)
NSE: Script scanning 192.168.0.28.
Initiating NSE at 13:56
Completed NSE at 13:56, 0.17s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.01s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Nmap scan report for 192.168.0.28
Host is up (0.00062s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
80/tcp open http nginx 1.17.10 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.17.10 (Ubuntu)
|_http-title: Welcome to nginx!
3306/tcp open mysql?
| fingerprint-strings:
| NULL, RPCCheck:
|_ Host '192.168.0.177' is not allowed to connect to this MariaDB server
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3306-TCP:V=7.80%I=7%D=5/2%Time=5EADA650%P=x86_64-pc-linux-gnu%r(NUL
SF:L,4C,"H\0\0\x01\xffj\x04Host\x20'192\.168\.0\.177'\x20is\x20not\x20allo
SF:wed\x20to\x20connect\x20to\x20this\x20MariaDB\x20server")%r(RPCCheck,4C
SF:,"H\0\0\x01\xffj\x04Host\x20'192\.168\.0\.177'\x20is\x20not\x20allowed\
SF:x20to\x20connect\x20to\x20this\x20MariaDB\x20server");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
NSE: Script Post-scanning.
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.74 seconds
Observe no resultado acima que a versão do servidor de ssh é OpenSSH 8.2p1 e a versão no Nginx é nginx/1.17.10.
# nmap 192.168.0.28
Exemplo de resultado:
"All 1000 scanned ports on 192.168.0.28 are unfiltered"
ou seja, todas as 1000 portas escaneadas não estão sendo filtradas.
Agora ativei o firewall do servidor 192.168.0.28:
# nmap 192.168.0.28
Exemplo de resultado:
"All 1000 scanned ports on 192.168.0.28 are filtered"
ou seja, todas as 1000 portas escaneadas estão sendo filtradas pelo firewall.
# nmap -PN 192.168.0.28
Exemplo de resultado:
# nmap -sP 192.168.0.0/24
Exemplo de resultado:
# nmap -F 192.168.0.0/24
Exemplo de resultado:
# nmap -iflist
Exemplo de retorno:
# nmap -p 80 192.168.0.28
Exemplo de retorno:
# nmap -p 21,80,443 192.168.0.28
Exemplo de retorno:
# nmap --top-ports 10 192.168.0.28
ou
# nmap --top-ports 20 192.168.0.28
Exemplo de retorno:
# nmap -T5 192.168.0.0/24
Exemplo de retorno:
# nmap -O 192.168.0.28
Exemplo de retorno:
# nmap -PO www.vivaolinux.com.br
Exemplo de retorno:
# nmap -PU 192.168.0.28
Exemplo de retorno:
O site oficial dele é: https://nmap.org/
O Nmap pode ser instalado no Linux, MacOS ou no Windows, sendo multiplataforma. Pode ser ser executado através de linha de comando, como iremos demonstrar nesse artigo, ou através de interfaces gráficas.
Aproveite esse material e deixe seus servidores mais seguros.
Instalar o Nmap
Caso você não tenha o Nmap instalado e utilize o Debian, ou derivados, pode instalar com o seguinte comando:# apt install nmap
Scan de um host ou endereço IP
Execute:# nmap 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 13:35 -03 Nmap scan report for 192.168.0.28 Host is up (0.00016s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql Nmap done: 1 IP address (1 host up) scanned in 0.11 secondsObserve que o servidor possui os serviços de ssh, http e MySQL instalados, com as portas 22, 80 e 3306 abertas no protocolo TCP. Caso essa máquina estivesse conectada direto na internet, todos esses serviços estariam expostos diretamente para qualquer tipo de tentativa de invasão.
Scan de múltiplos hosts ou vários endereços IP
Execute:# nmap 192.168.0.1 192.168.0.28 192.168.0.222
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 13:41 -03 Nmap scan report for _gateway (192.168.0.1) Host is up (0.013s latency). Not shown: 995 closed ports PORT STATE SERVICE 80/tcp open http 8080/tcp open http-proxy 8081/tcp filtered blackice-icecap 8090/tcp filtered opsmessaging 8888/tcp filtered sun-answerbook Nmap scan report for 192.168.0.28 Host is up (0.00015s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql Nmap scan report for 192.168.0.222 Host is up (0.0048s latency). Not shown: 998 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http Nmap done: 3 IP addresses (3 hosts up) scanned in 2.91 seconds
Scan de uma sub-rede
Irei buscar todos os computadores que estão na sub-rede 192.168.0.0/24, ou seja, a sub-rede inteira.# nmap 192.168.0.*
ou
# nmap 192.168.0.0/24
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 13:45 -03 Nmap scan report for _gateway (192.168.0.1) Host is up (0.014s latency). Not shown: 995 closed ports PORT STATE SERVICE 80/tcp open http 8080/tcp open http-proxy 8081/tcp filtered blackice-icecap 8090/tcp filtered opsmessaging 8888/tcp filtered sun-answerbook Nmap scan report for 192.168.0.10 Host is up (0.024s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http Nmap scan report for 192.168.0.28 Host is up (0.00051s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql Nmap scan report for 192.168.0.177 Host is up (0.00023s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 3306/tcp open mysql Nmap scan report for 192.168.0.218 Host is up (0.022s latency). All 1000 scanned ports on 192.168.0.218 are closed Nmap scan report for 192.168.0.219 Host is up (0.012s latency). Not shown: 994 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 902/tcp filtered iss-realsecure 5440/tcp filtered unknown 7103/tcp filtered unknown 9878/tcp filtered kca-service Nmap scan report for 192.168.0.222 Host is up (0.0049s latency). Not shown: 998 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http Nmap done: 256 IP addresses (7 hosts up) scanned in 33.04 seconds
Detectar os serviços em um servidor
Execute:# nmap -A 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 13:56 -03
Nmap scan report for 192.168.0.28
Host is up (0.00099s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
80/tcp open http nginx 1.17.10 (Ubuntu)
|_http-server-header: nginx/1.17.10 (Ubuntu)
|_http-title: Welcome to nginx!
3306/tcp open mysql?
| fingerprint-strings:
| NULL:
|_ Host '192.168.0.177' is not allowed to connect to this MariaDB server
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3306-TCP:V=7.80%I=7%D=5/2%Time=5EADA62F%P=x86_64-pc-linux-gnu%r(NUL
SF:L,4C,"H\0\0\x01\xffj\x04Host\x20'192\.168\.0\.177'\x20is\x20not\x20allo
SF:wed\x20to\x20connect\x20to\x20this\x20MariaDB\x20server");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.74 seconds
Observe que no servidor acima está instalado o Ubuntu, com o SSH, Nginx e o MariaDB em execução.
Caso seja necessário descobrir também as versões, adicione o parâmetro -v.
# nmap -v -A 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 13:56 -03
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating Ping Scan at 13:56
Scanning 192.168.0.28 [2 ports]
Completed Ping Scan at 13:56, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:56
Completed Parallel DNS resolution of 1 host. at 13:56, 0.00s elapsed
Initiating Connect Scan at 13:56
Scanning 192.168.0.28 [1000 ports]
Discovered open port 80/tcp on 192.168.0.28
Discovered open port 22/tcp on 192.168.0.28
Discovered open port 3306/tcp on 192.168.0.28
Completed Connect Scan at 13:56, 0.03s elapsed (1000 total ports)
Initiating Service scan at 13:56
Scanning 3 services on 192.168.0.28
Completed Service scan at 13:56, 6.01s elapsed (3 services on 1 host)
NSE: Script scanning 192.168.0.28.
Initiating NSE at 13:56
Completed NSE at 13:56, 0.17s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.01s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Nmap scan report for 192.168.0.28
Host is up (0.00062s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
80/tcp open http nginx 1.17.10 (Ubuntu)
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.17.10 (Ubuntu)
|_http-title: Welcome to nginx!
3306/tcp open mysql?
| fingerprint-strings:
| NULL, RPCCheck:
|_ Host '192.168.0.177' is not allowed to connect to this MariaDB server
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3306-TCP:V=7.80%I=7%D=5/2%Time=5EADA650%P=x86_64-pc-linux-gnu%r(NUL
SF:L,4C,"H\0\0\x01\xffj\x04Host\x20'192\.168\.0\.177'\x20is\x20not\x20allo
SF:wed\x20to\x20connect\x20to\x20this\x20MariaDB\x20server")%r(RPCCheck,4C
SF:,"H\0\0\x01\xffj\x04Host\x20'192\.168\.0\.177'\x20is\x20not\x20allowed\
SF:x20to\x20connect\x20to\x20this\x20MariaDB\x20server");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
NSE: Script Post-scanning.
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Initiating NSE at 13:56
Completed NSE at 13:56, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 6.74 seconds
Observe no resultado acima que a versão do servidor de ssh é OpenSSH 8.2p1 e a versão no Nginx é nginx/1.17.10.
Verificar se um host está protegido por um firewall
Execute:# nmap 192.168.0.28
Exemplo de resultado:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:03 -03 Nmap scan report for 192.168.0.28 Host is up (0.00022s latency). All 1000 scanned ports on 192.168.0.28 are unfiltered MAC Address: 08:00:27:CF:C7:BE (Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 0.43 secondsObserve que esse servidor não está protegido por um firewall, devido à seguinte mensagem que está no retorno do Nmap:
"All 1000 scanned ports on 192.168.0.28 are unfiltered"
ou seja, todas as 1000 portas escaneadas não estão sendo filtradas.
Agora ativei o firewall do servidor 192.168.0.28:
# nmap 192.168.0.28
Exemplo de resultado:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:08 -03 Nmap scan report for 192.168.0.28 Host is up (0.00031s latency). All 1000 scanned ports on 192.168.0.28 are filtered MAC Address: 08:00:27:CF:C7:BE (Oracle VirtualBox virtual NIC) Nmap done: 1 IP address (1 host up) scanned in 21.38 secondsObserve que agora esse servidor está protegido por um firewall, devido à seguinte mensagem que está no retorno do Nmap:
"All 1000 scanned ports on 192.168.0.28 are filtered"
ou seja, todas as 1000 portas escaneadas estão sendo filtradas pelo firewall.
Scan quando o host está protegido por um firewall
Execute:# nmap -PN 192.168.0.28
Exemplo de resultado:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:12 -03 Nmap scan report for 192.168.0.28 Host is up (0.074s latency). All 1000 scanned ports on 192.168.0.28 are filtered Nmap done: 1 IP address (1 host up) scanned in 191.52 seconds
Scan para descobrir quais servidores e dispositivos estão funcionando em uma sub-rede
Execute:# nmap -sP 192.168.0.0/24
Exemplo de resultado:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:21 -03 Nmap scan report for _gateway (192.168.0.1) Host is up (0.12s latency). Nmap scan report for 192.168.0.10 Host is up (0.12s latency). Nmap scan report for ubuntu (192.168.0.28) Host is up (0.00052s latency). Nmap scan report for 192.168.0.223 Host is up (0.048s latency). Nmap scan report for 192.168.0.225 Host is up (0.13s latency). Nmap done: 256 IP addresses (5 hosts up) scanned in 16.76 seconds
Executar um scan rápido e simples em um IP
Execute:# nmap -F 192.168.0.0/24
Exemplo de resultado:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:23 -03 Nmap scan report for ubuntu (192.168.0.28) Host is up (0.00010s latency). Not shown: 98 closed ports PORT STATE SERVICE 80/tcp open http 3306/tcp open mysql Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
Exibir a interface de rede e as rotas dos hosts
Esse é um comando útil para detectar problemas na rede.# nmap -iflist
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:26 -03 ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC wlp2s0 (wlp2s0) 192.168.0.28/24 ethernet up 1500 5C:C9:D3:66:43:6E wlp2s0 (wlp2s0) fe80::747a:93a9:9c2e:2aca/64 ethernet up 1500 5C:C9:D3:66:43:6E wlp2s0 (wlp2s0) 2804:14c:48b:41b2::1/128 ethernet up 1500 5C:C9:D3:66:43:6E wlp2s0 (wlp2s0) 2804:14c:48b:41b2:c581:f4ec:2ca6:2bf9/64 ethernet up 1500 5C:C9:D3:66:43:6E wlp2s0 (wlp2s0) 2804:14c:48b:41b2:40c1:626:6d1d:897c/64 ethernet up 1500 5C:C9:D3:66:43:6E gpd0 (gpd0) (none)/0 point2point down 1500 lo (lo) 127.0.0.1/8 loopback up 65536 lo (lo) ::1/128 loopback up 65536 enp1s0 (enp1s0) (none)/0 ethernet up 1500 1C:39:47:56:D8:A4 **************************ROUTES************************** DST/MASK DEV METRIC GATEWAY 192.168.0.0/24 wlp2s0 600 169.254.0.0/16 wlp2s0 1000 0.0.0.0/0 wlp2s0 600 192.168.0.1 ::1/128 lo 0 2804:14c:48b:41b2::1/128 wlp2s0 0 2804:14c:48b:41b2:40c1:626:6d1d:897c/128 wlp2s0 0 2804:14c:48b:41b2:c581:f4ec:2ca6:2bf9/128 wlp2s0 0 fe80::747a:93a9:9c2e:2aca/128 wlp2s0 0 ::1/128 lo 256 2804:14c:48b:41b2::1/128 wlp2s0 600 2804:14c:48b:41b2::/64 wlp2s0 600 fe80::2a32:c5ff:fe53:b0a7 fe80::/64 wlp2s0 600 ff00::/8 wlp2s0 256 ::/0 wlp2s0 600 fe80::2a32:c5ff:fe53:b0a7
Especificar em qual porta o scan será realizado
Execute:# nmap -p 80 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:31 -03 Nmap scan report for ubuntu (192.168.0.28) Host is up (0.00013s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 5.18 secondsCaso queira especificar mais de uma porta, separe elas com vírgulas.
# nmap -p 21,80,443 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:32 -03 Nmap scan report for ubuntu (192.168.0.28) Host is up (0.000078s latency). PORT STATE SERVICE 21/tcp closed ftp 80/tcp open http 443/tcp closed https Nmap done: 1 IP address (1 host up) scanned in 0.08 secondsCaso queira realizar o scan nas portas mais conhecidas e utilizadas atualmente na internet, utilize o parâmetro --top-ports <quantidade>, como por exemplo:
# nmap --top-ports 10 192.168.0.28
ou
# nmap --top-ports 20 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:34 -03 Nmap scan report for ubuntu (192.168.0.28) Host is up (0.000078s latency). PORT STATE SERVICE 21/tcp closed ftp 22/tcp closed ssh 23/tcp closed telnet 25/tcp closed smtp 53/tcp closed domain 80/tcp open http 110/tcp closed pop3 111/tcp closed rpcbind 135/tcp closed msrpc 139/tcp closed netbios-ssn 143/tcp closed imap 443/tcp closed https 445/tcp closed microsoft-ds 993/tcp closed imaps 995/tcp closed pop3s 1723/tcp closed pptp 3306/tcp open mysql 3389/tcp closed ms-wbt-server 5900/tcp closed vnc 8080/tcp closed http-proxy Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
Descobrir as portas abertas nos computadores de uma rede de forma rápida
Execute:# nmap -T5 192.168.0.0/24
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:38 -03 Warning: 192.168.0.10 giving up on port because retransmission cap hit (2). Warning: 192.168.0.223 giving up on port because retransmission cap hit (2). Warning: 192.168.0.225 giving up on port because retransmission cap hit (2). Nmap scan report for _gateway (192.168.0.1) Host is up (0.0066s latency). Not shown: 995 closed ports PORT STATE SERVICE 80/tcp open http 8080/tcp open http-proxy 8081/tcp filtered blackice-icecap 8090/tcp filtered opsmessaging 8888/tcp filtered sun-answerbook Nmap scan report for 192.168.0.10 Host is up (0.033s latency). Not shown: 831 closed ports, 168 filtered ports PORT STATE SERVICE 80/tcp open http Nmap scan report for ubuntu (192.168.0.28) Host is up (0.00016s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 3306/tcp open mysql Nmap scan report for 192.168.0.223 Host is up (0.0046s latency). Not shown: 983 closed ports PORT STATE SERVICE 4/tcp filtered unknown 23/tcp open telnet 42/tcp filtered nameserver 80/tcp open http 444/tcp filtered snpp 801/tcp filtered device 1051/tcp filtered optima-vnet 1052/tcp filtered ddt 1066/tcp filtered fpo-fns 1187/tcp filtered alias 2702/tcp filtered sms-xfer 2967/tcp filtered symantec-av 4002/tcp filtered mlchat-proxy 8082/tcp filtered blackice-alerts 8300/tcp filtered tmi 9900/tcp filtered iua 49154/tcp filtered unknown Nmap scan report for 192.168.0.225 Host is up (0.0020s latency). Not shown: 986 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 700/tcp filtered epp 1023/tcp filtered netvenuechat 1069/tcp filtered cognex-insight 1080/tcp filtered socks 1085/tcp filtered webobjects 1124/tcp filtered hpvmmcontrol 3517/tcp filtered 802-11-iapp 3827/tcp filtered netmpi 7070/tcp filtered realserver 8045/tcp filtered unknown 26214/tcp filtered unknown 57797/tcp filtered unknown Nmap scan report for 192.168.0.226 Host is up (0.00019s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql Nmap done: 256 IP addresses (6 hosts up) scanned in 23.44 seconds
Detectar o sistema operacional de um servidor
Execute:# nmap -O 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:42 -03 Nmap scan report for ubuntu (192.168.0.28) Host is up (0.00011s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 3306/tcp open mysql Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6.32 OS details: Linux 2.6.32 Network Distance: 0 hops OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.79 secondsObserve que o sistema operacional detectado no servidor é o Ubuntu em Nmap scan report for ubuntu (192.168.0.28).
Scan utilizando o ping
Execute:# nmap -PO www.vivaolinux.com.br
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:46 -03 Nmap scan report for www.vivaolinux.com.br (104.24.99.136) Host is up (0.17s latency). Other addresses for www.vivaolinux.com.br (not scanned): 2606:4700:3030::6818:6288 2606:4700:3030::6818:6388 104.24.98.136 Not shown: 996 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 8080/tcp open http-proxy 8443/tcp open https-alt Nmap done: 1 IP address (1 host up) scanned in 24.32 second
Scan utilizando o ping UDP
Execute:# nmap -PU 192.168.0.28
Exemplo de retorno:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-02 14:49 -03 Nmap scan report for ubuntu (192.168.0.28) Host is up (0.0000080s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 3306/tcp open mysql Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
Conclusão
Espero que você tenha gostado do Nmap, esse canivete suíço para os administradores de redes e de servidores Linux e para os desenvolvedores.O site oficial dele é: https://nmap.org/