O Nmap, também conhecido como Network Mapper, é uma ferramenta de código aberto muito versátil para administradores de sistemas/redes Linux. O Nmap é utilizado para explorar redes, realizar varreduras de segurança, auditoria de rede e encontrar portas abertas em máquinas remotas. Ele faz varreduras de hosts ativos, sistemas operacionais, filtros de pacotes e portas abertas em execução em hosts remotos.
I’ll be covering most of NMAP usage in two different parts and this is the first part of nmap serious. Here in this setup, I have used two servers without firewall to test the working of the Nmap command.
- 192.168.0.100 – server1.tecmint.com
- 192.168.0.101 – server2.tecmint.com
Uso do comando Nmap
# nmap [Scan Type(s)] [Options] {target specification}
Como instalar o NMAP no Linux
A maioria das distribuições Linux de hoje, como Red Hat, CentOS, Fedora, Debian e Ubuntu, inclui o Nmap em seus repositórios padrão de gerenciamento de pacotes chamados Yum e APT. Ambas as ferramentas são usadas para instalar e gerenciar pacotes de software e atualizações. Para instalar o Nmap em uma distribuição específica, use o seguinte comando.
# yum install nmap [on Red Hat based systems] $ sudo apt-get install nmap [on Debian based systems]
Depois de instalar a versão mais recente do aplicativo nmap, você pode seguir as instruções de exemplo fornecidas neste artigo.
1. Escanear um sistema com nome de host e endereço IP
O ferramenta Nmap oferece vários métodos para scanner um sistema. Neste exemplo, eu estou realizando um scanner usando o hostname como server2.tecmint.com para descobrir todas as portas abertas, serviços e endereço MAC no sistema.
Scanner usando Hostname
[root@server1 ~]# nmap server2.tecmint.com Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:42 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.415 seconds You have new mail in /var/spool/mail/root
Scanner usando Endereço IP
[root@server1 ~]# nmap 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:04 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 958/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.465 seconds You have new mail in /var/spool/mail/root
2. Scanner usando a opção “-v”
Você pode ver que o comando abaixo com a opção “-v” está fornecendo informações mais detalhadas sobre a máquina remota.
[root@server1 ~]# nmap -v server2.tecmint.com
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 15:43 EST
Initiating ARP Ping Scan against 192.168.0.101 [1 port] at 15:43
The ARP Ping Scan took 0.01s to scan 1 total hosts.
Initiating SYN Stealth Scan against server2.tecmint.com (192.168.0.101) [1680 ports] at 15:43
Discovered open port 22/tcp on 192.168.0.101
Discovered open port 80/tcp on 192.168.0.101
Discovered open port 8888/tcp on 192.168.0.101
Discovered open port 111/tcp on 192.168.0.101
Discovered open port 3306/tcp on 192.168.0.101
Discovered open port 957/tcp on 192.168.0.101
The SYN Stealth Scan took 0.30s to scan 1680 total ports.
Host server2.tecmint.com (192.168.0.101) appears to be up ... good.
Interesting ports on server2.tecmint.com (192.168.0.101):
Not shown: 1674 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
957/tcp open unknown
3306/tcp open mysql
8888/tcp open sun-answerbook
MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems)
Nmap finished: 1 IP address (1 host up) scanned in 0.485 seconds
Raw packets sent: 1681 (73.962KB) | Rcvd: 1681 (77.322KB)
Scanner de Múltiplos Hosts
Você pode scanner múltiplos hosts simplesmente escrevendo seus endereços IP ou nomes de host com o Nmap.
[root@server1 ~]# nmap 192.168.0.101 192.168.0.102 192.168.0.103 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:06 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 3 IP addresses (1 host up) scanned in 0.580 seconds
4. Scan de uma Sub-rede inteira
Você pode scanner uma sub-rede inteira ou faixa de IP com o Nmap fornecendo * comando com ela.
[root@server1 ~]# nmap 192.168.0.* Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:11 EST Interesting ports on server1.tecmint.com (192.168.0.100): Not shown: 1677 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 851/tcp open unknown Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.550 seconds You have new mail in /var/spool/mail/root
No output acima, você pode ver que o nmap scanner uma sub-rede inteira e fornecer informações sobre esses hosts que estão Up na Network.
5. Scan de Múltiplos Servidores usando o último octeto do IP
Você pode executar scans em múltiplos endereços IP especificando simplesmente o último octeto do IP. Por exemplo, aqui eu estou executando um scanner em endereços IP 192.168.0.101, 192.168.0.102 e 192.168.0.103.
[root@server1 ~]# nmap 192.168.0.101,102,103 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 3 IP addresses (1 host up) scanned in 0.552 seconds You have new mail in /var/spool/mail/root
6. Scan de Lista de Hosts de um Arquivo
Se você tiver muitos hosts para scanner e todos os detalhes dos hosts estão escritos em um arquivo, você pode simplesmente pedir para o nmap ler esse arquivo e executar o scanner. Vamos ver como fazer isso.
Crie um arquivo de texto chamado “nmaptest.txt” e defina todos os endereços IP ou nomes de host do servidor que você quer fazer o scanner.
[root@server1 ~]# cat > nmaptest.txt localhost server2.tecmint.com 192.168.0.101
Em seguida, execute o seguinte comando com a opção “iL” com o comando nmap para escanear todos os endereços IP listados no arquivo.
[root@server1 ~]# nmap -iL nmaptest.txt Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:58 EST Interesting ports on localhost.localdomain (127.0.0.1): Not shown: 1675 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 631/tcp open ipp 857/tcp open unknown Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 958/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 958/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 3 IP addresses (3 hosts up) scanned in 2.047 seconds
7. Escanear um Intervalo de Endereços IP
Você pode especificar um intervalo de IP ao realizar um escaneamento com o Nmap.
[root@server1 ~]# nmap 192.168.0.101-110 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:09 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 10 IP addresses (1 host up) scanned in 0.542 seconds
8. Escanear Rede Excluindo Hosts Remotos
Você pode excluir alguns hosts ao realizar um escaneamento de rede completo ou ao escanear com curingas com a opção “–exclude“.
[root@server1 ~]# nmap 192.168.0.* --exclude 192.168.0.100 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:16 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 255 IP addresses (1 host up) scanned in 5.313 seconds You have new mail in /var/spool/mail/root
9. Escanear Informações de SO e Traceroute
Com o Nmap, você pode detectar qual SO e versão estão sendo executados no host remoto. Para habilitar a detecção de SO e versão, escaneamento de script e traceroute, podemos usar a opção “-A” com o NMAP.
[root@server1 ~]# nmap -A 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:25 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 80/tcp open http Apache httpd 2.2.3 ((CentOS)) 111/tcp open rpcbind 2 (rpc #100000) 957/tcp open status 1 (rpc #100024) 3306/tcp open mysql MySQL (unauthorized) 8888/tcp open http lighttpd 1.4.32 MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52814B66%O=22%C=1%M=080027) TSeq(Class=TR%IPID=Z%TS=1000HZ) T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Uptime 0.169 days (since Mon Nov 11 12:22:15 2013) Nmap finished: 1 IP address (1 host up) scanned in 22.271 seconds You have new mail in /var/spool/mail/root
No resultado acima, você pode ver que o nmap identificou a impressão digital TCP/IP do SO em execução nos hosts remotos e ser mais específico sobre a porta e serviços em execução nos hosts remotos.
10. Habilitar Detecção de SO com Nmap
Use a opção “-O” e “-osscan-guess” também ajuda a descobrir informações do SO.
[root@server1 ~]# nmap -O server2.tecmint.com Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:40 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=4.11%P=i686-redhat-linux-gnu%D=11/11%Tm=52815CF4%O=22%C=1%M=080027) TSeq(Class=TR%IPID=Z%TS=1000HZ) T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=Option -O and -osscan-guess also helps to discover OS R%Ops=) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) Uptime 0.221 days (since Mon Nov 11 12:22:16 2013) Nmap finished: 1 IP address (1 host up) scanned in 11.064 seconds You have new mail in /var/spool/mail/root
11. Escanear um Host para Detectar Firewall
O comando abaixo irá realizar um escaneamento em um host remoto para detectar se filtros de pacotes ou Firewall estão sendo usados pelo host.
[root@server1 ~]# nmap -sA 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:27 EST All 1680 scanned ports on server2.tecmint.com (192.168.0.101) are UNfiltered MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.382 seconds You have new mail in /var/spool/mail/root
12. Escanear um Host para verificar se está protegido por Firewall
Para escanear um host se ele está protegido por algum software de filtragem de pacotes ou Firewalls.
[root@server1 ~]# nmap -PN 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:30 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.399 seconds
13. Descobrir Hosts Ativos em uma Rede
Com a ajuda da opção “-sP” podemos simplesmente verificar quais hosts estão ativos e online na Rede, com esta opção o nmap pula a detecção de portas e outras coisas.
[root@server1 ~]# nmap -sP 192.168.0.* Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 11:01 EST Host server1.tecmint.com (192.168.0.100) appears to be up. Host server2.tecmint.com (192.168.0.101) appears to be up. MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 256 IP addresses (2 hosts up) scanned in 5.109 seconds
14. Realize uma Verificação Rápida
Você pode realizar uma verificação rápida com a opção “-F” para escanear as portas listadas nos arquivos de serviços do nmap e deixar todas as outras portas.
[root@server1 ~]# nmap -F 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:47 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1234 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.322 seconds
15. Encontre a Versão do Nmap
Você pode descobrir a versão do Nmap que está sendo executada em sua máquina com a opção “-V”.
[root@server1 ~]# nmap -V Nmap version 4.11 ( http://www.insecure.org/nmap/ ) You have new mail in /var/spool/mail/root
16. Escaneie Portas Consecutivamente
Use a flag “-r” para não randomizar.
[root@server1 ~]# nmap -r 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 16:52 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.363 seconds
17. Imprima Interfaces de Host e Rotas
Você pode encontrar informações de interface de host e rota com o nmap usando a opção “–iflist”.
[root@server1 ~]# nmap --iflist Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:07 EST ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MAC lo (lo) 127.0.0.1/8 loopback up eth0 (eth0) 192.168.0.100/24 ethernet up 08:00:27:11:C7:89 **************************ROUTES************************** DST/MASK DEV GATEWAY 192.168.0.0/0 eth0 169.254.0.0/0 eth0
No resultado acima, você pode ver que o nmap está listando as interfaces conectadas ao seu sistema e suas respectivas rotas.
18. Escaneie uma Porta Específica
Há várias opções para descobrir portas em uma máquina remota com o Nmap. Você pode especificar a porta que deseja que o nmap escaneie com a opção “-p”, por padrão o nmap escaneia apenas portas TCP.
[root@server1 ~]# nmap -p 80 server2.tecmint.com Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:12 EST Interesting ports on server2.tecmint.com (192.168.0.101): PORT STATE SERVICE 80/tcp open http MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) sca
19. Escaneie uma Porta TCP
Você também pode especificar tipos e números de porta específicos com o nmap para escanear.
[root@server1 ~]# nmap -p T:8888,80 server2.tecmint.com Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST Interesting ports on server2.tecmint.com (192.168.0.101): PORT STATE SERVICE 80/tcp open http 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds
20. Escaneie uma Porta UDP
[root@server1 ~]# nmap -sU 53 server2.tecmint.com Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:15 EST Interesting ports on server2.tecmint.com (192.168.0.101): PORT STATE SERVICE 53/udp open http 8888/udp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.157 seconds
21. Escaneie Múltiplas Portas
Você também pode escanear múltiplas portas usando a opção “-p”.
[root@server1 ~]# nmap -p 80,443 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-18 10:56 EST Interesting ports on server2.tecmint.com (192.168.0.101): PORT STATE SERVICE 80/tcp open http 443/tcp closed https MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.190 seconds
22. Escaneie Portas por Faixa de Rede
Você pode escanear portas com intervalos usando expressões.
[root@server1 ~]# nmap -p 80-160 192.168.0.101
23. Encontrar Números de Versão de Serviços de Host
Nós podemos descobrir as versões de serviços que estão em execução em hosts remotos usando a opção “-sV“.
[root@server1 ~]# nmap -sV 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:48 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 80/tcp open http Apache httpd 2.2.3 ((CentOS)) 111/tcp open rpcbind 2 (rpc #100000) 957/tcp open status 1 (rpc #100024) 3306/tcp open mysql MySQL (unauthorized) 8888/tcp open http lighttpd 1.4.32 MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 12.624 seconds
24. Scan de hosts remotos usando TCP ACK (PA) e TCP Syn (PS)
Em alguns casos, firewalls de filtragem de pacotes bloqueiam pedidos de ping padrão ICMP, nesse caso, nós podemos usar métodos TCP ACK e TCP Syn para scanear hosts remotos.
[root@server1 ~]# nmap -PS 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 17:51 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.360 seconds You have new mail in /var/spool/mail/root
25. Scan de host remoto para portas específicas com TCP ACK
[root@server1 ~]# nmap -PA -p 22,80 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:02 EST Interesting ports on server2.tecmint.com (192.168.0.101): PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.166 seconds You have new mail in /var/spool/mail/root
26. Scan de host remoto para portas específicas com TCP Syn
[root@server1 ~]# nmap -PS -p 22,80 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:08 EST Interesting ports on server2.tecmint.com (192.168.0.101): PORT STATE SERVICE 22/tcp open ssh 80/tcp open http MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.165 seconds You have new mail in /var/spool/mail/root
27. Realizar um Scan Oculto
[root@server1 ~]# nmap -sS 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:10 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.383 seconds You have new mail in /var/spool/mail/root
28. Verificar as portas mais comumente usadas com TCP Syn
[root@server1 ~]# nmap -sT 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 18:12 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 957/tcp open unknown 3306/tcp open mysql 8888/tcp open sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 0.406 seconds You have new mail in /var/spool/mail/root
29. Realizar um Scan TCP Nulo para enganar um firewall
[root@server1 ~]# nmap -sN 192.168.0.101 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-11-11 19:01 EST Interesting ports on server2.tecmint.com (192.168.0.101): Not shown: 1674 closed ports PORT STATE SERVICE 22/tcp open|filtered ssh 80/tcp open|filtered http 111/tcp open|filtered rpcbind 957/tcp open|filtered unknown 3306/tcp open|filtered mysql 8888/tcp open|filtered sun-answerbook MAC Address: 08:00:27:D9:8E:D7 (Cadmus Computer Systems) Nmap finished: 1 IP address (1 host up) scanned in 1.584 seconds You have new mail in /var/spool/mail/root
É assim que termina o NMAP por agora, eu vai apresentar mais opções criativas do NMAP na segunda parte desta série. Até lá, fique ligado conosco e não esqueça de compartilhar seus comentários valiosos.