假设你很好奇或正在做端口强化,你会很好奇那些最常见的端口是什么。缺少打开文件和排序,是否有显示这些端口的命令?另一种可能满足需求的方法是显示所有扫描端口的命令,无论状态如何(关闭/过滤/等)
我做的作业:在这个网站上做了一些谷歌搜索。快速阅读 nmap 文档。尝试扫描端口,它似乎在 29/30 左右开始分组(未显示:991 个关闭的端口) 。找到下面的页面(没有足够的代表来发布链接)似乎逃避了 gettoppts/getpts 的函数(可能在 nmap 源中),然后建议使用数据库 sorted_services(可能是 nmap 目录中的文件)
www.bamsoftware.com/wiki/Nmap/TopPortsReview
除了按照 SilverlightFox 的建议nmap-services对文件进行排序之外,您还可以从 Nmap 获取此信息:
$ ./nmap --top-ports 1000 本地主机 -v -oG - # Nmap 6.47SVN 扫描在 2015 年 1 月 7 日星期三 18:04:53 启动为:./nmap --top-ports 1000 -v -oG - localhost # 扫描的端口:TCP(1000;1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85, 88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011, 1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166, 1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296, 1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862- 1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068, 2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323, 2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725, 2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128, 3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527, 3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550, 4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221- 5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718, 5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963, 5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666- 6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402, 7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600, 8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111, 9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968, 9998-10004,10024-10025,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265, 12345,13456,13783,14000,14238,144441-14442,150,150,15742,150,1560,15742,160-1560,15742,160-1560,15742,160-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988, 1804019801980 ,18019801980198019801980889888888888889888888598888888598588885 27352-27353,27355-27356,27715,28201,30000,3071885,32768-338985,33354,338985,425,4458,415,425,44457,40193,409292,40193,40918,415,44442-44476,411,42501,4441,41511,4251,44446,44442-4441,41511,42510,44466,44442-44446,44442-444176,44442-444176,44442-44446,44442-44443,444501,45100,44080,49152-49161, 49163,49165,49167,49400,49999-50003,5085,50636,50800,5103,5203,50800,5103,5203,50800,51,5286,520555,5286,52055,52828,52055-5286,52055555,5203,50800,5103,5203,50800,51,52828,52055555,5203,50800,5103,51493,50800,51,52856,52055555,5203,50800,5103,51493,52055555,5203,50800,5103,5146,520555,52056,5205555, 55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389) UDP(0;) SCTP(0;) 协议(0;)) 协议(0;)) 协议(0;) 主机:127.0.0.1(本地主机)状态:Up 主机:127.0.0.1 (localhost) 端口:22/open/tcp//ssh///, 25/open/tcp//smtp///, 80/open/tcp//http///, 1080/open/ tcp//socks///, 5432/open/tcp//postgresql/// 忽略状态:关闭(995) # Nmap 在 2015 年 1 月 7 日星期三 18:04:53 完成 -- 在 0.10 秒内扫描了 1 个 IP 地址(1 个主机启动)
使用-oG -(greppable output to stdout) 和-v(verbose) 选项,您可以获得 Nmap 扫描的所有端口的完整列表(参见输出的第二行,以 开头# Ports scanned:)。不幸的是,您还需要同时进行端口扫描,所以我曾经localhost扫描我自己的机器(通常比任何网络扫描都要快得多)。这对于更复杂的情况也很有用,例如nmap -sSU --port-ratio .2(3 个 TCP 和 10 个 UDP 端口)。
编辑:根据下面的评论,看起来您可能只想要一个完整的、详细的输出所有端口及其扫描的每个主机的状态。您可以使用-d3或更高的调试级别来获得它。
编辑 2:最近发现localhost在这个命令中是不必要的。您可以在不指定任何目标的情况下运行完全相同的命令,这将失败并显示警告但仍会产生“扫描的端口”输出行:./nmap --top-ports 1000 -v -oG -
sort -r -k3 /usr/share/nmap/nmap-services 应该给你你需要的。
这将按. 对nmap-services文件进行排序open-frequency。
http 80/tcp 0.484143 # World Wide Web HTTP
ipp 631/udp 0.450281 # Internet Printing Protocol
snmp 161/udp 0.433467 # Simple Net Mgmt Proto
netbios-ns 137/udp 0.365163 # NETBIOS Name Service
ntp 123/udp 0.330879 # Network Time Protocol
netbios-dgm 138/udp 0.297830 # NETBIOS Datagram Service
ms-sql-m 1434/udp 0.293184 # Microsoft-SQL-Monitor
microsoft-ds 445/udp 0.253118
msrpc 135/udp 0.244452 # Microsoft RPC services
dhcps 67/udp 0.228010 # DHCP/Bootstrap Protocol Server
telnet 23/tcp 0.221265
domain 53/udp 0.213496 # Domain Name Server
https 443/tcp 0.208669 # secure http (SSL)
ftp 21/tcp 0.197667 # File Transfer [Control]
netbios-ssn 139/udp 0.193726 # NETBIOS Session Service
ssh 22/tcp 0.182286 # Secure Shell Login
...
最简单的方法是:
nmap -oX - --top-ports 1000 x
这会将 XML 输出打印到包含确切端口的终端。您也不需要指定真实的主机列表。
我更喜欢awk '$2~/tcp$/' /usr/share/nmap/nmap-services | sort -r -k3 | head -n 100,因为我将 TCP 与 UDP 分开扫描。
例如,
nmap --script banner -iL block --min-rate 10 --min-parallelism 20 --defeat-rst-ratelimit -n -Pn -g 88 -p-
nmap -iL block --min-rate 450 --min-parallelism 20 -n -Pn -sUV --version-all -g 53 -p-
我会用-p-您要测试的特定端口替换。
为了验证其他特征,特别是对于找到的 TCP 端口,我可能会尝试下一次:
nmap --script qscan -iL block -v -O --osscan-guess --max-os-tries 1 -n -Pn -sV -p-
nmap --script firewalk --traceroute -iL block -n -Pn -p-
nmap --script firewalk --traceroute -iL block -n -Pn -p- --data-length 100
nmap --script firewall-bypass -iL block -n -Pn -p-
同样,替换-p-为更具体的端口,然后使用 bnat-suite(搜索 msfconsole 以获取 bnat 或查看其 GitHub 页面)、fragroute、osstmm-afd、0trace 等,以对防火墙/IPS 进行完整分析。
--reason 将显示 TCP 或 UDP 的所有状态。
你可以用 nmap 或其他方式做更多的事情,但我将这个对话保留在第 4 层,这可能是也可能不是过于简单化。