本节书摘来自异步社区《Nmap渗透测试指南》一书中的第6章6.8节目标主机随机排序,作者 商广明,更多章节内容可以访问云栖社区“异步社区”公众号查看。
6.8 目标主机随机排序
表6.8所示为本章节所需Nmap命令表,表中加粗命令为本小节所需命令——目标主机随机排序。
使用--randomize-hosts选项就可以对目标主机的顺序进行随机的排序,最多可达8096个主机。单方面使用这个选项对防火墙/IDS逃逸的效果不大,如果配合时间选项则会有很好的效果。
root@Wing:~# nmap --randomize-hosts 192.168.126.1-200
Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-12 15:05 CST
Nmap scan report for 192.168.126.2
Host is up (0.00028s latency).
All 1000 scanned ports on 192.168.126.2 are closed
MAC Address: 00:50:56:F1:06:20 (VMware)
Nmap scan report for 192.168.126.1
Host is up (0.00039s latency).
All 1000 scanned ports on 192.168.126.1 are filtered
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.126.131
Host is up (0.00031s latency).
Not shown: 977 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec
513/tcp open login
514/tcp open shell
1099/tcp open rmiregistry
1524/tcp open ingreslock
2049/tcp open nfs
2121/tcp open ccproxy-ftp
3306/tcp open mysql
5432/tcp open postgresql
5900/tcp open vnc
6000/tcp open X11
6667/tcp open irc
8009/tcp open ajp13
8180/tcp open unknown
MAC Address: 00:0C:29:E0:2E:76 (VMware)
Nmap scan report for 192.168.126.130
Host is up (0.0000040s latency).
All 1000 scanned ports on 192.168.126.130 are closed
Nmap done: 200 IP addresses (4 hosts up) scanned in 5.46 seconds
root@Wing:~#