1. 개요
네트워크를 스캔하는 툴이다.
2. 사용법
2.1. 기본적인 사용법
기본적인 스캔할 때는 -sC 와 -sV 를 써준다. -sC 까지는 해줘야 Domain Information 이 나와서 Windows 침투할 때 편함.
┌──(root㉿kali)-[/home/kali/labs/sauna]
└─# nmap -sC -sV 10.129.33.94
Starting Nmap 7.95 ( https://nmap.org ) at 2025-12-11 21:32 +04
Nmap scan report for 10.129.33.94
Host is up (0.19s latency).
Not shown: 987 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
53/tcp open domain Simple DNS Plus
80/tcp open http Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
| http-methods:
|_ Potentially risky methods: TRACE
|_http-title: Egotistical Bank :: Home
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-12-12 00:33:15Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: EGOTISTICAL-BANK.LOCAL0., Site: Default-First-Site-Name)
445/tcp open microsoft-ds?
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: EGOTISTICAL-BANK.LOCAL0., Site: Default-First-Site-Name)
3269/tcp open tcpwrapped
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
Service Info: Host: SAUNA; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled and required
| smb2-time:
| date: 2025-12-12T00:33:27
|_ start_date: N/A
|_clock-skew: 7h00m00s
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 78.87 seconds
2.2. 저장
-oA 를 이용하면 지원하는 파일 형식 모두를 저장할 수 있다.
$ nmap 1.1.1.1 -oA result