- 記事一覧/
nmapを使った高速ポートスキャン
nmap
ポートスキャン
ネットワーク
セキュリティ
⚠️
目次
nmapを使った高速ポートスキャンを行うコマンドの紹介です。
注意点 #
- 管理者権限が必要になります。
- 速度重視のため、スキャン漏れが発生する可能性もあります。
- スキャン対象やネットワークに大きな負荷が掛かります。
- IDS/IPSなどのセキュリティ機器に検知される可能性が高いです。
コマンド #
IPv4の場合
$ sudo nmap -Pn --stats-every 2s -T5 -sS -sU --min-rate 10000 -p 0-65535 <ホスト>
IPv6の場合
$ sudo nmap -Pn --stats-every 2s -T5 -sS -sU --min-rate 10000 -p 0-65535 -6 <ホスト>
オプションの説明
-Pn: Ping等でホストの状況確認を行わない--stats-every 2s: 2秒ごとにスキャン統計を表示-T5: 速度重視のスキャン設定-sS: 速度重視のTCPスキャン設定(TCPをスキャンする場合のみ指定)-sU: UDPスキャン設定(UDPをスキャンする場合のみ指定)--min-rate 10000: スキャン速度(大きいほど高速)-p 0-65535: ポートスキャンの範囲を指定-6: IPv6を使用
実行例 #
$ sudo nmap -Pn --stats-every 2s -T5 -sS -sU --min-rate 10000 -p 0-65535 192.168.1.1
Starting Nmap 7.95 ( https://nmap.org ) at 2024-12-30 00:00 JST
Warning: 192.168.1.1 giving up on port because retransmission cap hit (2).
Stats: 0:00:02 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 17.59% done; ETC: 17:04 (0:00:09 remaining)
Stats: 0:00:04 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 34.19% done; ETC: 17:04 (0:00:08 remaining)
Stats: 0:00:06 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 52.29% done; ETC: 17:04 (0:00:05 remaining)
Stats: 0:00:08 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 67.44% done; ETC: 17:04 (0:00:04 remaining)
Stats: 0:00:11 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 94.09% done; ETC: 17:04 (0:00:01 remaining)
Stats: 0:00:12 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 99.99% done; ETC: 17:04 (0:00:00 remaining)
Stats: 0:00:14 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 99.99% done; ETC: 17:04 (0:00:00 remaining)
Stats: 0:00:16 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 12.35% done; ETC: 17:05 (0:00:14 remaining)
Stats: 0:00:18 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 18.44% done; ETC: 17:05 (0:00:18 remaining)
Stats: 0:00:20 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 28.57% done; ETC: 17:05 (0:00:15 remaining)
Stats: 0:00:22 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 38.70% done; ETC: 17:05 (0:00:13 remaining)
Stats: 0:00:24 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 48.90% done; ETC: 17:05 (0:00:10 remaining)
Stats: 0:00:26 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 59.01% done; ETC: 17:05 (0:00:08 remaining)
Stats: 0:00:28 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 69.21% done; ETC: 17:05 (0:00:06 remaining)
Stats: 0:00:31 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 84.35% done; ETC: 17:05 (0:00:03 remaining)
Stats: 0:00:32 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 89.49% done; ETC: 17:05 (0:00:02 remaining)
Stats: 0:00:34 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 99.74% done; ETC: 17:05 (0:00:00 remaining)
Nmap scan report for ntt.setup (192.168.1.1)
Host is up (0.088s latency).
Not shown: 65510 open|filtered udp ports (no-response), 48068 closed tcp ports (reset), 25 closed udp ports (port-unreach), 17461 filtered tcp ports (no-response)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
53/udp open domain
MAC Address: xx:xx:xx:xx:xx:xx (Company)
Nmap done: 1 IP address (1 host up) scanned in 34.27 seconds
以下より、53番(TCP/UDP)と80番(UDP)が開いていることが分かります。
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
53/udp open domain