网络安全课程上老师提到了一个端口扫描工具nmap,就测试使用了一下扫描这台服务器。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
$ nmap -v -A 202.38.86.104

Starting Nmap 7.60 ( https://nmap.org ) at 2017-09-18 09:49 CST
NSE: Loaded 146 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 09:49
Completed NSE at 09:49, 0.00s elapsed
Initiating NSE at 09:49
Completed NSE at 09:49, 0.00s elapsed
Initiating Ping Scan at 09:49
Scanning 202.38.86.104 [2 ports]
Completed Ping Scan at 09:49, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 09:49
Completed Parallel DNS resolution of 1 host. at 09:49, 0.00s elapsed
Initiating Connect Scan at 09:49
Scanning 202.38.86.104 [1000 ports]
Discovered open port 80/tcp on 202.38.86.104
Discovered open port 21/tcp on 202.38.86.104
Discovered open port 10001/tcp on 202.38.86.104
Discovered open port 8093/tcp on 202.38.86.104
Completed Connect Scan at 09:49, 4.41s elapsed (1000 total ports)
Initiating Service scan at 09:49
Scanning 4 services on 202.38.86.104
Completed Service scan at 09:49, 6.02s elapsed (4 services on 1 host)
NSE: Script scanning 202.38.86.104.
Initiating NSE at 09:49
Completed NSE at 09:49, 3.31s elapsed
Initiating NSE at 09:49
Completed NSE at 09:49, 0.00s elapsed
Nmap scan report for 202.38.86.104
Host is up (0.00094s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
| ssl-cert: Subject: commonName=charles/organizationName=USTC/stateOrProvinceName=anhui/countryName=CN
| Issuer: commonName=charles/organizationName=USTC/stateOrProvinceName=anhui/countryName=CN
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2017-03-02T02:31:21
| Not valid after: 2037-02-25T02:31:21
| MD5: 580d 7b65 9461 4bb6 bb82 9218 88e6 040b
|_SHA-1: 2169 c5e2 7d43 5ca3 aaa7 67fa d7e5 827c 812c d8b0
80/tcp open http Apache httpd 2.4.27 ((Unix) PHP/7.1.9)
| http-methods:
| Supported Methods: GET POST OPTIONS HEAD TRACE
|_ Potentially risky methods: TRACE
|_http-server-header: Apache/2.4.27 (Unix) PHP/7.1.9
|_http-title: Welcome
5901/tcp closed vnc-1
8000/tcp closed http-alt
8093/tcp open http Tornado httpd 4.5.1
| http-methods:
|_ Supported Methods: GET POST
|_http-server-header: TornadoServer/4.5.1
| http-title: Jupyter Notebook
|_Requested resource was /login?next=%2Ftree%3F
8888/tcp closed sun-answerbook
10001/tcp open ssh OpenSSH 7.5 (protocol 2.0)
| ssh-hostkey:
| 2048 4b:bc:33:5c:1b:33:a3:25:3e:be:57:0f:90:1e:f8:7b (RSA)
| 256 ca:35:84:db:04:17:79:5e:4d:16:28:08:76:4d:b8:98 (ECDSA)
|_ 256 1a:2a:fc:a9:ec:c9:e1:ed:9d:17:d8:d7:81:a9:92:90 (EdDSA)
Service Info: OS: Unix

NSE: Script Post-scanning.
Initiating NSE at 09:49
Completed NSE at 09:49, 0.00s elapsed
Initiating NSE at 09:49
Completed NSE at 09:49, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.55 seconds

这个工具真的有点厉害。