+ !! ¼Ò°³(¿µ¾î) |
+ Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL. |
+ |
+ !! ¼Ò°³(ÇѱÛ) |
+ NMAPÀº port Scanning Åø·Î¼ È£½ºÆ®³ª ³×Æ®¿öÅ©¸¦ ½ºÄ³´× ÇÒ ¶§, ¾ÆÁÖ À¯¿ëÇÑ ½Ã½ºÅÛ º¸¾ÈÅøÀÎ µ¿½Ã¿¡, ÇØÄ¿¿¡°Ô´Â °·ÂÇÑ ÇØÅ·Åø·Î »ç¿ëµÉ ¼ö ÀÖ½À´Ï´Ù. |
+ |
+ ¼¹ö¸¦ ¿î¿µÇÏ´Ù º¸¸é °ü¸®ÀÚ ½º½º·Îµµ ¾î¶² Æ÷Æ®°¡ ¿·ÁÀÖ°í, ¶Ç ¾î¶² ¼ºñ½º°¡ Á¦°øÁßÀÎÁö Àß |
+ ¸ð¸¦¶§°¡ ÀÖ½À´Ï´Ù. ±â¾ï·ÂÀÌ ³ªºü¼³ª, °ÔÀ»·¯¼°¡ ¾Æ´Ï¶ó ÇÊ¿ä¿¡ ÀÇÇØ ÀÚÁÖ º¯°æµÇ¹Ç·Î ¼ö½Ã·Î |
+ ÆľÇÇؼ ±â·ÏÇصÎÁö ¾ÊÀ¸¸é Àؾî¹ö¸®°Ô µË´Ï´Ù. ¶Ç Å©·¡Å·¿¡ ÀÇÇØ »ý¼ºµÈ ¹éµµ¾î´Â ÆľÇÇϱⰡ |
+ ¾î·Æ½À´Ï´Ù. |
+ |
+ ¼ö ¸¹Àº Æ÷Æ®¿Í ¼ºñ½º¸¦ È¿°úÀûÀ¸·Î üũÇؼ °ü¸®Çϱâ À§Çؼ NMAP°ú °°Àº Æ÷Æ® ½ºÄµ ÅøÀÌ |
+ ÇÊ¿äÇÕ´Ï´Ù. |
+ NMAPÀº ±âÁ¸ÀÇ Æ÷Æ®½ºÄµÅø¿¡ ºñÇØ ´Ù¾çÇÑ ¿É¼Ç°ú ¹æȺ® ¾ÈÂÊÀÇ ³×Æ®¿÷µµ ½ºÄµÇÒ ¼ö ÀÖ´Â °·ÂÇÑ |
+ ±â´ÉÀÌ ÀÖ½À´Ï´Ù. |
+ |
+ |
+ !! ¼³Ä¡ ¹æ¹ý |
+ {{{ |
+ ./configure |
+ make |
+ su root |
+ make install |
+ }}} |
+ |
+ !! ¿É¼Ç |
+ {{{ |
+ -sT : TCP connection() scan: °¡Àå ±âº»ÀûÀÎ ÇüÅ Æ÷Æ®°¡ listenning»óŶó¸é connection() ±×·¸Áö ¾ÊÀ¸¸é rechable µÇÁö¾Ê´Â´Ù. |
+ |
+ -sS : TCP SYN scan : full Tcp Á¢¼ÓÀ» ÇÏÁö ¾ÊÀ¸¹Ç·Î "half-open" ½ºÄ³´×À̶ó ÇÑ´Ù. |
+ -sF : stealth FIN, xmax tree, null scan: À̵éÀº syn packetÀ» ¸·¾Æ³õÀº ¹æȺ®À̳ª ÆÐŶ |
+ -sX ÇÊÅÍ ¶Ç´Â synlogger¿Í courteny °°Àº ½ºÄµÀ» ŽÁöÇÏ´Â ÇÁ·Î±×·¥À» ¹«»çÈ÷ Åë°ú ÇÒ ¼ö |
+ -sN ÀÖ´Ù. open Æ÷Æ®·Î FIN ÆÐŶÀ» º¸³»¸é ÀÌ ÆÐŶÀ» ¹«½ÃÇÏ°í, closed port·Î º¸³»¸é RSTÆÐŶÀÌ ¿Â´Ù. ÀÌµé ½ºÄµÀº ÁÖ·Î À¯´Ð½º °è¿ OS¿¡¼¸¸ »ç¿ë °¡´ÉÇϸç, ·çÆ®ÄöÇÑÀÌ ÇÊ¿ä |
+ -sU : ÀÌ°ÍÀº È£½ºÆ®ÀÇ ¾î¶°ÇÑ UDPÆ÷Æ®°¡ ¿·ÁÀÖ´ÂÁö °áÁ¤ÇϱâÀ§ÇØ »ç¿ëÇÑ´Ù. ÀÌ ±â¼úÀº ½Ã |
+ ½ºÅÛÀÇ °¢ Æ÷Æ®¿¡ 0 ¹ÙÀÌÆ® UDP ÆÐŶÀ» º¸³½´Ù. ¸¸ÀÏ ICMP port unrechable¸Þ¼¼Áö¸¦ ¹Þ¾Ò´Ù¸é closeµÈ°Å´Ù. |
+ -sA : ACK scan : ÀÌ°ÍÀº ¹æȺ®ÀÇ rool setÀ» Á¤¹ÐÇÏ°Ô °èȹÇϱâ À§ÇØ »ç¿ëÇÑ´Ù. ƯÈ÷ ¹æȺ®ÀÌ statefulÇÑÁö ¾Æ´Ï¸é ´Ü¼øÈ÷ µé¾î¿À´Â synÆÐŶÀ» Â÷´ÜÇÏ´Â ÆÐŶÇÊÅÍÀÎÁö¸¦ Á¡°ËÇÏÇϴµ¥ µµ¿òÀÌ µÈ´Ù. Æ÷Æ®¿¡ ACK ÆÐŶÀ» º¸³»¾î RSTÀÀ´äÀ» ¹ÞÀ¸¸é ±× Æ÷Æ®´Â "unfilter"ÀÌ´Ù. nmapÀº "unfilterd', Æ÷Æ®´Â ÇÁ¸°Æ® ÇÏÁö ¾Ê´Â´Ù. |
+ -sW : window scan : TCP window Å©±âÀÇ º¯Ä¢ ¶§¹®¿¡ filtered/nonfiltered À̸ç, ¾Æ¹«·± ÀÀ´äÀÌ ¾øÀ¸¸é filteredÀÌ´Ù. |
+ -sR : RPC scan : ÀÌ°ÍÀº ¿·ÁÁ® ÀÖ´Â TCP/UDPÆ÷Æ®¿¡ ´ëÇØ ±×µéÀÌ RPCÆ÷Æ®ÀÎÁö, ¼ºñ½º¸¦ Á¦°øÇÏ´Â ÇÁ·Î±×·¥Àº ¹«¾ùÀ̸ç, ¹öÁ¯Àº ¹«¾ùÀÎÁö µîÀ» È®ÀÎÇϱâ À§ÇØ SunRPC program NULL, commandsÀ» °è¼Ó º¸³»°Ô µÈ´Ù. µû¶ó¼ È£½ºÆ® portmaper¹æȺ®(¶Ç´Â TCP wrapper)¾È¿¡ ÀÖ´Ù ÇÏ´õ¶ó°í 'rpcinfo -p'¿Í °°Àº Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ´Ù. |
+ -b : FTP bounce attack : À͸í ftp ¼¹ö¸¦ ÀÌ¿ëÇØ ±× FTP¼¹ö¸¦ °æÀ¯Çؼ È£½ºÆ®¸¦ ½ºÄµ . |
+ f : packetÀ» Á¶±×¸¸ÇÏ°Ô³ª´«¾î »ç¿ëÇ϶ó´Â °ÍÀ¸·Î ÇÊÅ͸µÀ» ÇÇÇϰųª ħÀÔŽÁö½Ã½ºÅÛÀ» ÇÇÇØ°¡±â À§ÇÑ °ÍÀÌ´Ù. |
+ -P0 : ¹æȺ®¿¡ ÀÇÇØ ICMP echo requests( or responses)À» ¸·¾Æ³õ´Â ³×Æ®¿öÅ© ½ºÄµÀ» °¡´ÉÇÏ°Ô ÇÑ´Ù. pingÀ» ¸·¾Æ³õÀº È£½ºÆ®¸¦ ½ºÄµÇÏ°¡¤Ó À§Çؼ´Â -P0, -PT80À» »ç¿ëÇÑ´Ù. |
+ -PT : ¾î´ÀÈ£½ºÆ®°¡ »ì¾Æ Àִ°¡¸¦ ¾Ë±â À§ÇØ TCP "ping"À» »ç¿ëÇÑ´Ù, ÀÌ°ÍÀº ICMP echo request ÆÐŶÀ» º¸³»°í ÀÀ´äÀ» ±â´Ù¸®´Â ´ë½Å¿¡, ³×Æ®¿öÅ©¿¡ TCP ACK¸¦ º¸³»¾î ÀÀ´äÀÌ ¿À±â¸¦ ±â´Ù¸°´Ù. ÀÌ ¿É¼ÇÀº ping ÆÐŶÀ» Â÷´ÜÇÏ´Â ³×Æ®¿öÅ©³ª È£½ºÆ®¸¦ ½ºÄµÇϴµ¿¾ÈÀº È£½ºÆ®°¡ »ì¾Æ ÀÖ´Â°Í°í °°´Ù. -PT¸¦ »ç¿ëÇϸç, default port 80 |
+ -PI : ÀÌ°ÍÀº »ì¾ÆÀִ ȣ½ºÆ®¸¦ ãÀ¸¸ç, ¶ÇÇÑ ³×Æ®¿öÅ© subnet-directed broadcast address ¸¦ ã´Â´Ù. À̵éÀº µé¾î¿À´Â IPÆÐŶÀ» ÄÄÇ»ÅÍÀÇ ¼ºê³ÝÀ¸·Î broadcast Çϱâ À§ÇÑ ipÁÖ¼Ò |
+ -PB : pingÀ» ±âº»ÇüÅ ACK(-PT)¿Í ICMP(-PI) ¸ðµÎ¸¦ »ç¿ëÇÑ´Ù. |
+ -O : TCP/IP fingerprintingÀ» ÅëÇÑ È£½ºÆ®¸¦ ÆľÇÇϴµ¥ »ç¿ëµÈ´Ù. |
+ -v : verbose mode: interactiveÇÑ »ç¿ë¿¡ ¸Å¿ì À¯¿ëÇÑ ¿É¼ÇÀÌ´Ù. |
+ -p : Á¢¼ÓÇÏ°íÀÚ ÇÏ´Â Æ÷Æ®¸¦ ÁöÁ¤ÇÏ´Â ¿É¼ÇÀÌ´Ù. -p 20-30,139,60000 -'Àº 20¿¡¼ 30»çÀÌÀÇ Æ÷Æ®¿Í 139¹ø Æ÷Æ®,60000¹ø ÀÌ»óÀÇ Æ÷Æ®¿¡ ´ëÇØ ½ºÄËÇÑ´Ù. |
+ -n/-R dns lookupÀ» ÇÏÁö ¾Ê´Â´Ù / dns lookupÀ» ÇÑ´Ù. |
+ -S : packet source ÁÖ¼Ò¸¦ ÁöÁ¤ÇÑ´Ù. |
+ -e : ³×Æ®¿öÅ©ÀÇ interfaceÀ» ÁöÁ¤ÇÑ´Ù. |
+ -g : packetÀÇ ¼Ò½º Æ÷Æ®¹øÈ£¸¦ ÁöÁ¤ÇÑ´Ù. |
+ -oN : ½ºÄµÇÑ °á°ú¸¦ logfile¿¡ ³²±ä´Ù. |
+ -D : scanÀ» ´çÇÏ´Â »óÅ ȣ½ºÆ®°¡ ¾îµð¿¡¼ ÁøÂ¥ scanÀ» Çß´ÂÁö ÆÇ´ÜÇϱâ Èûµé°Ô ¸¸µç´Ù. |
+ }}} |
+ |
+ !! °ü·Ãsite |
+ * Æ÷Æ® ½ºÄ³´× °¨½Ã ¹× OS Á¤º¸ ¼û±â±â http://coffeenix.net/board_view.php?cata_code=0&bd_code=111 |
+ * nmap 3.45ÀÇ »õ±â´É, ¹öÀü ½ºÄ³´× http://coffeenix.net/board_view.php?cata_code=0&bd_code=71 |
+ * nmap À» ÀÌ¿ëÇÑ ³×Æ®¿öÅ© ½ºÄ³´×°ú ¹æ¾îÇϱâ http://coffeenix.net/doc/linuxworld/00-05-2.htm |
+ * remote OS detection (¿µ¹®) http://coffeenix.net/doc/security/nmap-fingerprinting-article.html |
+ * ÁÖ¼Ò : http://www.insecure.org/nmap/ |
+ |