Mac OSX って、ncは、あるんだね。。nmapは、ない。。
nmapも、欲しいので、入れる。
macportsを使って、いれました。
MBA-0020:~ guutara$ sudo port -d selfupdate Password: Sorry, try again. Password: Sorry, try again. Password: Warning: port definitions are more than two weeks old, consider using selfupdate ---> Updating the ports tree DEBUG: Synchronizing ports tree(s) Synchronizing local ports tree from rsync://rsync.macports.org/release/ports/ DEBUG: /usr/bin/rsync -rtzv --delete-after '--exclude=/PortIndex*' rsync://rsync.macports.org/release/ports/ /opt/local/var/macports/sources/rsync.macports.org/release/ports receiving file list ... done ./ . . . sent 31139 bytes received 967984 bytes 95154.57 bytes/sec total size is 28620433 speedup is 28.65 DEBUG: /usr/bin/rsync -rtzv --delete-after rsync://rsync.macports.org/release/ports/PortIndex_darwin_10_i386/PortIndex /opt/local/var/macports/sources/rsync.macports.org/release/ports receiving file list ... done PortIndex sent 12724 bytes received 207065 bytes 62796.86 bytes/sec total size is 4472069 speedup is 20.35 Creating port index in /opt/local/var/macports/sources/rsync.macports.org/release/ports Total number of ports parsed: 0 Ports successfully parsed: 0 Ports failed: 0 Up-to-date ports skipped: 8001 DEBUG: MacPorts sources location: /opt/local/var/macports/sources/rsync.macports.org/release/base ---> Updating MacPorts base sources using rsync receiving file list ... done sent 36 bytes received 6858 bytes 4596.00 bytes/sec total size is 2889184 speedup is 419.09 MacPorts base version 1.9.2 installed, DEBUG: Rebuilding and reinstalling MacPorts if needed MacPorts base version 1.9.2 downloaded. ---> MacPorts base is already the latest version DEBUG: Setting MacPorts sources ownership to root The ports tree has been updated. To upgrade your installed ports, you should run port upgrade outdated MBA-0020:~ guutara$ sudo port -d sync Password: DEBUG: Synchronizing ports tree(s) Synchronizing local ports tree from rsync://rsync.macports.org/release/ports/ DEBUG: /usr/bin/rsync -rtzv --delete-after '--exclude=/PortIndex*' rsync://rsync.macports.org/release/ports/ /opt/local/var/macports/sources/rsync.macports.org/release/ports receiving file list ... done ./ sent 59 bytes received 520652 bytes 148774.57 bytes/sec total size is 28620433 speedup is 54.96 Creating port index in /opt/local/var/macports/sources/rsync.macports.org/release/ports Total number of ports parsed: 0 Ports successfully parsed: 0 Ports failed: 0 Up-to-date ports skipped: 8001 MBA-0020:~ guutara$ port install nmap Error: Insufficient privileges to write to MacPorts install prefix. MBA-0020:~ guutara$ sudo port install nmap ---> Computing dependencies for nmap ---> Dependencies to be installed: libpcap openssl zlib pcre bzip2 readline ncurses ncursesw ---> Fetching libpcap ---> Attempting to fetch libpcap-1.1.1.tar.gz from http://distfiles.macports.org/libpcap ---> Verifying checksum(s) for libpcap ---> Extracting libpcap ---> Applying patches to libpcap ---> Configuring libpcap ---> Building libpcap ---> Staging libpcap into destroot ---> Installing libpcap @1.1.1_0 ---> Activating libpcap @1.1.1_0 ---> Cleaning libpcap ---> Fetching zlib ---> Attempting to fetch zlib-1.2.5.tar.bz2 from http://distfiles.macports.org/zlib ---> Verifying checksum(s) for zlib ---> Extracting zlib ---> Applying patches to zlib ---> Configuring zlib ---> Building zlib ---> Staging zlib into destroot ---> Installing zlib @1.2.5_0 ---> Activating zlib @1.2.5_0 ---> Cleaning zlib ---> Fetching openssl ---> Attempting to fetch openssl-1.0.0d.tar.gz from http://distfiles.macports.org/openssl ---> Verifying checksum(s) for openssl ---> Extracting openssl ---> Applying patches to openssl ---> Configuring openssl ---> Building openssl ---> Staging openssl into destroot ---> Installing openssl @1.0.0d_0 ---> Activating openssl @1.0.0d_0 ---> Cleaning openssl ---> Fetching bzip2 ---> Attempting to fetch bzip2-1.0.6.tar.gz from http://distfiles.macports.org/bzip2 ---> Verifying checksum(s) for bzip2 ---> Extracting bzip2 ---> Applying patches to bzip2 ---> Configuring bzip2 ---> Building bzip2 ---> Staging bzip2 into destroot ---> Installing bzip2 @1.0.6_0 ---> Activating bzip2 @1.0.6_0 ---> Cleaning bzip2 ---> Fetching ncursesw ---> Verifying checksum(s) for ncursesw ---> Extracting ncursesw ---> Configuring ncursesw ---> Building ncursesw ---> Staging ncursesw into destroot ---> Installing ncursesw @5.8_0 ---> Activating ncursesw @5.8_0 ---> Cleaning ncursesw ---> Fetching ncurses ---> Attempting to fetch ncurses-5.9.tar.gz from ftp://ftp.dti.ad.jp/pub/GNU/ncurses ---> Attempting to fetch ncurses-5.9.tar.gz from http://mirror.facebook.net/gnu/gnu/ncurses ---> Attempting to fetch ncurses-5.9.tar.gz from http://mirrors.kernel.org/gnu/ncurses ---> Verifying checksum(s) for ncurses ---> Extracting ncurses ---> Applying patches to ncurses ---> Configuring ncurses ---> Building ncurses ---> Staging ncurses into destroot ---> Installing ncurses @5.9_0 ---> Activating ncurses @5.9_0 ---> Cleaning ncurses ---> Fetching readline ---> Attempting to fetch readline-6.2.tar.gz from ftp://ftp.dti.ad.jp/pub/GNU/readline ---> Attempting to fetch readline-6.2.tar.gz from http://distfiles.macports.org/readline ---> Verifying checksum(s) for readline ---> Extracting readline ---> Applying patches to readline ---> Configuring readline ---> Building readline ---> Staging readline into destroot ---> Installing readline @6.2.000_0 ---> Activating readline @6.2.000_0 ---> Cleaning readline ---> Fetching pcre ---> Attempting to fetch pcre-8.12.tar.bz2 from http://jaist.dl.sourceforge.net/pcre ---> Verifying checksum(s) for pcre ---> Extracting pcre ---> Configuring pcre ---> Building pcre ---> Staging pcre into destroot ---> Installing pcre @8.12_0 ---> Activating pcre @8.12_0 ---> Cleaning pcre ---> Fetching nmap ---> Attempting to fetch nmap-5.51.tar.bz2 from http://download.insecure.org/nmap/dist/ ---> Verifying checksum(s) for nmap ---> Extracting nmap ---> Configuring nmap ---> Building nmap ---> Staging nmap into destroot ---> Installing nmap @5.51_0 ---> Activating nmap @5.51_0 ---> Cleaning nmap MBA-0020:~ guutara$ nmap Nmap 5.51 ( http://nmap.org ) Usage: nmap [Scan Type(s)] [Options] {target specification} TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc. Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254 -iL <inputfilename>: Input from list of hosts/networks -iR <num hosts>: Choose random targets --exclude <host1[,host2][,host3],...>: Exclude hosts/networks --excludefile <exclude_file>: Exclude list from file HOST DISCOVERY: -sL: List Scan - simply list targets to scan -sn: Ping Scan - disable port scan -Pn: Treat all hosts as online -- skip host discovery -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes -PO[protocol list]: IP Protocol Ping -n/-R: Never do DNS resolution/Always resolve [default: sometimes] --dns-servers <serv1[,serv2],...>: Specify custom DNS servers --system-dns: Use OS's DNS resolver --traceroute: Trace hop path to each host SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sU: UDP Scan -sN/sF/sX: TCP Null, FIN, and Xmas scans --scanflags <flags>: Customize TCP scan flags -sI <zombie host[:probeport]>: Idle scan -sY/sZ: SCTP INIT/COOKIE-ECHO scans -sO: IP protocol scan -b <FTP relay host>: FTP bounce scan PORT SPECIFICATION AND SCAN ORDER: -p <port ranges>: Only scan specified ports Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9 -F: Fast mode - Scan fewer ports than the default scan -r: Scan ports consecutively - don't randomize --top-ports <number>: Scan <number> most common ports --port-ratio <ratio>: Scan ports more common than <ratio> SERVICE/VERSION DETECTION: -sV: Probe open ports to determine service/version info --version-intensity <level>: Set from 0 (light) to 9 (try all probes) --version-light: Limit to most likely probes (intensity 2) --version-all: Try every single probe (intensity 9) --version-trace: Show detailed version scan activity (for debugging) SCRIPT SCAN: -sC: equivalent to --script=default --script=<Lua scripts>: <Lua scripts> is a comma separated list of directories, script-files or script-categories --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts --script-trace: Show all data sent and received --script-updatedb: Update the script database. OS DETECTION: -O: Enable OS detection --osscan-limit: Limit OS detection to promising targets --osscan-guess: Guess OS more aggressively TIMING AND PERFORMANCE: Options which take <time> are in seconds, or append 'ms' (milliseconds), 's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m). -T<0-5>: Set timing template (higher is faster) --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes --min-parallelism/max-parallelism <numprobes>: Probe parallelization --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies probe round trip time. --max-retries <tries>: Caps number of port scan probe retransmissions. --host-timeout <time>: Give up on target after this long --scan-delay/--max-scan-delay <time>: Adjust delay between probes --min-rate <number>: Send packets no slower than <number> per second --max-rate <number>: Send packets no faster than <number> per second FIREWALL/IDS EVASION AND SPOOFING: -f; --mtu <val>: fragment packets (optionally w/given MTU) -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys -S <IP_Address>: Spoof source address -e <iface>: Use specified interface -g/--source-port <portnum>: Use given port number --data-length <num>: Append random data to sent packets --ip-options <options>: Send packets with specified ip options --ttl <val>: Set IP time-to-live field --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address --badsum: Send packets with a bogus TCP/UDP/SCTP checksum OUTPUT: -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3, and Grepable format, respectively, to the given filename. -oA <basename>: Output in the three major formats at once -v: Increase verbosity level (use -vv or more for greater effect) -d: Increase debugging level (use -dd or more for greater effect) --reason: Display the reason a port is in a particular state --open: Only show open (or possibly open) ports --packet-trace: Show all packets sent and received --iflist: Print host interfaces and routes (for debugging) --log-errors: Log errors/warnings to the normal-format output file --append-output: Append to rather than clobber specified output files --resume <filename>: Resume an aborted scan --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML --webxml: Reference stylesheet from Nmap.Org for more portable XML --no-stylesheet: Prevent associating of XSL stylesheet w/XML output MISC: -6: Enable IPv6 scanning -A: Enable OS detection, version detection, script scanning, and traceroute --datadir <dirname>: Specify custom Nmap data file location --send-eth/--send-ip: Send using raw ethernet frames or IP packets --privileged: Assume that the user is fully privileged --unprivileged: Assume the user lacks raw socket privileges -V: Print version number -h: Print this help summary page. EXAMPLES: nmap -v -A scanme.nmap.org nmap -v -sn 192.168.0.0/16 10.0.0.0/8 nmap -v -iR 10000 -Pn -p 80 SEE THE MAN PAGE (http://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
使ってみる。
MBA-0020:~ guutara$ nmap -sT 10.29.254.3 Starting Nmap 5.51 ( http://nmap.org ) at 2011-05-16 14:40 JST Nmap scan report for 10.29.254.3 Host is up (0.030s latency). Not shown: 992 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 800/tcp open mdbs_daemon 3306/tcp open mysql 5666/tcp open nrpe 8080/tcp open http-proxy 8649/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds
うし!。