从文件读取端口的nmap

Question

我发现了这个问题，并尝试了给出的解决办法(接受)。

nmap可以从文件中获取要扫描的端口列表吗？

然而，它并没有像预期的那样起作用。

$ cat ports.list
21
22
23
25
$ 

nmap没有扫描文件中的端口，而是假设这些端口是主机的一部分。见下面的输出。

$ nmap 127.0.0.1 -vvv -p `cat ports.list`
Starting Nmap
Initiating Ping Scan at 10:50
Scanning 4 hosts [2 ports/host]
Completed Ping Scan at 10:50, 1.22s elapsed (4 total hosts)
Nmap scan report for 22 (0.0.0.22) [host down, received no-response]
Nmap scan report for 23 (0.0.0.23) [host down, received no-response]
Nmap scan report for 25 (0.0.0.25) [host down, received no-response]
Initiating Connect Scan at 10:50
Scanning localhost (127.0.0.1) [1 port]
Completed Connect Scan at 10:50, 0.00s elapsed (1 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up, received conn-refused (0.000059s latency).
Scanned for 1s

PORT   STATE  SERVICE REASON
21/tcp closed ftp     conn-refused

Read data files from: /usr/bin/../share/nmap
Nmap done: 4 IP addresses (1 host up) scanned in 1.28 seconds

$

是否可以从文件中获取要扫描的端口列表？

Answer 1

尝试没有空格的单行端口规范，如下所示：

$ cat ports.list
21-23,25
$ 

这如预期的那样运作：

$ nmap -p `cat ports.list` host.example.com

Starting Nmap 7.60 ( https://nmap.org ) at 2021-03-25 15:07 UTC
Nmap scan report for host.example.com (192.168.1.17)
Host is up (0.00089s latency).

PORT   STATE  SERVICE
21/tcp closed ftp
22/tcp open   ssh
23/tcp closed telnet
25/tcp open   smtp

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
$

请注意，在您引用的答案中，他使用“tr”将一行一行转换为以逗号分隔的单行。