大体可以分为两种方式:
1.调用nmap进行端口扫描
msfconsole
nmap -v -sV www.cstc.org.cn
扫描结果(端口开放情况以及目标服务操作系统相关操作信息)
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
80/tcp open http Apache Tomcat/Coyote JSP engine 1.1
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows 98 netbios-ssn
445/tcp filtered microsoft-ds
514/tcp filtered shell
1025/tcp open msrpc Microsoft Windows RPC
1026/tcp open msrpc Microsoft Windows RPC
1038/tcp open msrpc Microsoft Windows RPC
3306/tcp open mysql MySQL 5.0.27-community-nt
3389/tcp open ms-wbt-server Microsoft Terminal Service
4444/tcp filtered krb524
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
8090/tcp open http Microsoft IIS httpd 6.0
Service Info: OSs: Windows, Windows 98; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_98
2.调用MSF模块进行端口扫描
原文:http://www.cnblogs.com/yanhongjun/p/5472505.html