介绍一下nmap与metasploit如何获取 http version信息, 默认情况下, nmap 的 -sV 可获取http version.
另外,再介绍两种办法:
root@gnu:~# nmap -p 80 -oX baidu.xml --script http-headers www.baidu.com Starting Nmap 6.40 ( http://nmap.org ) at 2014-07-27 23:49 EDT Nmap scan report for www.baidu.com (119.75.218.77) Host is up (0.0024s latency). Other addresses for www.baidu.com (not scanned): 119.75.217.56 PORT STATE SERVICE 80/tcp open http | http-headers: | Date: Mon, 28 Jul 2014 03:50:17 GMT | Content-Type: text/html; charset=utf-8 | Connection: Close | Vary: Accept-Encoding | Set-Cookie: BAIDUID=A788679A25D50EF8C63A146DFCA62764:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com | Set-Cookie: BDSVRTM=0; path=/ | P3P: CP=" OTI DSP COR IVA OUR IND COM " | Cache-Control: private | Cxy_all: baidu+33a8017ac1f22fa877d2f5c472a23e53 | Expires: Mon, 28 Jul 2014 03:49:49 GMT | X-Powered-By: HPHP | Server: BWS/1.1 | BDPAGETYPE: 1 | BDQID: 0xabd2cb1c00002718 | BDUSERID: 0 | |_ (Request type: HEAD) Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds Starting Nmap 6.40 ( http://nmap.org ) at 2014-07-27 23:49 EDT Nmap scan report for www.baidu.com (119.75.218.77) Host is up (0.0024s latency). Other addresses for www.baidu.com (not scanned): 119.75.217.56 PORT STATE SERVICE 80/tcp open http | http-headers: | Date: Mon, 28 Jul 2014 03:50:17 GMT | Content-Type: text/html; charset=utf-8 | Connection: Close | Vary: Accept-Encoding | Set-Cookie: BAIDUID=A788679A25D50EF8C63A146DFCA62764:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com | Set-Cookie: BDSVRTM=0; path=/ | P3P: CP=" OTI DSP COR IVA OUR IND COM " | Cache-Control: private | Cxy_all: baidu+33a8017ac1f22fa877d2f5c472a23e53 | Expires: Mon, 28 Jul 2014 03:49:49 GMT | X-Powered-By: HPHP | Server: BWS/1.1 | BDPAGETYPE: 1 | BDQID: 0xabd2cb1c00002718 | BDUSERID: 0 | |_ (Request type: HEAD) Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds
|
另外, metasploit 也自带相关扫描模块.
msf> use auxiliary/scanner/http/http_version msf auxiliary(http_version) > set RHOSTS xxx.xxx.xxx.0/24 RHOSTS => xxx.xxx.xxx.0/24 msf auxiliary(http_version) > set THREADS 10 THREADS => 10 msf auxiliary(http_version) > show options Module options (auxiliary/scanner/http/http_version): Name Current Setting Required Description ---- --------------- -------- ----------- Proxies no Use a proxy chain RHOSTS xxx.xxx.xxx.0/24 yes The target address range or CIDR identifier RPORT 80 yes The target port THREADS 10 yes The number of concurrent threads VHOST no HTTP server virtual host
|