目录
-
2.1. nmap - Network exploration tool and security / port scanner
-
-
2.1.1. 端口扫描
2.1.2. HOST DISCOVERY
-
-
2.1.2.1. -sP: Ping Scan - go no further than determining if host is online
2.1.3. SCAN TECHNIQUES
-
-
2.1.3.1. -sU: UDP Scan 扫描
2.1.3.2. -b <FTP relay host>: FTP bounce scan
2.1.4. PORT SPECIFICATION AND SCAN ORDER
-
-
2.1.4.1. -p <port ranges>: Only scan specified ports
2.1.5. SCRIPT SCAN
-
-
2.1.5.1. ftp-anon
2.1.5.2. mysql-info
2.1.5.3. http
2.1.5.4. snmp
2.1.5.5. SSHv1
2.1.5.6. --script-updatedb 更新脚本
2.1.6. OS DETECTION
-
-
2.1.6.1. -O: Enable OS detection 操作系统探测
2.1.7. OUTPUT
-
-
2.1.7.1. --open: Only show open (or possibly open) ports 操作系统探测
2.1.8. MISC
-
-
2.1.8.1. -6: Enable IPv6 scanning
2.1.8.2. -A: Enables OS detection and Version detection, Script scanning and Traceroute
2.1.9. Nmap Scripting Engine (NSE)
2.2. tcpdump - A powerful tool for network monitoring and data acquisition
-
-
-
2.2.1. 监控网络适配器接口
2.2.2. 监控主机
2.2.3. 监控TCP端口
2.2.4. 监控协议
2.2.5. 输出到文件
2.2.6. src / dst
2.2.7. 保存结果
2.2.8. Cisco Discovery Protocol (CDP)
2.2.9. Flags
2.2.10. 案例
-
-
2.2.10.1. 监控80端口与icmp,arp
2.2.10.2. monitor mysql tcp package
2.2.10.3. HTTP 包
2.2.10.4. 显示SYN、FIN和ACK-only包
2.2.10.5. 嗅探 Oracle 错误
2.2.10.6. smtp
2.3. cdpr - Cisco Discovery Protocol Reporter
2.4. ncat - Concatenate and redirect sockets
-
-
-
2.4.1. TCP 数据传输
2.4.2. UDP 数据传输
2.4.3. 始终保持服务器开启
2.4.4. 传输视频流
2.5. ngrep - Network layer grep tool
-
-
2.5.1. 匹配关键字
2.5.2. 指定网络接口
2.6. Unicornscan,Zenmap,nast
2.7. netstat-nat - Show the natted connections on a linux iptable firewall
2.8. Tcpreplay
2.9. Wireshark
2.1. nmap - Network exploration tool and security / port scanner
$ nmap localhost Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-19 05:20 EST Interesting ports on localhost (127.0.0.1): Not shown: 1689 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 3306/tcp open mysql
2.1.1. 端口扫描
# nmap -Pn 192.168.4.13 Starting Nmap 6.40 ( http://nmap.org ) at 2016-11-04 15:41 CST Nmap scan report for gts2apidemo.cfddealer88.com (192.168.4.13) Host is up (0.0051s latency). Not shown: 999 filtered ports PORT STATE SERVICE 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 7.50 seconds
2.1.2. HOST DISCOVERY
2.1.2.1. -sP: Ping Scan - go no further than determining if host is online
扫描一个网段
$ nmap -v -sP 172.16.0.0/24 Starting Nmap 4.62 ( http://nmap.org ) at 2010-11-27 10:00 CST Initiating Ping Scan at 10:00 Scanning 256 hosts [1 port/host] Completed Ping Scan at 10:00, 0.80s elapsed (256 total hosts) Initiating Parallel DNS resolution of 256 hosts. at 10:00 Completed Parallel DNS resolution of 256 hosts. at 10:00, 2.77s elapsed Host 172.16.0.0 appears to be down. Host 172.16.0.1 appears to be up. Host 172.16.0.2 appears to be up. Host 172.16.0.3 appears to be down. Host 172.16.0.4 appears to be down. Host 172.16.0.5 appears to be up. Host 172.16.0.6 appears to be down. Host 172.16.0.7 appears to be down. Host 172.16.0.8 appears to be down. Host 172.16.0.9 appears to be up. ... ... Host 172.16.0.253 appears to be down. Host 172.16.0.254 appears to be down. Host 172.16.0.255 appears to be down. Read data files from: /usr/share/nmap Nmap done: 256 IP addresses (8 hosts up) scanned in 3.596 seconds
扫描正在使用的IP地址
$ nmap -v -sP 172.16.0.0/24 | grep up Host 172.16.0.1 appears to be up. Host 172.16.0.2 appears to be up. Host 172.16.0.5 appears to be up. Host 172.16.0.9 appears to be up. Host 172.16.0.19 appears to be up. Host 172.16.0.40 appears to be up. Host 172.16.0.188 appears to be up. Host 172.16.0.252 appears to be up. Nmap done: 256 IP addresses (8 hosts up) scanned in 6.574 seconds $ nmap -sn -oG - 172.16.1.0/24 | grep Up Host: 172.16.1.1 () Status: Up Host: 172.16.1.2 () Status: Up Host: 172.16.1.3 () Status: Up Host: 172.16.1.4 () Status: Up Host: 172.16.1.5 () Status: Up Host: 172.16.1.6 () Status: Up
扫描MAC地址
nmap -sP -PI -PT -oN ipandmaclist.txt 192.168.80.0/24
2.1.3. SCAN TECHNIQUES
2.1.3.1. -sU: UDP Scan 扫描
扫描DNS端口
$ sudo nmap -sU -p 53 xxx.xxx.xxx.xxxneo@deployment:~$ sudo nmap -sU -p 53 localhost Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-02 15:24 CST Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. Interesting ports on localhost (127.0.0.1): PORT STATE SERVICE 53/udp open|filtered domain Nmap done: 1 IP address (1 host up) scanned in 2.14 seconds neo@deployment:~$ sudo nmap -sU -p 1194 localhost Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-02 15:24 CST Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. Interesting ports on localhost (127.0.0.1): PORT STATE SERVICE 1194/udp closed unknown Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds neo@deployment:~$ sudo nmap -sU -v localhost Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-02 15:22 CST NSE: Loaded 0 scripts for scanning. Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1. Initiating UDP Scan at 15:22 Scanning localhost (127.0.0.1) [1000 ports] Completed UDP Scan at 15:22, 1.26s elapsed (1000 total ports) Host localhost (127.0.0.1) is up (0.000010s latency). Interesting ports on localhost (127.0.0.1): Not shown: 993 closed ports PORT STATE SERVICE 53/udp open|filtered domain 111/udp open|filtered rpcbind 123/udp open|filtered ntp 137/udp open|filtered netbios-ns 138/udp open|filtered netbios-dgm 1812/udp open|filtered radius 1813/udp open|filtered radacct Read data files from: /usr/share/nmap Nmap done: 1 IP address (1 host up) scanned in 1.33 seconds Raw packets sent: 1007 (28.196KB) | Rcvd: 993 (55.608KB)
2.1.3.2. -b <FTP relay host>: FTP bounce scan
2.1.4. PORT SPECIFICATION AND SCAN ORDER
2.1.4.1. -p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080
sudo nmap -sU -p 53 localhost
扫描DHCP服务器
sudo nmap -sU -p U:67,68 192.168.0.0/24 sudo nmap -sU -p U:67,68 192.168.0.0/24 > /tmp/dhcp.log
$ sudo nmap -sU -p161 192.168.0.0/24 > /tmp/snmp.log
2.1.5. SCRIPT SCAN
nmap script 使用lua编写,请先安装lua环境。
$ sudo apt-get install lua5.1 $ lua Lua 5.1.4 Copyright (C) 1994-2008 Lua.org, PUC-Rio > ^C
$ nmap --script "default and safe" localhost Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 16:23 CST Nmap scan report for localhost (127.0.0.1) Host is up (0.00023s latency). Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh | ssh-hostkey: 1024 a6:ab:76:a5:fb:80:4e:2c:bc:06:d4:85:ff:22:18:1a (DSA) |_2048 c7:da:16:7a:e7:01:cc:f0:d2:02:b4:17:52:c9:c2:50 (RSA) 80/tcp open http |_html-title: 500 Internal Server Error 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 3000/tcp open ppp 9000/tcp open cslistener Host script results: |_nbstat: NetBIOS name: NEO-OPTIPLEX-38, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> |_smbv2-enabled: Server doesn't support SMBv2 protocol | smb-os-discovery: | OS: Unix (Samba 3.5.11) | Name: WORKGROUP\Unknown |_ System time: 2012-02-02 16:23:08 UTC+8 Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds $ nmap --script=default 172.16.1.5 Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 16:25 CST Nmap scan report for 172.16.1.5 Host is up (0.024s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh | ssh-hostkey: 1024 c1:40:33:3b:be:4d:ef:52:40:a9:08:0a:e1:ae:d7:91 (DSA) |_2048 9d:db:c5:41:94:63:c7:51:d1:97:36:d3:87:ad:8f:a5 (RSA) 3306/tcp open mysql | mysql-info: Protocol: 10 | Version: 5.1.48-community-log | Thread ID: 6647320 | Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC, Transactions, Secure Connection | Status: Autocommit |_Salt: 0%eRHQ?'Fi_!%6|4+w9U 5666/tcp open nrpe Nmap done: 1 IP address (1 host up) scanned in 3.23 seconds
2.1.5.1. ftp-anon
$ nmap -p21 --script=ftp-anon 172.16.3.100 Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 16:51 CST NSE: Script Scanning completed. Nmap scan report for 172.16.3.100 Host is up (0.0066s latency). PORT STATE SERVICE 21/tcp open ftp |_ftp-anon: Anonymous FTP login allowed Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
2.1.5.2. mysql-info
$ nmap -p3306 --script=mysql-info 172.16.0.5 Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-02 16:58 CST Interesting ports on 172.16.0.5: PORT STATE SERVICE 3306/tcp open mysql | mysql-info: Protocol: 10 | Version: 5.1.48-community-log | Thread ID: 62837508 | Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC, Transactions, Secure Connection | Status: Autocommit |_ Salt: T{3(moe.R2C;?fgP:rQ| Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
2.1.5.3. http
http-date
$ nmap -p80 --script=http-date www.baidu.com Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 18:37 CST NSE: Script Scanning completed. Nmap scan report for www.baidu.com (220.181.111.147) Host is up (0.037s latency). PORT STATE SERVICE 80/tcp open http |_http-date: Thu, 02 Feb 2012 10:37:40 GMT; 0s from local time. Nmap done: 1 IP address (1 host up) scanned in 1.55 seconds
http-headers
$ nmap -p80 --script=http-headers www.baidu.com Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 18:38 CST NSE: Script Scanning completed. Nmap scan report for www.baidu.com (220.181.111.147) Host is up (0.036s latency). PORT STATE SERVICE 80/tcp open http | http-headers: | Date: Thu, 02 Feb 2012 10:38:15 GMT | Server: BWS/1.0 | Content-Length: 7677 | Content-Type: text/html;charset=gb2312 | Cache-Control: private | Expires: Thu, 02 Feb 2012 10:38:15 GMT | Set-Cookie: BAIDUID=0279AEA82B65E8B74C03D5B6AA92326C:FG=1; expires=Thu, 02-Feb-42 10:38:15 GMT; path=/; domain=.baidu.com | P3P: CP=" OTI DSP COR IVA OUR IND COM " | Connection: Close | |_ (Request type: HEAD) Nmap done: 1 IP address (1 host up) scanned in 1.54 seconds
$ nmap -p80 --script=http-date,http-headers,http-malware-host,http-trace,http-enum 192.168.3.5 Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 19:15 CST NSE: Script Scanning completed. Nmap scan report for 192.168.3.5 Host is up (0.0015s latency). PORT STATE SERVICE 80/tcp open http | http-headers: | Date: Thu, 02 Feb 2012 11:15:00 GMT | Server: Apache | Last-Modified: Mon, 29 Nov 2010 14:56:50 GMT | ETag: "7bcaa3-2c-496324828b080" | Accept-Ranges: bytes | Content-Length: 44 | Connection: close | Content-Type: text/html | |_ (Request type: HEAD) |_http-malware-host: Host appears to be clean |_http-date: Thu, 02 Feb 2012 11:15:00 GMT; 0s from local time. |_http-enum: Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
2.1.5.4. snmp
$ sudo nmap -sU -p161 --script=snmp-sysdescr 172.16.3.250 Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-02 19:20 CST Interesting ports on 172.16.3.250: PORT STATE SERVICE 161/udp open snmp | snmp-sysdescr: Cisco Adaptive Security Appliance Version 8.2(5) |_ System uptime: 84 days, 18:39:55.00 (732479500 timeticks) Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
2.1.5.5. SSHv1
$ sudo nmap -sT -p22 --script=sshv1 172.16.0.0/24 $ sudo nmap -sT -p22 --script=sshv1 172.16.3.0/24 --open | grep -B4 sshv1 Interesting ports on 172.16.3.250: PORT STATE SERVICE 22/tcp open ssh |_ sshv1: Server supports SSHv1 Interesting ports on 172.16.3.251: PORT STATE SERVICE 22/tcp open ssh |_ sshv1: Server supports SSHv1
$ nmap -sT -p22 172.16.0.0/24 --script=ssh-hostkey --script-args=ssh_hostkey=all > ssh.log $ nmap -sT -p22 172.16.0.5 --script=ssh-hostkey --script-args=ssh_hostkey=full Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 19:35 CST NSE: Script Scanning completed. Nmap scan report for 172.16.0.5 Host is up (0.0017s latency). PORT STATE SERVICE 22/tcp open ssh | ssh-hostkey: ssh-dss AAAAB3NzaC1kc3MAAACBANinhMHgAGFMhkYW0qmFTNsJKuim8P7vFfPV3+c9R0urqF42HwZrIbhEZhRlUDSGo0v5cFzufabQaQ58//L4UXYqKOHaiqSo4ju5CWquH6YY+SNhszJY4OSessioJJfjbLCXx73pfqX8akEV13jQujLhYD0Tuela0/c4iQW+ktnjAAAAFQDxCjX3PK+dAUKviG6xX2C6DstqUQAAAIBrEephaZhQJg3ctO3Y7OMAOu/uRKt9VpeChbptsh4DGXk6Lmet5hYJ1/UOzEAZd4dEO0uijy8iKYSZoAaZh2qGa9PynIWuD1ENt8feEMwRv5VV7zaNitmjYedmPO9rLAja1/49mxUq9XAeRYTOhWJlbwrc38sybTsCrDsdoxDqUwAAAIEAzV7w+dy0lzER0OHfy/E70So80V8/2Bo3AIwnACWGMTqKC2CrFm6VWDKA9P4x0bq+JBshpjtur/3H0sgAt+Zky3Z2EWpdf+9z1AqTy3l95J+xQhQTzD2lw+NqroInxEqJU0eip3YgdTqksQuDRCSy/hKJDLJOELkWbDLMlb1vXA8= |_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlgJcaT8/F0Ah+Jq9PifhQ3Bvfh4Nl5/WWiyoF0yIhhKlNnO04Vnbi8Qb39BDVRKaqIrfhgbG3vxfyF3TeSEOoAiXXyCns6Ivl7HUEHVsjHOVu7nwwMqo94CaM1+pUgJtXmbmTWyfWGCm8kGD2xNaxs10uxIcuukBN7jlN2TGyEmOD8QkA+1Dx7XGBjpMZT+DQwmEo72V2taAo3a0UOz9ivAakZ/kysP+PN+Kz106iT3BWMkvQScyt96HAwbq8Z0tO531mz90UGVBS1KqNMtNsLHsXYJnQ3obXUTwo8KvtEvJ1UHDs6QdEP55PiBTVvCS+CbEwZZ9O1yGNfznBWmp4Q== Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds $ nmap -sT -p22 172.16.0.5 --script=ssh-hostkey --script-args=ssh_hostkey=all Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 19:35 CST NSE: Script Scanning completed. Nmap scan report for 172.16.0.5 Host is up (0.0014s latency). PORT STATE SERVICE 22/tcp open ssh | ssh-hostkey: 1024 26:89:a4:1d:f1:28:3c:36:88:ea:49:6d:1b:df:de:70 (DSA) | 1024 xumep-dynut-poheh-cenys-dyfyz-tubap-lupoz-fofyd-figuf-timaz-byxox (DSA) | +--[ DSA 1024]----+ | | . | | |.o + | | |o * + . | | |...B o . | | |...+o o S | | |o o + .o | | | o . . o E | | | . + | | | . . | | +-----------------+ | ssh-dss AAAAB3NzaC1kc3MAAACBANinhMHgAGFMhkYW0qmFTNsJKuim8P7vFfPV3+c9R0urqF42HwZrIbhEZhRlUDSGo0v5cFzufabQaQ58//L4UXYqKOHaiqSo4ju5CWquH6YY+SNhszJY4OSessioJJfjbLCXx73pfqX8akEV13jQujLhYD0Tuela0/c4iQW+ktnjAAAAFQDxCjX3PK+dAUKviG6xX2C6DstqUQAAAIBrEephaZhQJg3ctO3Y7OMAOu/uRKt9VpeChbptsh4DGXk6Lmet5hYJ1/UOzEAZd4dEO0uijy8iKYSZoAaZh2qGa9PynIWuD1ENt8feEMwRv5VV7zaNitmjYedmPO9rLAja1/49mxUq9XAeRYTOhWJlbwrc38sybTsCrDsdoxDqUwAAAIEAzV7w+dy0lzER0OHfy/E70So80V8/2Bo3AIwnACWGMTqKC2CrFm6VWDKA9P4x0bq+JBshpjtur/3H0sgAt+Zky3Z2EWpdf+9z1AqTy3l95J+xQhQTzD2lw+NqroInxEqJU0eip3YgdTqksQuDRCSy/hKJDLJOELkWbDLMlb1vXA8= | 2048 98:fb:db:e0:a3:99:18:04:cb:8c:42:25:f0:f5:b3:5a (RSA) | 2048 xogok-vykec-zacyg-ruzup-baral-kotyv-latoz-hygyz-hysis-zadun-hyxix (RSA) | +--[ RSA 2048]----+ | |o. .. | | | .o. . | | | .o o | | |.+ o = | | |o + . E S | | |. . o . | | | o . . | | | o =.o | | | . +.+o. | | +-----------------+ |_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAlgJcaT8/F0Ah+Jq9PifhQ3Bvfh4Nl5/WWiyoF0yIhhKlNnO04Vnbi8Qb39BDVRKaqIrfhgbG3vxfyF3TeSEOoAiXXyCns6Ivl7HUEHVsjHOVu7nwwMqo94CaM1+pUgJtXmbmTWyfWGCm8kGD2xNaxs10uxIcuukBN7jlN2TGyEmOD8QkA+1Dx7XGBjpMZT+DQwmEo72V2taAo3a0UOz9ivAakZ/kysP+PN+Kz106iT3BWMkvQScyt96HAwbq8Z0tO531mz90UGVBS1KqNMtNsLHsXYJnQ3obXUTwo8KvtEvJ1UHDs6QdEP55PiBTVvCS+CbEwZZ9O1yGNfznBWmp4Q== Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds $ nmap -sT -p22 172.16.0.5 --script=ssh-hostkey --script-args=ssh_hostkey='visual bubble' Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 19:36 CST NSE: Script Scanning completed. Nmap scan report for 172.16.0.5 Host is up (0.0017s latency). PORT STATE SERVICE 22/tcp open ssh | ssh-hostkey: 1024 xumep-dynut-poheh-cenys-dyfyz-tubap-lupoz-fofyd-figuf-timaz-byxox (DSA) | +--[ DSA 1024]----+ | | . | | |.o + | | |o * + . | | |...B o . | | |...+o o S | | |o o + .o | | | o . . o E | | | . + | | | . . | | +-----------------+ | 2048 xogok-vykec-zacyg-ruzup-baral-kotyv-latoz-hygyz-hysis-zadun-hyxix (RSA) | +--[ RSA 2048]----+ | |o. .. | | | .o. . | | | .o o | | |.+ o = | | |o + . E S | | |. . o . | | | o . . | | | o =.o | | | . +.+o. | |_+-----------------+ Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
2.1.5.6. --script-updatedb 更新脚本
$ sudo nmap --script-updatedb Starting Nmap 5.00 ( http://nmap.org ) at 2012-02-02 16:34 CST NSE: Updating rule database. NSE script database updated successfully. Nmap done: 0 IP addresses (0 hosts up) scanned in 0.12 seconds
2.1.6. OS DETECTION
2.1.6.1. -O: Enable OS detection 操作系统探测
nmap -O -v scanme.nmap.org
2.1.7. OUTPUT
2.1.7.1. --open: Only show open (or possibly open) ports 操作系统探测
nmap -O -v scanme.nmap.org
2.1.8. MISC
2.1.8.1. -6: Enable IPv6 scanning
2.1.8.2. -A: Enables OS detection and Version detection, Script scanning and Traceroute
$ nmap -A -T4 localhost Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-02 14:54 CST Nmap scan report for localhost (127.0.0.1) Host is up (0.00025s latency). Not shown: 993 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.8p1 Debian 7ubuntu1 (protocol 2.0) | ssh-hostkey: 1024 a6:ab:76:a5:fb:80:4e:2c:bc:06:d4:85:ff:22:18:1a (DSA) |_2048 c7:da:16:7a:e7:01:cc:f0:d2:02:b4:17:52:c9:c2:50 (RSA) 80/tcp open http nginx 1.0.5 |_html-title: 500 Internal Server Error 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 631/tcp open ipp CUPS 1.4 3000/tcp open ntop-http Ntop web interface 4.0.3 9000/tcp open tcpwrapped Service Info: OS: Linux Host script results: |_nbstat: NetBIOS name: NEO-OPTIPLEX-38, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> |_smbv2-enabled: Server doesn't support SMBv2 protocol | smb-os-discovery: | OS: Unix (Samba 3.5.11) | Name: WORKGROUP\Unknown |_ System time: 2012-02-02 14:54:19 UTC+8 Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.24 seconds
2.1.9. Nmap Scripting Engine (NSE)
http://nmap.org/nsedoc/
预置脚本
$ ls /usr/share/nmap/scripts asn-query.nse http-malware-host.nse smb-enum-groups.nse auth-owners.nse http-open-proxy.nse smb-enum-processes.nse auth-spoof.nse http-passwd.nse smb-enum-sessions.nse banner.nse http-trace.nse smb-enum-shares.nse citrix-brute-xml.nse http-userdir-enum.nse smb-enum-users.nse citrix-enum-apps.nse iax2-version.nse smb-os-discovery.nse citrix-enum-apps-xml.nse imap-capabilities.nse smb-psexec.nse citrix-enum-servers.nse irc-info.nse smb-security-mode.nse citrix-enum-servers-xml.nse ms-sql-info.nse smb-server-stats.nse daytime.nse mysql-info.nse smb-system-info.nse db2-info.nse nbstat.nse smbv2-enabled.nse dhcp-discover.nse nfs-showmount.nse smtp-commands.nse dns-random-srcport.nse ntp-info.nse smtp-open-relay.nse dns-random-txid.nse oracle-sid-brute.nse smtp-strangeport.nse dns-recursion.nse p2p-conficker.nse sniffer-detect.nse dns-zone-transfer.nse pjl-ready-message.nse snmp-brute.nse finger.nse pop3-brute.nse snmp-sysdescr.nse ftp-anon.nse pop3-capabilities.nse socks-open-proxy.nse ftp-bounce.nse pptp-version.nse sql-injection.nse ftp-brute.nse realvnc-auth-bypass.nse ssh-hostkey.nse html-title.nse robots.txt.nse sshv1.nse http-auth.nse rpcinfo.nse ssl-cert.nse http-date.nse script.db sslv2.nse http-enum.nse skypev2-version.nse telnet-brute.nse http-favicon.nse smb-brute.nse upnp-info.nse http-headers.nse smb-check-vulns.nse whois.nse http-iis-webdav-vuln.nse smb-enum-domains.nse x11-access.nse
使用所有脚本进行扫描
nmap --script all localhost
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。