防火墙识别
目的:
通过发送的扫描数据包,不引起防火墙的告警,同时还能根据他的回包识别出防火墙上过滤了那些端口。这些过滤的端口就不是在防火墙上开放的端口。
1.scapy+脚本
对防火墙进行识别的脚本fw_detect.py:
脚本好像存在问题
#!/usr/bin/python
import sys
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
if len(sys.argv) != 3:
print "Usage - ./Fw_detect.py [Target-IP] [Target Port]"
print "Example - ./Fw_detect.py 10.0.0.5 433"
print "Example will determine if filtering exists on port 443 of host 10.0.0.5"
sys.exit()
ip = sys.argv[1]
port = int(sys.argv[2])
ACK_reponse = sr1(IP(dst=ip)/TCP(dport=port,flags="A"),timeout=1,verbose=0)
SYN_reponse = sr1(IP(dst=ip)/TCP(dport=port,flags="S"),timeout=1,verbose=0)
if(ACK_reponse == None) and (SYN_response == None):
print "Port is either unstatefully filtered or host is down"
elif((ACK_response == None) or (SYN_response == None)) and not ((ACK_reponse == None) and (SYN_reponse == None)):
print "Stateful filtering in place" #这两句写的有问题
elif int(SYN_reponse[TCP].flags) == 18:
print "Port is unfiltered and open"
elif int(SYN_reponse[TCP].flags) == 20:
print "Port is unfiltered and closed"
else:
print "Unable to determine if the port is filtered"
2.nmap
nmap -sA 192.168.1.132 -p 22
#-sA:发送TCP的ACK包进行探测