在新版本nmap中,添加了scripts功能使用,其存储在nmap的安装目录的scripts中,例如 /usr/share/nmap/scripts,已含有将600+个写好的丰富脚本,本文主要讲解在添加nmap-vulners和vulscan脚本后,扫描过程中出现的’/usr/bin/../share/nmap/scripts/vulscan’ found, but will not match without ‘/’问题
使用vulscan扫描错误日志,分析得知缺少”/”
# nmap --script vulscan -sV 192.168.1.8 127 ⨯
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-18 23:11 EDT
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:821: directory '/usr/bin/../share/nmap/scripts/vulscan' found, but will not match without '/'
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:821: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1312: in main chunk
[C]: in ?
QUITTING!
查看官方使用方法:vim /usr/share/nmap/scripts/vulscan/vulscan.nse
vulscansshshishs
提示需要指定.nse的文件地址,才能使用
#nmap --script=vulscan/vulscan.nse -sV 192.168.238.129
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-18 23:28 EDT
#nmap --script=vulscan/vulscan.nse --script-args vulscandb=cve.csv -sV 192.168.238.129
.....
[CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
| [CVE-2004-0719] Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
| [CVE-2004-0571] Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
| [CVE-2004-0569] The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values.
| [CVE-2004-0568] HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
| [CVE-2004-0484] mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.
如果遇到这种错误,关键主要是没有找到对应nse脚本进行执行导致,其他nse脚本执行扫描使用用同样的方法,同时查看当前nse的操作手册。
vulners scan nse
map --script=nmap-vulners/vulners.nse -sV 192.168.238.129