nmap – ChaBug安全 / 一个分享知识、结识伙伴、资源共享的博客 Wed, 23 May 2018 07:57:43 +0000 zh-CN hourly 1 https://wordpress.org/?v=5.5.5 Nmap使用及常用命令解析 /tools/419.html Wed, 23 May 2018 07:54:47 +0000 /?p=242

Nmap (“Network Mapper(网络映射器)”) 是一款开放源代码的 网络探测和安全审核的工具。它的设计目标是快速地扫描大型网络,当然用它扫描单个 主机也没有问题。Nmap以新颖的方式使用原始IP报文来发现网络上有哪些主机,那些 主机提供什么服务(应用程序名和版本),那些服务运行在什么操作系统(包括版本信息), 它们使用什么类型的报文过滤器/防火墙,以及一堆其它功能。虽然Nmap通常用于安全审核, 许多系统管理员和网络管理员也用它来做一些日常的工作,比如查看整个网络的信息, 管理服务升级计划,以及监视主机和服务的运行。

1. 参数

option note
-sS TCP SYN 扫描 (又称半开放,或隐身扫描)
-P0 允许你关闭 ICMP pings.
-sV 打开系统版本检测
-O 尝试识别远程操作系统
-A 同时打开操作系统指纹和版本检测
-v 详细输出扫描情况.

2. 常用命令

nmap -PN -n -F -T4 -sV -A -oG temp.txt <target>
amap -i temp.txt
探测 cmd
获取远程主机的系统类型及开放端口 nmap -sS -P0 -sV -O <target>
获取远程主机的系统类型及开放端口 nmap -sS -P0 -A -v <target>
检查特定端口是否开放 nmap -p <port> <target> nmap -p <port1>,<port2> <target>

3. Chapter 1 ~::~ Nmap Fundamentals

3.0.1. Listing open ports on a remote host

nmap hiren.com

3.0.2. Version detection

nmap -sV hiren.me

3.0.3. Aggressive detection

nmap -sC -sV -O <target>

3.0.4. Finding live hosts

nmap -sP 192.168.1.1/24
  • Port list: 
    nmap -p80,443 localhost
  • Port range: 
    nmap -p1-100 localhost
  • All ports: 
    nmap -p- localhost
  • Specific ports by protocols: 
    nmap -pT:25,U:53 <target>
  • Service name: 
    nmap -p smtp <target>
  • Service name wildcards: 
    nmap -p smtp* <target>

Only ports registered in Nmap services:

nmap -p[1-65535] <target>

3.0.5. Scan using script

nmap --script <script name> <host>

3.0.6. Scanning using a specified network interface

nmap -e <INTERFACE> scanme.nmap.org

Chapter 2 ~::~ Network Exploration

3.0.7. Discovering hosts with TCP SYN ping scans

nmap -sP -PS 192.168.1.1/24

3.0.8. Discovering hosts with TCP ACK ping scans

nmap -sP -PA <target>

3.0.9. Discovering hosts with UDP ping scans

nmap -sP -PU <target>

3.0.10. Discovering hosts with ICMP ping scans

nmap -sP -PE hiren.net

3.0.11. Discovering hosts with IP protocol ping scans

nmap -sP -PO <target>

3.0.12. Discovering hosts with ARP ping scans

Effective for LAN network

nmap -sP -PR 192.168.1.1/24

3.0.13. MAC address spoofing

Change your motherfking MAC adrs ~

nmap -sP -PR --spoof-mac 5C:4C:A9:F2:DC:7C

3.0.14. Hiding our traffic with additional random data

Generate Random Data

nmap -sS -PS --data-length 300 scanme.nmap.org

3.0.15. Forcing DNS resolution

Force DNS resulation even if host is offline 🙁

nmap -sS -PS -F -R XX.XXX.XXX.220-230

4. Chapter 3 ~::~ Gathering Additional Host Information

4.0.1. Getting information from WHOIS records

nmap --script whois <target>

4.0.2. Collecting valid e-mail accounts

The script http-google-email is not included in Nmap’s official repository. So you need to download it from http://seclists.org/nmap-dev/2011/q3/att-401/ http-google-email.nse and copy it to your local scripts directory. After copying http-google-email.nse , you should update the script database with:

nmap --script-updatedb

then

nmap -p80 --script http-google-email,http-email-harvest <target>

4.0.3. Discovering hostnames pointing to the same IP address

https://secwiki.org/w/Nmap/ External_Script_Library .

nmap --script-updatedb
nmap -p80 --script hostmap nmap.org

4.0.4. Brute forcing DNS records

nmap --script dns-brute <target>

4.0.5. Fingerprinting the operating system of a host

nmap -O <target>

4.0.6. Discovering UDP services

nmap -sU -p- <target>

4.0.7. Listing protocols supported by a remote host

nmap -sO <target>

4.0.8. Discovering stateful firewalls by using a TCP ACK scan

nmap -sA <target>
Port states
]]> win10 bash安装sqlmap nmap msf /tools/337.html Thu, 25 Jan 2018 15:25:21 +0000 /?p=39 前言

刚放假回来,电脑上的东西乱七八糟的,就直接重装了系统。
而后学习python3.6,但是作为一名合格的白帽子,电脑上没有sqlmap合适吗?于是便想装一个sqlmap,但是sqlmap需要的是python2.7的环境,这就很尴尬了。我可不想在电脑上装py3和py2共存,因为会有很多共存的问题。我总不能为了这个再去装虚拟机吧。于是便有了我的bash for win10。

bash安装

首先,win10要激活,然后在开始设置更新和安全针对开发人员开发人员模式。如图:
image

其次,控制面板程序启用和关闭Windows功能 勾选适用于Linux的Windows子系统
image

然后会要求你重启,重启一下。

重启之后打开Windows应用商店,搜索bash,然后会出现下图:
image
选择Ubuntu安装即可。然后打开Ubuntu会让你设置用户名和密码,需牢记。

换源及更新

首先需要切换到root权限。

sudo su

如图:image
然后备份原来的源文件

cd /etc/apt/

然后会显示下面的源文件sources.list
输入命令
cp sources.list sources.list.bak
就是将sources.list备份到sources.list.bak

然后vim sources.list
把下面的内容粘贴到源文件里保存。

    deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse
    deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse
    deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse
    deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
    ##测试版源
    deb http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse
    # 源码
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted universe multiverse
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
    ##测试版源
    deb-src http://mirrors.aliyun.com/ubuntu/ xenial-proposed main restricted universe multiverse
    # Canonical 合作伙伴和附加
    deb http://archive.canonical.com/ubuntu/ xenial partner
    deb http://extras.ubuntu.com/ubuntu/ xenial main

更新源和软件

   sudo apt-get update 更新源
   sudo apt-get upgrade 更新软件

安装sqlmap

首先先安装python2.7
apt-get install python
然后安装sqlmap
apt-get install sqlmap
上图image

安装nmap

apt-get install nmap
image

安装msf

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

image

]]>