转载:https://www.ddosi.org/nmap-host-discovery/
排版:释然IT杂谈
本文介绍如何增强默认的 Nmap 主机发现阶段,以包括对默认 80/tcp 和 443/tcp 以外的端口的 SYN 和 ACK 探测。这些技术可以帮助安全评估专业人员最大限度地增加在网络渗透测试期间识别的实时系统的数量。
$ grep '/tcp' /usr/share/nmap/nmap-services | awk '{print $3" "$2}' | sort -nr | head -100 | awk '{print $2}' | awk -F/ '{print $1}' | sed 's/$/,/' | xargs | sed 's/, /,/g' | sed 's/,$//'让我们像MC Hammer一样制作并分解它!
$ grep '/tcp' /usr/share/nmap/nmap-services"https 443/tcp 0.208669 # secure http (SSL)"
awk '{print $3" "$2}'只打印开放的频率和 TCP 端口,例如
"0.208669 443/tcp"
sort -nr执行反向数字排序,以便首先出现最高的开放频率……
head -100awk '{print $2}'awk -F/ '{print $1}'仅打印端口号(例如“443”)
sed 's/$/,/'在每个端口号的末尾附加一个逗号(例如“443”)
xargs丢弃换行符并在一行上打印所有端口号
sed 's/, /,/g'sed 's/,$//'丢弃尾随的逗号…
运行此命令会产生以下输出:
$ grep '/tcp' /usr/share/nmap/nmap-services | awk '{print $3" "$2}' | sort -nr | head -100 | awk '{print $2}' | awk -F/ '{print $1}' | sed 's/$/,/' | xargs | sed 's/, /,/g' | sed 's/,$//'
80,23,443,21,22,25,3389,110,445,139,
143,53,135,3306,8080,1723,111,995,
993,5900,1025,587,8888,199,1720,465,
548,113,81,6001,10000,514,5060,179,
1026,2000,8443,8000,32768,554,26,1433,
49152,2001,515,8008,49154,1027,5666,646,
5000,5631,631,49153,8081,2049,88,79,5800,
106,2121,1110,49155,6000,513,990,5357,427,
49156,543,544,5101,144,7,389,8009,3128,444,
9999,5009,7070,5190,3000,5432,3986,1900,13,
1029,9,6646,5051,49157,1028,873,1755,2717,
4899,9100,119,37$ nmap -sn -PE -PP -PS80,23,443,21,22,25,3389,110,445,139,143,53,135,3306,8080,1723,111,995,993,5900,1025,587,8888,199,1720,465,548,113,81,6001,10000,514,5060,179,1026,2000,8443,8000,32768,554,26,1433,49152,2001,515,8008,49154,1027,5666,646,5000,5631,631,49153,8081,2049,88,79,5800,106,2121,1110,49155,6000,513,990,5357,427,49156,543,544,5101,144,7,389,8009,3128,444,9999,5009,7070,5190,3000,5432,3986,1900,13,1029,9,6646,5051,49157,1028,873,1755,2717,4899,9100,119,37 -PA80,23,443,21,22,25,3389,110,445,139,143,53,135,3306,8080,1723,111,995,993,5900,1025,587,8888,199,1720,465,548,113,81,6001,10000,514,5060,179,1026,2000,8443,8000,32768,554,26,1433,49152,2001,515,8008,49154,1027,5666,646,5000,5631,631,49153,8081,2049,88,79,5800,106,2121,1110,49155,6000,513,990,5357,427,49156,543,544,5101,144,7,389,8009,3128,444,9999,5009,7070,5190,3000,5432,3986,1900,13,1029,9,6646,5051,49157,1028,873,1755,2717,4899,9100,119,37 localhost
Nmap scan report for localhost (127.0.0.1)
Host is up.
# Nmap done at Tue Dec 21 09:02:00 2021 -- 1 IP address (1 host up) scanned in 0.00 seconds:请注意,SYN ( -PS ) 和 ACK ( -PA ) 数据包选项与列表中的第一个端口号之间没有空格。此外,您可以插入您最喜欢的 Nmap 选项,例如,调整时序参数 ( -T4 ) 和/或输出格式 ( -oG )。
瞧!如果金发姑娘在做这个评估,她肯定会说:“这个端口扫描刚刚好!我太棒了 31337!是时候pwn一些该死的熊了!”
好书推荐
元宇宙到底有多火?前有林俊杰在元宇宙上买房,后有张碧晨新歌《Interstellar》也与星际银河有关,但是,你对元宇宙的概念知道多少呢?是不是也对这个名词熟之又熟,却对其内涵迷迷糊糊?
原文始发于微信公众号(释然IT杂谈):【干货】如何强化默认的Nmap主机发现阶段
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论