Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you an example analysis about the operation of Nmap. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Background

With the development of the security industry, the state attaches great importance to it. Various industries suffer from various threats, and some enterprises of Party A do not have relevant security departments or their security capabilities are relatively weak, so they will employ Party B's security personnel to provide operational services. Then the security engineer of Party B needs to help customers deal with some security events that occur during the operation of the business. For example, after a certain loophole occurs, we need the security engineer to check whether the loophole exists in other business systems and whether it needs to be repaired in time. There are also to output some results to facilitate customer reporting, and how to improve work efficiency and so on.

Review of common parameter options for efficient scanning

Fast Survival scan nmap-T4-n-V-sn-iL ip.txt-oN live_host.txt

Tip:-sn parameter is also ping scan, not port scan. The difference between Sn scan and sp scan is that sp scan cannot scan the surviving host whose firewall forbids ping, while sn scan. When the firewall forbids ping, the firewall discards all icmp packets, and can still detect the surviving host-P0.Murpjay PUBU scan will scan the port. While-Sp,-sn scan will not perform port open scan optimization scan nmap-T4-n-v-- top-ports "1000"-- max-retries 3-- min-hostgroup 100-- host-timeout 18000ms-- open-iL ip.txt-oA openport_result hint:-- max-rrt-timeout,-- host-timeout in the old version of nmap, the default unit is millisecond, in the new version of nmap7.80 The default unit is seconds. If you want to set millisecond units, remember to add ms after the number, for example:

Specify service type scan

Scan only ports that open HTTP services

Nmap-T4-n-v-p http*-- max-retries 3-min-hostgroup 30-host-timeout 18000ms-open-iL ip.txt-oA httpport_result

Comprehensive vulnerability scanning command: nmap-v-n-Pn-- script=vuln-T4-- open-M5-iL ip.txt-oN vuln_scan_result.txt specified vulnerability type scan-- SMBnmap-T4-n-v-script=smb*-- max-retries 3-- open-iL ip.txt-oA smbvuln_result

Common scanning options

Vulnerability POC authentication

Can use batch processing script writing Nmap vulnerability POC one-click verification script tool, simple and easy to use

The weak password detection commands are as follows: Nmap-sT-p destination application port-v-n-Pn-- script = weak password scanning script-script-args userdb= username dictionary, passdb= weak password dictionary-iL ip.txt-oN result.txt

The programming of ftp weak password script command

Windows SMB weak port scan nmap-v-n-sT-d-- script=smb-brute.nse-- script-args userdb=smb_user.dic,passdb=week.txt-p 445139-oN res.txt-iL ip.txt

SQL Server weak password scan nmap-v-n-sT-script ms-sql-brute.nse-script-args userdb= conf\ mssql_user.dic,passdb=conf\ weekpassword.txt-p 1433-oN result\ mssql_result.txt-iL ip.txt

Execute ms-sql-xp-cmdshell.cmd= "net users" IP

Detailed whois parsing nmap-- script external www.baidu.com

Scan the web directory nmap-p 80443-script=http-enum.nse www.baidu.com

Scan the finishing results https://github.com/mrschyte/nmap-converter or nmaptocsvpip install XlsxWriterpip install python-libnmap

Convert xml documents to HTML install xsltprocxsltproc-o test01.htm t.xml

Use the modified template to output the htm file: xsltproc-o test02.htm xslt template.xsl test01.xml

The above is the example analysis of Nmap operation shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.