Shulou(Shulou.com)06/01 Report--

Nmap Network Security Audit (7) vulnerability scanning function in Nmap

Those who have done security service may know some leak scanning tools that are often used, such as Nessus, Open Vas and so on. With the blessing of NSE, Nmap can also become a leak scanning tool, and these missing scripts are classified under the vuln category.

Advantages of NSE vulnerability scanning:

You can use Nmap API to complete the processing of information collected during scanning. NSE scripts can share the information obtained with other scripts during execution. NSE provides a large number of components of network protocol libraries. NSE provides leak library files, which can be used to create an excellent vulnerability report.

Powerful concurrency and error handling mechanisms are provided in NSE

As mentioned earlier, if you want to use all the scripts under this category, you can add the category name after-- script, and we can use similar methods to improve the detection capabilities of the target version and set the target port to all valid ports.

Nmap-p-sV-version-all-script vuln 192.168.126.131

-p-refers to the designation of the target port as all valid ports, and-sV-- version-all is used to improve the efficiency of version detection.

Run the above instructions and wait a little while, and we can get a missing scan report. I am scanning a win7 here.

If we want more information, we can use the parameter vuln.showall to display the whole content (--script-args is used to select the running parameter of the NSE script, because the parameter we are running here is vuln.showall)

Detection of vulnerabilities in windwos system

We mentioned a script that can cause damage to the system, and we should choose the test target carefully when using the following script.

Nmap-p-sV-script vuln-script-args unsafe 192.168.126.131

When scanning, this script may cause the system to crash, and the most commonly used script, smb-check-vulns, completes the detection of the following vulnerabilities in the target system

Windows Ras RPC service vulnerability (MS06-025) Windows Dns Server RPC service vulnerability (MS07-029) Windows RPC vulnerability (MS08-67) Conficker worm infectionCVE-2009-3013

Unnamed regsvc Dos found by Ron Bowes

These loopholes generally exist in the older systems, but there are still many enterprises using the old version of the system, and there are many win2003 servers in the enterprise, which I have seen at work, because after using this version a long time ago, after the subsequent business development, too much data is difficult to migrate, and the server needs to be stopped for migration, and there are important services running on the server.

End

There are also other authors on the Internet who will write about using nmap to detect ssl heart bleeding and VNC vulnerabilities. I can't write all of these. In fact, it is very convenient to use the windows version of nmap. Click on the configuration above-Edit the selected configuration-script. On the left, we can see a lot of scripts, which are the same as the files in script under the nmap file.

Find the script you want to use, here I will take the blood dripping from the heart to demonstrate, find the ssl-heartbleed point this option will appear on the right side of the script usage, very detailed, and I usually write those are similar, as well as the corresponding parameters of this script, so these do not need to study by yourself, the official website also has a manual, there are a lot of ready-made information.

(blood dripping from ssl's heart)

(previously modified the parameters used by user-agent in the HTTP header information)

Writing this involves too many sensitive words. It is too difficult to delete and modify sensitive words after writing an article for a few hours.

The command is mainly in the picture.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.