掃描器之Netsparker、Nmap

一邮旷、安裝web 掃描器 -- Netsparker

1. 準(zhǔn)備安裝包黄选,這里使用的綠色版,不需要安裝即可使用的軟件

軟件包文件

2. 開(kāi)始使用掃描

設(shè)置目標(biāo)網(wǎng)站URL
步驟一
步驟二
步驟三
步驟四
步驟五
步驟六
步驟七
步驟八
步驟九
掃描中

掃描完成婶肩,生成報(bào)表

存儲(chǔ)位置
查看報(bào)告


二办陷、安裝 掃描器 -- Nmap

1. 開(kāi)源、免費(fèi)網(wǎng)絡(luò)連接端口掃描軟件律歼,用來(lái)掃描網(wǎng)上電腦開(kāi)放的網(wǎng)絡(luò)連接端口

2. 主機(jī)發(fā)現(xiàn)的基本用法

1民镜、nmap主機(jī)發(fā)現(xiàn)
描述:-sn: Ping Scan - disable port scan
相當(dāng)于window或linux系統(tǒng)的ping命令進(jìn)行主機(jī)發(fā)現(xiàn),關(guān)閉端口掃描
命令語(yǔ)法: 
nmap –sn <network address> </CIDR>
例子:nmap -sn 192.168.2.0/24  或nmap -sn 192.168.2.0-255
 root@kali:~# nmap -sn 192.168.2.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-04 21:18 EST
Nmap scan report for 192.168.2.1 (192.168.2.1)
Host is up (0.00029s latency).
MAC Address: E4:F3:F5:BF:96:48 (Shenzhen Mercury Communication Technologies)
Nmap scan report for 192.168.2.103 (192.168.2.103)
Host is up (0.00020s latency).
MAC Address: 00:0C:29:5A:7A:ED (VMware)
Nmap scan report for 192.168.2.105 (192.168.2.105)
Host is up (0.00021s latency).
MAC Address: 68:F7:28:D9:42:E9 (Lcfc(hefei) Electronics Technology)
Nmap scan report for 192.168.2.100 (192.168.2.100)
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 1.74 seconds

2险毁、nmap 路由跟蹤
描述: Trace hop path to each host
路由器追蹤功能制圈,能夠幫助網(wǎng)絡(luò)管理員了解網(wǎng)絡(luò)通行情況,同時(shí)也是網(wǎng)絡(luò)管理人員很好的輔助工具畔况,通過(guò)路由器追蹤可以輕松的查處從我們電腦所在地到目的地之間所經(jīng)常的網(wǎng)絡(luò)節(jié)點(diǎn)鲸鹦,并可以看到通過(guò)各個(gè)結(jié)點(diǎn)所花費(fèi)的時(shí)間
命令語(yǔ)法: 
nmap –traceroute <target IP>
例子:namp –traceroute 36.152.44.96 (百度IP)
root@kali:~# nmap --traceroute 36.152.44.96
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-04 21:12 EST
Nmap scan report for 36.152.44.96
Host is up (0.030s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

TRACEROUTE (using port 443/tcp)
HOP RTT      ADDRESS
1   0.51 ms  192.168.2.1 (192.168.2.1)
2   0.91 ms  192.168.1.1 (192.168.1.1)
3   2.08 ms  100.4.0.1
4   ... 13
14  33.62 ms 36.152.44.96

Nmap done: 1 IP address (1 host up) scanned in 8.05 seconds
 

3、nmap 端口掃描
描述: 
命令語(yǔ)法: 
nmap -sS  <target IP>  TCP通信中的SYN掃描
-sU   UDP端口掃描 以UDP掃描方式確定目標(biāo)主機(jī)的UDP端口狀態(tài)
--top-ports  n  表掃描最有可能開(kāi)放的n個(gè)端口 

例子:
 root@kali:~/Desktop# nmap -sS -sU --top-ports 300 192.168.2.103
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-05 00:30 EST
Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 99.00% done; ETC: 00:30 (0:00:00 remaining)
Nmap scan report for 192.168.2.103 (192.168.2.103)
Host is up (0.0015s latency).
Not shown: 583 closed ports
PORT     STATE         SERVICE
80/tcp   open          http
81/tcp   open          hosts2-ns
82/tcp   open          xfer
135/tcp  open          msrpc
139/tcp  open          netbios-ssn
445/tcp  open          microsoft-ds
1025/tcp open          NFS-or-IIS
1026/tcp open          LSA-or-nterm
1433/tcp open          ms-sql-s
2383/tcp open          ms-olap4
123/udp  open|filtered ntp
137/udp  open          netbios-ns
138/udp  open|filtered netbios-dgm
445/udp  open|filtered microsoft-ds
500/udp  open|filtered isakmp
1434/udp open|filtered ms-sql-m
4500/udp open|filtered nat-t-ike
MAC Address: 00:0C:29:5A:7A:ED (VMware)

Nmap done: 1 IP address (1 host up) scanned in 1.52 seconds

值得收藏的40個(gè)黑客常用入侵端口總結(jié): https://www.php.cn/safe/436409.html

4跷跪、nmap 版本檢測(cè)
描述: 
命令語(yǔ)法: 
nmap  -sV <target IP>  
例子:namp -sV 192.168.2.103
root@kali:~/Desktop# nmap -sV 192.168.2.103
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-05 00:32 EST
Stats: 0:00:07 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 0.00% done
Stats: 0:00:17 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 83.33% done; ETC: 00:32 (0:00:03 remaining)
Nmap scan report for 192.168.2.103 (192.168.2.103)
Host is up (0.00013s latency).
Not shown: 988 closed ports
PORT     STATE SERVICE      VERSION
80/tcp   open  http         Microsoft IIS httpd
81/tcp   open  http         Microsoft IIS httpd 6.0
82/tcp   open  http         Microsoft IIS httpd 6.0
83/tcp   open  http         Microsoft IIS httpd 6.0
84/tcp   open  http         Microsoft IIS httpd 6.0
135/tcp  open  msrpc        Microsoft Windows RPC
139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp  open  microsoft-ds Microsoft Windows 2003 or 2008 microsoft-ds
1025/tcp open  msrpc        Microsoft Windows RPC
1026/tcp open  msrpc        Microsoft Windows RPC
1433/tcp open  ms-sql-s     Microsoft SQL Server 2008 R2 10.50.1600; RTM
2383/tcp open  ms-olap4?
MAC Address: 00:0C:29:5A:7A:ED (VMware)
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2003

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 56.01 seconds

5馋嗜、nmap OS檢測(cè)
描述: 
命令語(yǔ)法: 
nmap –O  <target IP>
例子:namp -O 192.168.2.103
 root@kali:~/Desktop# nmap -O 192.168.2.103
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-05 00:34 EST
Nmap scan report for 192.168.2.103 (192.168.2.103)
Host is up (0.00034s latency).
Not shown: 988 closed ports
PORT     STATE SERVICE
80/tcp   open  http
81/tcp   open  hosts2-ns
82/tcp   open  xfer
83/tcp   open  mit-ml-dev
84/tcp   open  ctf
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
1025/tcp open  NFS-or-IIS
1026/tcp open  LSA-or-nterm
1433/tcp open  ms-sql-s
2383/tcp open  ms-olap4
MAC Address: 00:0C:29:5A:7A:ED (VMware)
Device type: general purpose
Running: Microsoft Windows 2003
OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2
OS details: Microsoft Windows Server 2003 SP1 or SP2
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.65 seconds


6、nmap 漏洞檢測(cè)
描述: 
命令語(yǔ)法: 
nmap   <target IP>  --script=auth,vuln
例子:nmap 192.168.2.103 --script=auth,vuln
root@kali:~/Desktop# nmap 192.168.2.103 --script=auth,vuln
Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-05 00:39 EST
Stats: 0:00:15 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 85.40% done; ETC: 00:40 (0:00:01 remaining)
...
...
...

Stats: 0:02:29 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 98.75% done; ETC: 00:38 (0:00:00 remaining)
Nmap scan report for 192.168.2.103 (192.168.2.103)
Host is up (0.00066s latency).
Not shown: 988 closed ports
PORT     STATE SERVICE
80/tcp   open  http
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
|_http-csrf: Couldn't find any CSRF vulnerabilities.
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-enum: 
|   /reportserver/: Microsoft SQL Report Service (401 Unauthorized)
|_  /reports/: Potentially interesting folder (401 Unauthorized)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
81/tcp   open  hosts2-ns
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
82/tcp   open  xfer
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
83/tcp   open  mit-ml-dev
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
84/tcp   open  ctf
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
135/tcp  open  msrpc
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
139/tcp  open  netbios-ssn
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
445/tcp  open  microsoft-ds
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
1025/tcp open  NFS-or-IIS
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
1026/tcp open  LSA-or-nterm
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
1433/tcp open  ms-sql-s
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
| ms-sql-dump-hashes: 
| [192.168.2.103:1433]
|_  ERROR: No login credentials
| ms-sql-hasdbaccess: 
|   [192.168.2.103:1433]
|_    ERROR: No login credentials.
| ssl-poodle: 
|   VULNERABLE:
|   SSL POODLE information leak
|     State: VULNERABLE
|     IDs:  BID:70574  CVE:CVE-2014-3566
|           The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other
|           products, uses nondeterministic CBC padding, which makes it easier
|           for man-in-the-middle attackers to obtain cleartext data via a
|           padding-oracle attack, aka the "POODLE" issue.
|     Disclosure date: 2014-10-14
|     Check results:
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA
|     References:
|       https://www.openssl.org/~bodo/ssl-poodle.pdf
|       https://www.imperialviolet.org/2014/10/14/poodle.html
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
|_      https://www.securityfocus.com/bid/70574
|_sslv2-drown: 
|_tls-ticketbleed: ERROR: Script execution failed (use -d to debug)
2383/tcp open  ms-olap4
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
MAC Address: 00:0C:29:5A:7A:ED (VMware)

Host script results:
| smb-vuln-ms08-067: 
|   VULNERABLE:
|   Microsoft Windows system vulnerable to remote code execution (MS08-067)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2008-4250
|           The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,
|           Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary
|           code via a crafted RPC request that triggers the overflow during path canonicalization.
|           
|     Disclosure date: 2008-10-23
|     References:
|       https://technet.microsoft.com/en-us/library/security/ms08-067.aspx
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250
|_smb-vuln-ms10-054: false
|_smb-vuln-ms10-061: NT_STATUS_OBJECT_NAME_NOT_FOUND
| smb-vuln-ms17-010: 
|   VULNERABLE:
|   Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2017-0143
|     Risk factor: HIGH
|       A critical remote code execution vulnerability exists in Microsoft SMBv1
|        servers (ms17-010).
|           
|     Disclosure date: 2017-03-14
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
|       https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
|_      https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Stats: 0:02:29 elapsed; 1 hosts completed (1 up), 0 undergoing Script Post-Scan
NSE Timing: About 0.00% done
Nmap done: 1 IP address (1 host up) scanned in 149.72 seconds
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
  • 人面猴
    序言:七十年代末域庇,一起剝皮案震驚了整個(gè)濱河市嵌戈,隨后出現(xiàn)的幾起案子覆积,更是在濱河造成了極大的恐慌听皿,老刑警劉巖,帶你破解...
    沈念sama閱讀 216,402評(píng)論 6 499
  • 死咒
    序言:濱河連續(xù)發(fā)生了三起死亡事件宽档,死亡現(xiàn)場(chǎng)離奇詭異尉姨,居然都是意外死亡,警方通過(guò)查閱死者的電腦和手機(jī)吗冤,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 92,377評(píng)論 3 392
  • 救了他兩次的神仙讓他今天三更去死
    文/潘曉璐 我一進(jìn)店門(mén)又厉,熙熙樓的掌柜王于貴愁眉苦臉地迎上來(lái)九府,“玉大人,你說(shuō)我怎么就攤上這事覆致≈堆” “怎么了?”我有些...
    開(kāi)封第一講書(shū)人閱讀 162,483評(píng)論 0 353
  • 道士緝兇錄:失蹤的賣(mài)姜人
    文/不壞的土叔 我叫張陵煌妈,是天一觀的道長(zhǎng)儡羔。 經(jīng)常有香客問(wèn)我,道長(zhǎng)璧诵,這世上最難降的妖魔是什么汰蜘? 我笑而不...
    開(kāi)封第一講書(shū)人閱讀 58,165評(píng)論 1 292
  • ?港島之戀(遺憾婚禮)
    正文 為了忘掉前任,我火速辦了婚禮之宿,結(jié)果婚禮上族操,老公的妹妹穿的比我還像新娘。我一直安慰自己比被,他們只是感情好色难,可當(dāng)我...
    茶點(diǎn)故事閱讀 67,176評(píng)論 6 388
  • 惡毒庶女頂嫁案:這布局不是一般人想出來(lái)的
    文/花漫 我一把揭開(kāi)白布。 她就那樣靜靜地躺著姐赡,像睡著了一般莱预。 火紅的嫁衣襯著肌膚如雪。 梳的紋絲不亂的頭發(fā)上项滑,一...
    開(kāi)封第一講書(shū)人閱讀 51,146評(píng)論 1 297
  • 城市分裂傳說(shuō)
    那天依沮,我揣著相機(jī)與錄音,去河邊找鬼枪狂。 笑死危喉,一個(gè)胖子當(dāng)著我的面吹牛,可吹牛的內(nèi)容都是我干的州疾。 我是一名探鬼主播辜限,決...
    沈念sama閱讀 40,032評(píng)論 3 417
  • 雙鴛鴦連環(huán)套:你想象不到人心有多黑
    文/蒼蘭香墨 我猛地睜開(kāi)眼,長(zhǎng)吁一口氣:“原來(lái)是場(chǎng)噩夢(mèng)啊……” “哼严蓖!你這毒婦竟也來(lái)了薄嫡?” 一聲冷哼從身側(cè)響起,我...
    開(kāi)封第一講書(shū)人閱讀 38,896評(píng)論 0 274
  • 萬(wàn)榮殺人案實(shí)錄
    序言:老撾萬(wàn)榮一對(duì)情侶失蹤颗胡,失蹤者是張志新(化名)和其女友劉穎毫深,沒(méi)想到半個(gè)月后,有當(dāng)?shù)厝嗽跇?shù)林里發(fā)現(xiàn)了一具尸體毒姨,經(jīng)...
    沈念sama閱讀 45,311評(píng)論 1 310
  • ?護(hù)林員之死
    正文 獨(dú)居荒郊野嶺守林人離奇死亡哑蔫,尸身上長(zhǎng)有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點(diǎn)故事閱讀 37,536評(píng)論 2 332
  • ?白月光啟示錄
    正文 我和宋清朗相戀三年,在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了。 大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片闸迷。...
    茶點(diǎn)故事閱讀 39,696評(píng)論 1 348
  • 活死人
    序言:一個(gè)原本活蹦亂跳的男人離奇死亡嵌纲,死狀恐怖,靈堂內(nèi)的尸體忽然破棺而出腥沽,到底是詐尸還是另有隱情逮走,我是刑警寧澤,帶...
    沈念sama閱讀 35,413評(píng)論 5 343
  • ?日本核電站爆炸內(nèi)幕
    正文 年R本政府宣布今阳,位于F島的核電站言沐,受9級(jí)特大地震影響,放射性物質(zhì)發(fā)生泄漏酣栈。R本人自食惡果不足惜险胰,卻給世界環(huán)境...
    茶點(diǎn)故事閱讀 41,008評(píng)論 3 325
  • 男人毒藥:我在死后第九天來(lái)索命
    文/蒙蒙 一、第九天 我趴在偏房一處隱蔽的房頂上張望矿筝。 院中可真熱鬧起便,春花似錦、人聲如沸窖维。這莊子的主人今日做“春日...
    開(kāi)封第一講書(shū)人閱讀 31,659評(píng)論 0 22
  • 一樁弒父案,背后竟有這般陰謀
    文/蒼蘭香墨 我抬頭看了看天上的太陽(yáng)铸史。三九已至鼻疮,卻和暖如春,著一層夾襖步出監(jiān)牢的瞬間琳轿,已是汗流浹背判沟。 一陣腳步聲響...
    開(kāi)封第一講書(shū)人閱讀 32,815評(píng)論 1 269
  • 情欲美人皮
    我被黑心中介騙來(lái)泰國(guó)打工, 沒(méi)想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留崭篡,地道東北人挪哄。 一個(gè)月前我還...
    沈念sama閱讀 47,698評(píng)論 2 368
  • 代替公主和親
    正文 我出身青樓,卻偏偏與公主長(zhǎng)得像琉闪,于是被迫代替她去往敵國(guó)和親迹炼。 傳聞我的和親對(duì)象是個(gè)殘疾皇子,可洞房花燭夜當(dāng)晚...
    茶點(diǎn)故事閱讀 44,592評(píng)論 2 353

推薦閱讀更多精彩內(nèi)容