nmap(zenmap)使用

這是 用來找LAN 裡頭  可有pcanywhere 軟體client 指令:  nmap --script broadcast-pc-anywhere 官方網址:  h ttps://nmap.org/nsedoc/scripts/broadcast-pc-anywhere.html 內文: local nmap = require "nmap" local os = require "os" local stdnse = require "stdnse" local table = require "table" description = [[ Sends a special broadcast probe to discover PC-Anywhere hosts running on a LAN. ]] --- -- @usage -- nmap --script broadcast-pc-anywhere -- -- @output -- Pre-scan script results: -- | broadcast-pc-anywhere: -- |_  10.0.200.113 - WIN2K3SRV-1 -- -- @args broadcast-pc-anywhere.timeout specifies the amount of seconds to sniff --       the network interface. (default varies according to timing. -T3 = 5s) author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = { "broadcast", "safe" } local TIMEOUT = stdnse.parse_timespec(stdnse.get_script_args("broadcast

針對LAN裡頭是否存在 EMC Networker備份軟體ˋ主機 搜尋 官方:   https://nmap.org/nsedoc/scripts/broadcast-networker-discover.html EMC Networker備份軟體: pdf  , 說明 內文: local nmap = require "nmap" local rpc = require "rpc" local stdnse = require "stdnse" local table = require "table" description = [[ Discovers EMC Networker backup software servers on a LAN by sending a network broadcast query. ]] --- -- @usage nmap --script broadcast-networker-discover -- -- @output -- Pre-scan script results: -- | broadcast-networker-discover: -- |_  10.20.30.40 -- -- author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"broadcast", "safe"} prerule = function() return true end local function Callit( host, port, program, protocol )   local results = {}   local portmap, comm = rpc.Portmap:new(), rpc.Comm:new('rpcbind', 2)   local status, result = comm:Co

一般而言. 網路裡頭有一台Novell 主機, 超穩, 可是Novell NetWare Core Protocol (NCP) 這是在 IPX/SPX  協定,...比較少見難找 官方: https://nmap.org/nsedoc/scripts/broadcast-novell-locate.html 內文: local bin = require "bin" local ipOps = require "ipOps" local srvloc = require "srvloc" local stdnse = require "stdnse" local table = require "table" description = [[ Attempts to use the Service Location Protocol to discover Novell NetWare Core Protocol (NCP) servers. ]] --- -- --@output -- Pre-scan script results: -- | broadcast-novell-locate: -- |   Tree name: CQURE-LABTREE -- |   Server name: linux-l84t -- |   Addresses -- |_    192.168.56.33 -- -- -- Version 0.1 -- Created 04/26/2011 - v0.1 - created by Patrik Karlsson author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"broadcast", "safe"} prerule = function() return true end function action()

尋找LAN 有使用 netbios 通訊協定 的電腦..... nmap --script=broadcast-netbios-master-browser 官方說明:  https://nmap.org/nsedoc/scripts/broadcast-netbios-master-browser.html 內文: local bit = require "bit" local netbios = require "netbios" local nmap = require "nmap" local stdnse = require "stdnse" local tab = require "tab" description = [[ Attempts to discover master browsers and the domains they manage. ]] --- -- @usage -- nmap --script=broadcast-netbios-master-browser -- -- @output -- | broadcast-netbios-master-browser: -- | ip            server        domain -- |_10.0.200.156  WIN2K3-EPI-1  WORKGROUP -- -- Version 0.1 -- Created 06/14/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net> author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"broadcast", "safe"} prerule = function() return true end local functio

MS SQL 內定使用  TCP port :1433, UDP port: 1434 透過此方式, 取得該主機SQL 相關資訊... 官方網站:  https://nmap.org/nsedoc/scripts/broadcast-ms-sql-discover.html 內容: local mssql = require "mssql" local stdnse = require "stdnse" local string = require "string" local table = require "table" local target = require "target" -- -*- mode: lua -*- -- vim: set filetype=lua : description = [[ Discovers Microsoft SQL servers in the same broadcast domain. SQL Server credentials required: No (will not benefit from <code>mssql.username</code> & <code>mssql.password</code>). The script attempts to discover SQL Server instances in the same broadcast domain. Any instances found are stored in the Nmap registry for use by any other ms-sql-* scripts that are run in the same scan. In contrast to the <code>ms-sql-discover</code> script, the broadcast version will use a broadcast method rather than targeting indi

一般而言, 安裝 nmap 的 window版 ... 你可能需要寫到bat 檔, 當成可執行方式 可以到 http://www.nmap.org/   , 去下載 window版的 nmap     叁考: http://networkhwsw.blogspot.tw/2015/10/nmap-zenmap.html 指令:   nmap --script  ****.nse    偵測IP 因為在window是放在 C:\Program Files (x86)\Nmap\scripts (Linux/Kali  是在 /usr/share/nmap/scripts ) 建議寫一個bat 檔,  把要做的腳本寫入, 而產到 某一個 txt檔 例如: @echo OFF SET /P VAR1=請輸入IP： @echo ===================================== >>nmap.txt @echo --------------------------------------------------------------- >>nmap.txt @echo ******** smb-check-vulns.nse ******** >>nmap.txt nmap --script smb-check-vulns.nse  %VAR1%   >>nmap.txt

sniffer LAN 裡頭   CDP, HSRP, Spotify, DropBox, DHCP, ARP 等...IPV4 封包... 網址:   https://nmap.org/nsedoc/scripts/broadcast-listener.html 內文: local _G = require "_G" local bin = require "bin" local coroutine = require "coroutine" local nmap = require "nmap" local packet = require "packet" local stdnse = require "stdnse" local table = require "table" description = [[ Sniffs the network for incoming broadcast communication and attempts to decode the received packets. It supports protocols like CDP, HSRP, Spotify, DropBox, DHCP, ARP and a few more. See packetdecoders.lua for more information. The script attempts to sniff all ethernet based interfaces with an IPv4 address unless a specific interface was given using the -e argument to Nmap. ]] --- -- @usage -- nmap --script broadcast-listener -- nmap --script broadcast-listener -e eth0 -- -- @output -- | broadcast-listener: -- |   udp -- | 

會偵測目標物 是否 有  IGMPv2 (1,2,3版都有) 網址:   https://nmap.org/nsedoc/scripts/broadcast-igmp-discovery.html 內文: local nmap = require "nmap" local stdnse = require "stdnse" local table = require "table" local bin = require "bin" local packet = require "packet" local ipOps = require "ipOps" local target = require "target" local coroutine = require "coroutine" local string = require "string" local io = require "io" description = [[ Discovers targets that have IGMP Multicast memberships and grabs interesting information. The scripts works by sending IGMP Membership Query message to the 224.0.0.1 All Hosts multicast address and listening for IGMP Membership Report messages. The script then extracts all the interesting information from the report messages such as the version, group, mode, source addresses (depending on the version). The script defaults to sending an IGMPv2 Q

透過傳送  EIGRP Hello封包, 去取得  Cisco設備~Enhanced Interior Gateway Routing Protocol (EIGRP)的相關回應~Gateway 在傳遞封包, 必須選擇 最佳路徑, 透過次通訊協定, 去設定 metrics 官方:  https://nmap.org/nsedoc/scripts/broadcast-eigrp-discovery.html 內容: local eigrp = require "eigrp" local nmap = require "nmap" local stdnse = require "stdnse" local table = require "table" local bin = require "bin" local packet = require "packet" local ipOps = require "ipOps" local target = require "target" local coroutine = require "coroutine" local string = require "string" description = [[ Performs network discovery and routing information gathering through Cisco's Enhanced Interior Gateway Routing Protocol (EIGRP). The script works by sending an EIGRP Hello packet with the specified Autonomous System value to the 224.0.0.10 multicast address and listening for EIGRP Update packets. The script then parses the update respon

針對內網, 檢查broadcast 是否有發送dropbox封包 當然... 防毒防火牆軟體 可以阻擋 此類型封包 官方說明:   https://nmap.org/nsedoc/scripts/broadcast-dropbox-listener.html 內文: local json = require "json" local nmap = require "nmap" local stdnse = require "stdnse" local tab = require "tab" local target = require "target" description = [[ Listens for the LAN sync information broadcasts that the Dropbox.com client broadcasts every 20 seconds, then prints all the discovered client IP addresses, port numbers, version numbers, display names, and more. If the <code>newtargets</code> script argument is given, all discovered Dropbox clients will be added to the Nmap target list rather than just listed in the output. ]] --- -- @usage -- nmap --script=broadcast-dropbox-listener -- nmap --script=broadcast-dropbox-listener --script-args=newtargets -Pn -- @output -- Pre-scan script results: -- | broadcast-dropbox-listener: -- | displayname  ip   

透過傳遞   DNS-SD 詢問 是否網路上有 支援  DNS Service Discovery protocol的 DNS server 官方:   https://nmap.org/nsedoc/scripts/broadcast-dns-service-discovery.html DNS-SD:   http://www.dns-sd.org/ 內文: local dnssd = require "dnssd" local stdnse = require "stdnse" description=[[ Attempts to discover hosts' services using the DNS Service Discovery protocol.  It sends a multicast DNS-SD query and collects all the responses. The script first sends a query for _services._dns-sd._udp.local to get a list of services. It then sends a followup query for each one to try to get more information. ]] --- -- @usage -- nmap --script=broadcast-dns-service-discovery -- -- @output -- | broadcast-dns-service-discovery: -- |   1.2.3.1 -- |     _ssh._tcp.local -- |     _http._tcp.local -- |   1.2.3.50 -- |     22/tcp ssh -- |       org.freedesktop.Avahi.cookie=2292090182 -- |       Address=1.2.3.50 -- |     80/tcp http -- |       path=/admin -- |       org.freedesktop

透過broadcast方式 去詢問 網路 DHCP server... 傳回訊息 官方:   https://nmap.org/nsedoc/scripts/broadcast-dhcp-discover.html 內容: local bin = require "bin" local coroutine = require "coroutine" local dhcp = require "dhcp" local ipOps = require "ipOps" local math = require "math" local nmap = require "nmap" local packet = require "packet" local stdnse = require "stdnse" local string = require "string" local table = require "table" description = [[ Sends a DHCP request to the broadcast address (255.255.255.255) and reports the results. The script uses a static MAC address (DE:AD:CO:DE:CA:FE) while doing so in order to prevent scope exhaustion. The script reads the response using pcap by opening a listening pcap socket on all available ethernet interfaces that are reported up. If no response has been received before the timeout has been reached (default 10 seconds) the script will abo