nmap(zenmap)使用

這是針對 apple finder 通訊協定內漏洞 進行暴力攻擊 nmap官方說明 local afp = require "afp" local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local table = require "table" local unpwdb = require "unpwdb" -- we don't really need openssl here, but let's attempt to load it as a way -- to simply prevent the script from running, in case we don't have it local openssl = stdnse.silent_require("openssl") description = [[ Performs password guessing against Apple Filing Protocol (AFP). ]] --- -- @usage -- nmap -p 548 --script afp-brute <host> -- -- @output -- PORT    STATE SERVICE -- 548/tcp open  afp -- | afp-brute: -- |_  admin:KenSentMe => Valid credentials -- Information on AFP implementations -- -- Snow Leopard -- ------------ -- - Delay 10 seconds for accounts with more than 5 incorrect login attempts

用來針對目標分析 参考: http://fanli7.net/a/bianchengyuyan/C__/20160720/569565.html 下載： description = [[ A simple banner grabber which connects to an open TCP port and prints out anything sent by the listening service within five seconds. If no banner is received, a HTTP GET request is sent and the response recorded. Banners which contain telnet sequences will trigger telnet option negotiation, with the intent to get far enough into the handshake that we can receive the real banner. If data is received, more data will be read for up to fifteen seconds. ]] --- -- @output -- 21/tcp open ftp -- |_ banner-plus: 220 FTP version 1.0\x0D\x0A author = "hdm" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"discovery", "safe"} local nmap = require "nmap" local comm = require "comm" local stdnse = require "stdnse" local strbuf = require "strbuf" local nsedebug = require "n

查看  Apache JServ 里頭提供哪些Method(PUT, GET 等等) 官方網站:  https://nmap.org/nsedoc/scripts/ajp-methods.html 內容: local ajp = require "ajp" local shortport = require "shortport" local stdnse = require "stdnse" local table = require "table" description = [[ Discovers which options are supported by the AJP (Apache JServ Protocol) server by sending an OPTIONS request and lists potentially risky methods. In this script, "potentially risky" methods are anything except GET, HEAD, POST, and OPTIONS. If the script reports potentially risky methods, they may not all be security risks, but you should check to make sure. This page lists the dangers of some common methods: http://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_%28OWASP-CM-008%29 ]] --- -- @usage -- nmap -p 8009 <ip> --script ajp-methods -- -- @output -- PORT     STATE SERVICE -- 8009/tcp open  ajp13 -- | ajp-methods: -- |   Supported methods: GET

針對  AFP (apple) 與 ACLs 看mount的訊息 官方:   https://nmap.org/nsedoc/scripts/afp-showmount.html 內容: local afp = require "afp" local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" local table = require "table" description = [[ Shows AFP shares and ACLs. ]] --- -- --@output -- PORT    STATE SERVICE -- 548/tcp open  afp -- | afp-showmount: -- |   Yoda's Public Folder -- |     Owner: Search,Read,Write -- |     Group: Search,Read -- |     Everyone: Search,Read -- |     User: Search,Read -- |   Vader's Public Folder -- |     Owner: Search,Read,Write -- |     Group: Search,Read -- |     Everyone: Search,Read -- |     User: Search,Read -- |_    Options: IsOwner -- Version 0.4 -- Created 01/03/2010 - v0.1 - created by Patrik Karlsson -- Revised 01/13/2010 - v0.2 - Fixed a bug where a single share wouldn't show due to formatting issues -- Revised 01/20/2010