nmap(zenmap)使用

這是 canon印表機 通訊協定 the BJNP protocol , 用來查詢內網 是否存在這樣設備 執行: nmap --script broadcast-bjnp-discover 官方網址:   https://nmap.org/nsedoc/scripts/broadcast-bjnp-discover.html 內容: description = [[ Attempts to discover Canon devices (Printers/Scanners) supporting the BJNP protocol by sending BJNP Discover requests to the network broadcast address for both ports associated with the protocol. The script then attempts to retrieve the model, version and some additional information for all discovered devices. ]] --- -- @usage -- nmap --script broadcast-bjnp-discover -- -- @output -- | broadcast-bjnp-discover: -- |   192.168.0.10 -- |     Printer -- |       Manufacturer: Canon -- |       Model: MG5200 series -- |       Description: Canon MG5200 series -- |       Firmware version: 1.050 -- |       Command: BJL,BJRaster3,BSCCe,NCCe,IVEC,IVECPLI -- |     Scanner -- |       Manufacturer: Canon -- |       Model: MG5200 series -- |       Description: Canon MG5200 series --

針對 port 5353 傳送 空的 UDP 封包(IP4, IP6)對某台電腦 進行 類似暴力攻擊 官方:   https://nmap.org/nsedoc/scripts/broadcast-avahi-dos.html 內容: local dnssd = require "dnssd" local nmap = require "nmap" local stdnse = require "stdnse" local table = require "table" description=[[ Attempts to discover hosts in the local network using the DNS Service Discovery protocol and sends a NULL UDP packet to each host to test if it is vulnerable to the Avahi NULL UDP packet denial of service (CVE-2011-1002). The <code>broadcast-avahi-dos.wait</code> script argument specifies how many number of seconds to wait before a new attempt of host discovery. Each host who does not respond to this second attempt will be considered vulnerable. Reference: * http://avahi.org/ticket/325 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002 ]] --- -- @usage -- nmap --script=broadcast-avahi-dos -- -- @output -- | broadcast-avahi-dos: -- |   Discover

找尋  ATA over Ethernet protocol 的伺服器, 類似 iSCSI,. 最重要是讓硬體儲存設備 可以快速於網路上讀取 但切記, 並不是 網路封包規範方式喔 說明:  ATA over Ethernet 官方:   https://nmap.org/nsedoc/scripts/broadcast-ataoe-discover.html 內容: local bin = require "bin" local bit = require "bit" local math = require "math" local nmap = require "nmap" local packet = require "packet" local stdnse = require "stdnse" local string = require "string" local table = require "table" description = [[ Discovers servers supporting the ATA over Ethernet protocol. ATA over Ethernet is an ethernet protocol developed by the Brantley Coile Company and allows for simple, high-performance access to SATA drives over Ethernet. Discovery is performed by sending a Query Config Request to the Ethernet broadcast address with all bits set in the major and minor fields of the header. ]] --- -- @usage -- nmap --script broadcast-ataoe-discover -e <interface>

查詢   bittorrent 經過peers 與 nodes, 也可說可以確定該IP是否為種子(自我檢測也OK) 官方: https://nmap.org/nsedoc/scripts/bittorrent-discovery.html bittorrent說明:  https://zh.wikipedia.org/wiki/BitTorrent_(%E5%8D%8F%E8%AE%AE) 內容: local stdnse = require "stdnse" local table = require "table" local target = require "target" local bittorrent = stdnse.silent_require "bittorrent" description = [[ Discovers bittorrent peers sharing a file based on a user-supplied torrent file or magnet link.  Peers implement the Bittorrent protocol and share the torrent, whereas the nodes (only shown if the include-nodes NSE argument is given) implement the DHT protocol and are used to track the peers. The sets of peers and nodes are not the same, but they usually intersect. If the <code>newtargets</code> script-arg is supplied it adds the discovered peers as targets. ]] --- -- @usage -- nmap --script bittorrent-discovery --script-args newtargets,bittorrent-