nmap(zenmap)使用

尋找LAN 有使用 netbios 通訊協定 的電腦..... nmap --script=broadcast-netbios-master-browser 官方說明:  https://nmap.org/nsedoc/scripts/broadcast-netbios-master-browser.html 內文: local bit = require "bit" local netbios = require "netbios" local nmap = require "nmap" local stdnse = require "stdnse" local tab = require "tab" description = [[ Attempts to discover master browsers and the domains they manage. ]] --- -- @usage -- nmap --script=broadcast-netbios-master-browser -- -- @output -- | broadcast-netbios-master-browser: -- | ip            server        domain -- |_10.0.200.156  WIN2K3-EPI-1  WORKGROUP -- -- Version 0.1 -- Created 06/14/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net> author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"broadcast", "safe"} prerule = function() return true end local functio

MS SQL 內定使用  TCP port :1433, UDP port: 1434 透過此方式, 取得該主機SQL 相關資訊... 官方網站:  https://nmap.org/nsedoc/scripts/broadcast-ms-sql-discover.html 內容: local mssql = require "mssql" local stdnse = require "stdnse" local string = require "string" local table = require "table" local target = require "target" -- -*- mode: lua -*- -- vim: set filetype=lua : description = [[ Discovers Microsoft SQL servers in the same broadcast domain. SQL Server credentials required: No (will not benefit from <code>mssql.username</code> & <code>mssql.password</code>). The script attempts to discover SQL Server instances in the same broadcast domain. Any instances found are stored in the Nmap registry for use by any other ms-sql-* scripts that are run in the same scan. In contrast to the <code>ms-sql-discover</code> script, the broadcast version will use a broadcast method rather than targeting indi

一般而言, 安裝 nmap 的 window版 ... 你可能需要寫到bat 檔, 當成可執行方式 可以到 http://www.nmap.org/   , 去下載 window版的 nmap     叁考: http://networkhwsw.blogspot.tw/2015/10/nmap-zenmap.html 指令:   nmap --script  ****.nse    偵測IP 因為在window是放在 C:\Program Files (x86)\Nmap\scripts (Linux/Kali  是在 /usr/share/nmap/scripts ) 建議寫一個bat 檔,  把要做的腳本寫入, 而產到 某一個 txt檔 例如: @echo OFF SET /P VAR1=請輸入IP： @echo ===================================== >>nmap.txt @echo --------------------------------------------------------------- >>nmap.txt @echo ******** smb-check-vulns.nse ******** >>nmap.txt nmap --script smb-check-vulns.nse  %VAR1%   >>nmap.txt

sniffer LAN 裡頭   CDP, HSRP, Spotify, DropBox, DHCP, ARP 等...IPV4 封包... 網址:   https://nmap.org/nsedoc/scripts/broadcast-listener.html 內文: local _G = require "_G" local bin = require "bin" local coroutine = require "coroutine" local nmap = require "nmap" local packet = require "packet" local stdnse = require "stdnse" local table = require "table" description = [[ Sniffs the network for incoming broadcast communication and attempts to decode the received packets. It supports protocols like CDP, HSRP, Spotify, DropBox, DHCP, ARP and a few more. See packetdecoders.lua for more information. The script attempts to sniff all ethernet based interfaces with an IPv4 address unless a specific interface was given using the -e argument to Nmap. ]] --- -- @usage -- nmap --script broadcast-listener -- nmap --script broadcast-listener -e eth0 -- -- @output -- | broadcast-listener: -- |   udp -- | 

會偵測目標物 是否 有  IGMPv2 (1,2,3版都有) 網址:   https://nmap.org/nsedoc/scripts/broadcast-igmp-discovery.html 內文: local nmap = require "nmap" local stdnse = require "stdnse" local table = require "table" local bin = require "bin" local packet = require "packet" local ipOps = require "ipOps" local target = require "target" local coroutine = require "coroutine" local string = require "string" local io = require "io" description = [[ Discovers targets that have IGMP Multicast memberships and grabs interesting information. The scripts works by sending IGMP Membership Query message to the 224.0.0.1 All Hosts multicast address and listening for IGMP Membership Report messages. The script then extracts all the interesting information from the report messages such as the version, group, mode, source addresses (depending on the version). The script defaults to sending an IGMPv2 Q

透過傳送  EIGRP Hello封包, 去取得  Cisco設備~Enhanced Interior Gateway Routing Protocol (EIGRP)的相關回應~Gateway 在傳遞封包, 必須選擇 最佳路徑, 透過次通訊協定, 去設定 metrics 官方:  https://nmap.org/nsedoc/scripts/broadcast-eigrp-discovery.html 內容: local eigrp = require "eigrp" local nmap = require "nmap" local stdnse = require "stdnse" local table = require "table" local bin = require "bin" local packet = require "packet" local ipOps = require "ipOps" local target = require "target" local coroutine = require "coroutine" local string = require "string" description = [[ Performs network discovery and routing information gathering through Cisco's Enhanced Interior Gateway Routing Protocol (EIGRP). The script works by sending an EIGRP Hello packet with the specified Autonomous System value to the 224.0.0.10 multicast address and listening for EIGRP Update packets. The script then parses the update respon