nmap(zenmap)使用

針對  the BackOrifice service 作密碼 暴力攻擊 the BackOrifice service說明:  https://en.wikipedia.org/wiki/Back_Orifice 原廠說明:  https://nmap.org/nsedoc/scripts/backorifice-brute.html 內文: local bin = require "bin" local bit = require "bit" local brute = require "brute" local creds = require "creds" local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local table = require "table" description = [[ Performs brute force password auditing against the BackOrifice service. The <code>backorifice-brute.ports</code> script argument is mandatory (it specifies ports to run the script against). ]] --- -- @usage -- nmap -sU --script backorifice-brute <host> --script-args backorifice-brute.ports=<ports> -- -- @arg backorifice-brute.ports (mandatory) List of UDP ports to run the script against separat...

針對  an identd (auth) server 送出query 用來查詢及回應 The Ident protocol:   RFC 1413 官方網址:  https://nmap.org/nsedoc/scripts/auth-spoof.html 內文: local comm = require "comm" local shortport = require "shortport" description = [[ Checks for an identd (auth) server which is spoofing its replies. Tests whether an identd (auth) server responds with an answer before we even send the query.  This sort of identd spoofing can be a sign of malware infection, though it can also be used for legitimate privacy reasons. ]] --- -- @output -- PORT    STATE SERVICE REASON -- 113/tcp open  auth    syn-ack -- |_auth-spoof: Spoofed reply: 0, 0 : USERID : UNIX : OGJdvM author = "Diman Todorov" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"malware", "safe"} portrule = shortport.port_or_service(113, "auth") action = function(host, port)   local status, owner = comm.get_banner(hos...

原則上是可探知owner 但相關資料很少 nmap說明: Attempts to find the owner of an open TCP port by querying an auth daemon which must also be open on the target system. The auth service, also known as identd, normally runs on port 113. nmap網頁: auth-owners 內容: local nmap = require "nmap" local string = require "string" description = [[ Attempts to find the owner of an open TCP port by querying an auth daemon which must also be open on the target system. The auth service, also known as identd, normally runs on port 113. ]] --- --@output -- 21/tcp   open     ftp       ProFTPD 1.3.1 -- |_ auth-owners: nobody -- 22/tcp   open     ssh       OpenSSH 4.3p2 Debian 9etch2 (protocol 2.0) -- |_ auth-owners: root -- 25/tcp   open     smtp      Postfix smtpd -- |_ auth-owners: postfix -- 80/tcp   open     http      Apache httpd 2.0.61 ((Unix) PHP/4.4.7 ...) -- |_ auth-owners: ...

說明: 傳送 詢問的網域名稱(或IP) 給指定的DNS伺服器 詢問相關資料 有時會因每個DNS 伺服器不同,  給的答案不同 內文: local dns = require "dns" local ipOps = require "ipOps" local nmap = require "nmap" local stdnse = require "stdnse" local string = require "string" local table = require "table" description = [[ Maps IP addresses to autonomous system (AS) numbers. The script works by sending DNS TXT queries to a DNS server which in turn queries a third-party service provided by Team Cymru (https://www.team-cymru.org/Services/ip-to-asn.html) using an in-addr.arpa style zone set up especially for use by Nmap. The responses to these queries contain both Origin and Peer ASNs and their descriptions, displayed along with the BGP Prefix and Country Code. The script caches results to reduce the number of queries and should perform a single query for all scanned targets in a BGP Prefix present in Team Cymru's database. Be aware that any targets agains...