發表文章

broadcast-dhcp6-discover.nse 說明

用來查看 DHCP v6 來源 的 資訊... 指令:  nmap -6 --script broadcast-dhcp6-discover 官方網址:   https://nmap.org/nsedoc/scripts/broadcast-dhcp6-discover.html 說明 內文: local coroutine = require "coroutine" local dhcp6 = require "dhcp6" local nmap = require "nmap" local stdnse = require "stdnse" local table = require "table" description = [[ Sends a DHCPv6 request (Solicit) to the DHCPv6 multicast address, parses the response, then extracts and prints the address along with any options returned by the server. The script requires Nmap to be run in privileged mode as it binds the socket to a privileged port (udp/546). ]] --- -- @usage -- nmap -6 --script broadcast-dhcp6-discover -- -- @output -- | broadcast-dhcp6-discover: -- |   Interface: en0 -- |     Message type: Advertise -- |     Transaction id: 74401 -- |     Options -- |       Client identifier: MAC: 68:AB:CD:EF:AB:CD; Time: 2012-01-24 20:36:48 -- |  ...

broadcast-db2-discover.nse 說明

圖片
透過 UDP  port 523 去找內網的  DB2 servers 指令:   nmap --script db2-discover 官方網址:  https://nmap.org/nsedoc/scripts/broadcast-db2-discover.html 內容: local nmap = require "nmap" local stdnse = require "stdnse" local string = require "string" local table = require "table" local target = require "target" description = [[ Attempts to discover DB2 servers on the network by sending a broadcast request to port 523/udp. ]] --- -- @usage -- nmap --script db2-discover -- -- @output -- Pre-scan script results: -- | broadcast-db2-discover: -- |   10.0.200.132 (UBU804-DB2E) - IBM DB2 v9.07.0 -- |_  10.0.200.119 (EDUSRV011) - IBM DB2 v9.07.0 -- Version 0.1 -- Created 07/10/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net> author = "Patrik Karlsson" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"broadcast", "safe"} prerule = funct...

broadcast-bjnp-discover.nse說明

圖片
這是 canon印表機 通訊協定 the BJNP protocol , 用來查詢內網 是否存在這樣設備 執行: nmap --script broadcast-bjnp-discover 官方網址:   https://nmap.org/nsedoc/scripts/broadcast-bjnp-discover.html 內容: description = [[ Attempts to discover Canon devices (Printers/Scanners) supporting the BJNP protocol by sending BJNP Discover requests to the network broadcast address for both ports associated with the protocol. The script then attempts to retrieve the model, version and some additional information for all discovered devices. ]] --- -- @usage -- nmap --script broadcast-bjnp-discover -- -- @output -- | broadcast-bjnp-discover: -- |   192.168.0.10 -- |     Printer -- |       Manufacturer: Canon -- |       Model: MG5200 series -- |       Description: Canon MG5200 series -- |       Firmware version: 1.050 -- |       Command: BJL,BJRaster3,BSCCe,NCCe,IVEC,IVECPLI -- |     Scanner -- | ...

broadcast-avahi-dos.nse 說明

針對 port 5353 傳送 空的 UDP 封包(IP4, IP6)對某台電腦 進行 類似暴力攻擊 官方:   https://nmap.org/nsedoc/scripts/broadcast-avahi-dos.html 內容: local dnssd = require "dnssd" local nmap = require "nmap" local stdnse = require "stdnse" local table = require "table" description=[[ Attempts to discover hosts in the local network using the DNS Service Discovery protocol and sends a NULL UDP packet to each host to test if it is vulnerable to the Avahi NULL UDP packet denial of service (CVE-2011-1002). The <code>broadcast-avahi-dos.wait</code> script argument specifies how many number of seconds to wait before a new attempt of host discovery. Each host who does not respond to this second attempt will be considered vulnerable. Reference: * http://avahi.org/ticket/325 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002 ]] --- -- @usage -- nmap --script=broadcast-avahi-dos -- -- @output -- | broadcast-avahi-dos: -- |   Discover...

broadcast-ataoe-discover.nse 說明

找尋  ATA over Ethernet protocol 的伺服器, 類似 iSCSI,. 最重要是讓硬體儲存設備 可以快速於網路上讀取 但切記, 並不是 網路封包規範方式喔 說明:  ATA over Ethernet 官方:   https://nmap.org/nsedoc/scripts/broadcast-ataoe-discover.html 內容: local bin = require "bin" local bit = require "bit" local math = require "math" local nmap = require "nmap" local packet = require "packet" local stdnse = require "stdnse" local string = require "string" local table = require "table" description = [[ Discovers servers supporting the ATA over Ethernet protocol. ATA over Ethernet is an ethernet protocol developed by the Brantley Coile Company and allows for simple, high-performance access to SATA drives over Ethernet. Discovery is performed by sending a Query Config Request to the Ethernet broadcast address with all bits set in the major and minor fields of the header. ]] --- -- @usage -- nmap --script broadcast-ataoe-discover -e <interface>...

bittorrent-discovery.nse

查詢   bittorrent 經過peers 與 nodes, 也可說可以確定該IP是否為種子(自我檢測也OK) 官方: https://nmap.org/nsedoc/scripts/bittorrent-discovery.html bittorrent說明:  https://zh.wikipedia.org/wiki/BitTorrent_(%E5%8D%8F%E8%AE%AE) 內容: local stdnse = require "stdnse" local table = require "table" local target = require "target" local bittorrent = stdnse.silent_require "bittorrent" description = [[ Discovers bittorrent peers sharing a file based on a user-supplied torrent file or magnet link.  Peers implement the Bittorrent protocol and share the torrent, whereas the nodes (only shown if the include-nodes NSE argument is given) implement the DHT protocol and are used to track the peers. The sets of peers and nodes are not the same, but they usually intersect. If the <code>newtargets</code> script-arg is supplied it adds the discovered peers as targets. ]] --- -- @usage -- nmap --script bittorrent-discovery --script-args newtargets,bittorrent-...

bjnp-discover.nse 說明

圖片
針對canon  Pixma  網路型態的印表機及掃描機, 可以透過 BJNP通訊協定, 取得相關訊息 現在少用 , 我拿一台別家事務機測試, 當然是不通 官方:  https://nmap.org/nsedoc/scripts/bjnp-discover.html 內容: description = [[ Retrieves printer or scanner information from a remote device supporting the BJNP protocol. The protocol is known to be supported by network based Canon devices. ]] --- -- @usage -- sudo nmap -sU -p 8611,8612 --script bjnp-discover <ip> -- -- @output -- PORT     STATE SERVICE -- 8611/udp open  canon-bjnp1 -- | bjnp-discover: -- |   Manufacturer: Canon -- |   Model: MG5200 series -- |   Description: Canon MG5200 series -- |   Firmware version: 1.050 -- |_  Command: BJL,BJRaster3,BSCCe,NCCe,IVEC,IVECPLI -- 8612/udp open  canon-bjnp2 -- | bjnp-discover: -- |   Manufacturer: Canon -- |   Model: MG5200 series -- |   Description: Canon MG5200 series -- |_  Command: MultiPass 2.1,IVEC -- categories = {"safe", "discovery"}...