09.07.2015

Nmap/Hping3 [Scan tips]

[Dumb scan]

Hping3:
#hping3 192.168.1.254 -r
#hping3 192.168.1.1 -a 192.168.1.254 -p 3306 -S

//192.168.1.254 - подставной хост
//192.168.1.1 - таргет

----> id=n+1[open] , id=+1 [close]

Nmap:
#nmap -Pn -sI 192.168.1.254 192.168.1.1

// -sI - idle scan

2-3x раз, сверить результаты.

Nmap скрипты:

nmap -n -P0 -p80,443 -iL hostNP.lst --script=\
http-apache-server-status,\
http-auth-finder,\
http-backup-finder,\
http-comments-displayer,\
http-default-accounts,\
http-devframework,\
http-enum,\
http-headers,\
http-mobileversion-checker,\
http-php-version,\
http-robots.txt,\
http-svn-info,\
http-useragent-tester,
http-vhosts,\
http-webdav-scan,\
http-xssed\
-oA script_scan_np

Nmap exploits:
nmap -n -P0 -p80,443 -iL hostNP.lst --script=\
http-csrf,\
http-dombased-xss,\
http-fileupload-exploiter,\
http-shellshock,\
http-stored-xss,\
http-vuln-cve-2006-2293,\
http-vuln-cve-2009-3960,\
http-vuln-cve-2012-1823,\
http-vuln-cve-2013-0156,\
http-vuln-cve-2013-6786,\
http-vuln-cve-2013-7091,\
http-vuln-cve-2014-3704,\
http-vuln-cve-2014-8877,\
 -oA nmap_plus