Home  >  Article  >  Operation and Maintenance  >  Example analysis of Nmap operations

Example analysis of Nmap operations

WBOY
WBOYforward
2023-05-17 12:22:181011browse

Background

With the development of the security industry, the country attaches great importance to it. Various industries suffer from various threats. Some companies of Party A do not have relevant security departments or their security capabilities are relatively weak, so they will hire Party B's security personnel to provide operational services. Then Party B's security engineers need to help customers deal with some security events that occur during business operations. For example, after a vulnerability occurs, our security engineers need to detect whether other business systems have the vulnerability and whether it needs to be repaired in time. We also need to output some results to facilitate customer reporting, as well as how to improve work efficiency, etc.

Efficient Scan

Common Parameter Options Review

Example analysis of Nmap operations

Fast Survival Scan

nmap  -T4  -n  -V  –sn  -iL  ip.txt   -oN  live_host.txt

Example analysis of Nmap operations

提示:-sn参数也是ping 扫描,不进行端口扫描。Sn扫描 和sp 扫描的区别是:sp扫描无法扫描出防火墙禁ping 的存活主机;而sn扫描。防火墙在禁ping状态下,防火墙把icmp包都丢弃了,依然能检测到存活的主机
-P0.-PS,-PA,-PU 扫描会进行端口开放扫描,而-Sp ,-sn 扫描则不会进行端口开放扫描

Optimize scanning

nmap  -T4  -n –v  --top-ports  “1000” –max-retries 3  --min-hostgroup   100  --host-timeout   18000ms  --max-rtt-timeout  500ms   --open  -iL  ip.txt  -oA  openport_result



提示:--max-rrt-timeout,  --host-timeout 在旧版本的nmap 中,默认单位为毫秒,在新版nmap7.80版本中,默认的单位是秒,如果想要设置毫秒单位,记得在数字后面加ms ,例如:

Example analysis of Nmap operations

Specify service type scanning

Only scan ports that open HTTP services

nmap  -T4 –n –v –p http* --max-retries 3 –min-hostgroup 30 –host-timeout 18000ms –open –iL ip.txt –oA httpport_result

Example analysis of Nmap operations

Comprehensive vulnerability scanning command:

nmap  -v  -n  -Pn  --script=vuln  -T4  --open  -M 5  -iL ip.txt  -oN vuln_scan_result.txt

Example analysis of Nmap operations

Specify vulnerability type scan - SMB

nmap  -T4  -n  -v  –script=smb*  --max-retries  3  --open   -iL  ip.txt   -oA  smbvuln_result

Example analysis of Nmap operations

Commonly used scan Options

Example analysis of Nmap operations

Vulnerability POC verification

You can use batch processing scripts to write Nmap’s vulnerability POC one-click verification script tool, which is simple and easy to use

Example analysis of Nmap operations

Weak password detection

命令如下:

Nmap  -sT  -p  目标应用端口  -v  -n  -Pn   --script = 弱口令扫描脚本  --script-args   userdb=用户名字典,passdb=弱口令字典  -iL    ip.txt   -oN   result.txt

Example analysis of Nmap operations

Writing of ftp weak password script command

Example analysis of Nmap operations

Windows SMB weak password scan

nmap -v -n -sT -d --script=smb-brute.nse --script-args userdb=smb_user.dic,passdb=week.txt -p 445,139 -oN res.txt -iL ip.txt

Example analysis of Nmap operations

SQL Server weak password scan

nmap –v –n  -sT –script ms-sql-brute.nse –script-args userdb= conf\mssql_user.dic,passdb=conf\weekpassword.txt  -p 1433  -oN result\mssql_result.txt   -iL  ip.txt

Example analysis of Nmap operations

##Execute ms-sql-xp- cmdshell.cmd="net users" IP

Example analysis of Nmap operationsExample analysis of Nmap operations

Detailed whois analysis

nmap --script external www.baidu.com

Example analysis of Nmap operations

Scan web directory

nmap -p 80,443 --script=http-enum.nse www.baidu.com

Example analysis of Nmap operations

Scanning results

https://github.com/mrschyte/nmap-converter
或者  nmaptocsv
pip install XlsxWriter


pip install python-libnmap

Example analysis of Nmap operations

Example analysis of Nmap operations##Convert xml document to HTML

安装 xsltproc


xsltproc -o test01.htm t.xml

Example analysis of Nmap operationsUse the modified template to output the html file:

xsltproc -o test02.htm xslt模板.xsl test01.xml

Example analysis of Nmap operations

The above is the detailed content of Example analysis of Nmap operations. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete