Enterprise-class vulnerability scanning tool

        The Internet is a not a battle, long ago found that clients go to the customer site springboard machine invasion, followed by 20 super simple server password have become a mining machine. Leading to the normal program can not run the business situation disturbed! So today we talk with leak sweep and reverse osmosis! !

        Usually sweep bottom drain products appear on the market and are achieved by masscan nmap, nmap reason much faster compared masscan, masscan the asynchronous transfer mode, scanning mode stateless. nmap be recorded tcp / ip state, os able to handle TCP / IP connections of up to about 1,500. Before I wrote the script with nmap scan of a leak, you can generate execl form to record the script weak passwords and the like and then send the message to the specified mailbox. So have the time right! It rich as a small stack of whole project give us analyze what principle underlying implementation. So before he would build weapons, also can not get a copy of it under Shaohuo! Today we send the first use of an AK47!

Opening login first configuration:

Many here are selected by default just fine. We only configure this section

Server IP addresses, if multiple segments can continue to fill in the next line. Support B-scan section! Then we go back to the home page:

Simple, clean, dark shades magic weapon standard. Close search bar to enter the protocol, port services, IP and so a series of things for you to find the information you want. That there is a question mark next to use to help me not list! server: ssh server is to find all means open ssh port

The results are as follows (my test environment both virtual machines):

 Then we check the result sets Select All, then add the task:

Then turn to the election

Then save the execution, resulting in a task

Then wait a little longer, and other small flaw becomes solid. Click on the name of the task we will find weak passwords directly to your blasting out!

The same way we enter the server: mysql, mysql then choose weak passwords

Depending on your machine performance, it may calculate a little time then will be forced open root password.

So it can scan those loopholes? This would be due to his plugin, as part of the list of plugins, currently a total of 71 modules are available penetration testing, and can be custom modules and test scripts cattle X now! There are all kinds of statistics test finished Oh! Information can be collected only once, it can be scanned on a regular basis!

 

 

So smart students will ask, he is to crack the code on what it? Haha, here it is!

没错!这就是弱口令字典!但是初始值只有几十个!波哥怎么可能光给大家发枪不给子弹呢?波哥早就给你们准备好了1万个弱口令字典啦!只要复制粘贴进去,然后点击更新就可以啦!

如果你们觉得波哥的推荐对你们有帮助的话希望能帮忙转发分享,也不枉我半夜码字呕心整理了!

 

公众号回复:漏洞扫描

获取工具一键安装命令及1万弱口令字典!

关注微信公众号,获得更多实用工具及学习资料!

Guess you like

Origin www.cnblogs.com/devops-ITboge/p/11122999.html