Directory scan
: Scan directory sites, looking for sensitive documents (directory names, file probe, background, robots.txt, backup files);
table of Contents:
Backup files: data backup, website backup files, etc. a .zap .bak
www.rar
Sword background scanning tools:
Dirbuster
Nmap was first Linux scanning and sniffing tools, network connectivity tools, primarily detect host survival (whether boot), open the service (port scan), security issues (advanced usage), system type (os type)
nmap installation, configuration environment variable
Usage :( command line mode)
nmap -h
nmap 192.168.121.1 - Scanning a single ip
status:
open
close
filtered - is filtered, probes was blocked, unable to locate the port is open
unfiltered - unfiltered, sounding packet is not blocked, nmap can not determine whether the port is opened
open | filtered - open or filtered
close | filtered - closed or filtered
nmap 192.168.211.0/24 - scanning the entire network segment
nmap 192.168.211.10-200 - scans specified network
nmap 192.168.211.10,100,200-300 - network scanning 10,100,200-300
nmap 192.168.1.0/24 10.10.10.0/24 scan different network segments
nmap -iL filename - scans the target file
nmap -iR randomly selected to probe the target eg: nmap -sS -PS80 -iR 0 (to scan the endless) -p80
nmap 192.168.1.0/24 --exclude 192.168.1.1,255,4-20 scan to exclude certain ip
nmap -iL filename1 --exclude filename2 ---- filename1 to be scanned, filename2 not scan
nmap sT 192.168.1.1 using TCP full connection mode, the scanning process requires three-way handshake to establish a connection
nmap -sS 192.168.1.1 used to detect SYN packet, if the received ACK, the open port
nmap -sN 192.168.1.1 NULL scan, the data packet is sent without setting any flag
Note: The above default port scanning is 1-1000
-p followed by the specified port -p20,21,22,80,3306 -p- = -p1-65535
nmap -sV 192.168.1.1 version detection service
nmap 192.168.1.1 >./re.txt
nmap 192.168.1.1 -oX re.html
nmap -A 192.168.1.1 obtain detailed results of all target
nmap -O 192.168.1.1 detection type of operating system
--script using a script to detect vulnerabilities
namp --scrip smb-vuln-ms17-010 192.168.1.1 Eternal Blue
nmap --scrip smb-check-vulns 192.168.1.1 MS08-067
nmap -scrip ssl-heartbleed 192.168.1.1 bleeding heart
MSF use by MS17-010 obtain system privileges
step1: open postgresql database /etc/init.d/postgresql start
step2; msconsole enter the msf
search 17-010 search cve17-010 related exp
auxiliary / scanner / smb / smb_ms17_010 the existence of the vulnerability scanning
exploit / windows / smb / ms17_010_eternalblue to attack exp
step3: to detect the existence of loopholes