Nmap network security audit (seven)
Vulnerability audits
Vulnerability scanning capabilities of Nmap
Ann did know some of the clothes may leak sweep tools are often used, like Nessus, Open Vas and so on. In blessing the NSE, Nmap can also become a tool to sweep leak, leak sweep these scripts under vuln classification.
NSE vulnerability scanning advantages:
- Nmap API may be used to complete the processing of the information collected during the scan
- NSE scripts and other scripts can share information obtained during execution
- NSE provides a large number of components of the network protocol library
- NSE provides vulnerability database file, library files can be exploited to create a good bug reports
-
NSE provides a powerful mechanism for concurrency and error handling mechanism
Have said before, if you want to use all the scripts in this category, you can add the category name in the back --script, also we can use similar methods to increase the target version detection, as well as the port is set to target all valid port.
nmap -p- -sV --version-all --script vuln 192.168.126.131-p- refers to the destination port specified as all active ports, -sV --version-all version to improve the efficiency of detection.
Run the above command to wait a little while, we can get a sweep leak report, I have here is a scan of win7
If we want more information, you can use parameters vuln.showall All content (--script-args NSE script is used to select the operating parameters since the parameters we run here is vuln.showall)
Windwos detection system vulnerabilities
We mentioned earlier script a system would cause harm, we need to carefully select the test target using the following script time.
nmap -p- -sV --script vuln --script-args unsafe 192.168.126.131When scanned, this script may cause the system to crash, script smb-check-vulns most commonly used is complete if there are less vulnerable target detection system
- Windows Ras RPC service vulnerability(MS06-025)
- Windows Dns Server RPC service vulnerability(MS07-029)
- Windows RPC vulnerability(MS08-67)
- Conficker worm infection
- CVE-2009-3013
-
Unnamed regsvc Dos found by Ron Bowes
These vulnerabilities are generally present in relatively old systems, but there are many companies in the system using an older version, there are many companies in win2003 server, I have seen at work since long before the use of this version, followed by business development after the big, bad do too much data migration, migration also needs to do to stop the server, and the server is running an important service .....
end
Internet also has other authors will be written using nmap to detect what ssl heart blood, VNC these loopholes, I can not go to each write, in fact, use windows version of nmap very easy, click on the top of the configuration editor selected --- --- configuration script, on the left we can see a lot of scripts, which files with the script under nmap file is the same as
to find the script you want to use your own, here I took bleeding heart do presentations, find ssl-heartbleed point of this option will appear on the right to use this script, in great detail, those are about the same, as well as the corresponding parameters of the script written with my usual, so do not talk about themselves to these studies, the official website there are manual, there are many readily available information.
(Heart blood SSL) 
(before modification parameter user-agent HTTP header information is used)
This involves writing a lot of sensitive words, every article written a few hours to finish still need to cut in order to amend sensitive words, too hard
Command to the image-based