Nmap scripts: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 7: | Zeile 7: | ||
*ls | *ls | ||
| + | =Hilfe= | ||
| + | *nmap --script-help=ssh-hostkey | ||
| + | <pre> | ||
| + | Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-01 05:06 CET | ||
| + | |||
| + | ssh-hostkey | ||
| + | Categories: safe default discovery | ||
| + | https://nmap.org/nsedoc/scripts/ssh-hostkey.html | ||
| + | Shows SSH hostkeys. | ||
| + | |||
| + | Shows the target SSH server's key fingerprint and (with high enough | ||
| + | verbosity level) the public key itself. It records the discovered host keys | ||
| + | in <code>nmap.registry</code> for use by other scripts. Output can be | ||
| + | controlled with the <code>ssh_hostkey</code> script argument. | ||
| + | |||
| + | You may also compare the retrieved key with the keys in your known-hosts | ||
| + | file using the <code>known-hosts</code> argument. | ||
| + | |||
| + | The script also includes a postrule that check for duplicate hosts using the | ||
| + | gathered keys. | ||
| + | </pre> | ||
=ssh misc= | =ssh misc= | ||
*[[nmap-scripts-ssh]] | *[[nmap-scripts-ssh]] | ||
| + | |||
=ssl misc= | =ssl misc= | ||
*[[nmap-scripts-ssl]] | *[[nmap-scripts-ssl]] | ||
Version vom 1. März 2023, 04:08 Uhr
Locate the scripts
- locate nse | grep scripts
Finding Vulnerability Scanning Scripts
- locate *vuln*.nse
oder besser
- cd /usr/share/nmap/scripts
- ls
Hilfe
- nmap --script-help=ssh-hostkey
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-01 05:06 CET ssh-hostkey Categories: safe default discovery https://nmap.org/nsedoc/scripts/ssh-hostkey.html Shows SSH hostkeys. Shows the target SSH server's key fingerprint and (with high enough verbosity level) the public key itself. It records the discovered host keys in <code>nmap.registry</code> for use by other scripts. Output can be controlled with the <code>ssh_hostkey</code> script argument. You may also compare the retrieved key with the keys in your known-hosts file using the <code>known-hosts</code> argument. The script also includes a postrule that check for duplicate hosts using the gathered keys.
ssh misc
ssl misc
smtp misc
http misc
wordpress-version misc
Alle Schwachstellen
- nmap -sV --script vulners 10.0.10.104
Finde Offene Proxys
- nmap --script "http-open-proxy" -p 3128 10.82.10.40
Host is up (0.0033s latency). rDNS record for 10.82.10.40: squid.linux.lab PORT STATE SERVICE 3128/tcp open squid-http | http-open-proxy: Potentially OPEN proxy. |_Methods supported: GET HEAD CONNECTION
Help with a script
- nmap --script-help=nfs-showmount.nse
Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-13 07:26 CET nfs-showmount Categories: discovery safe https://nmap.org/nsedoc/scripts/nfs-showmount.html Shows NFS exports, like the <code>showmount -e</code> command.
NFS Check
- nmap -sV --script=nfs-showmount.nse 10.82.10.40
SMB Check
- nmap -p 445 --script smb-os-discovery 10.82.10.40
Traceroute Geolocation
- nmap --traceroute --script traceroute-geolocation.nse -p 80 www.facebook.com
FTP Bannergrabbing
- nmap -sV -p 21 --script=banner 10.3.4.12
Update the Script Database
- nmap --script-updatedb
links
- https://hackertarget.com/7-nmap-nse-scripts-recon/
- http://resources.infosecinstitute.com/nmap-scripting-example/#gref
- https://null-byte.wonderhowto.com/how-to/hack-like-pro-using-nmap-scripting-engine-nse-for-reconnaissance-0158681/
- https://pentestlab.blog/2012/03/08/nmap-scripting-engine-basic-usage-2/