Nmap scripts eine Seite: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(14 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
 
=Locate the scripts=
 
=Locate the scripts=
*locate nse | grep scripts
+
locate nse | grep scripts
 
=Finding Vulnerability Scanning Scripts=
 
=Finding Vulnerability Scanning Scripts=
*locate *vuln*.nse
+
locate *vuln*.nse
 
oder besser
 
oder besser
*cd /usr/share/nmap/scripts
+
cd /usr/share/nmap/scripts
*ls
+
ls
  
 
=help=
 
=help=
 
;ssh-hostkey
 
;ssh-hostkey
*nmap --script-help=ssh-hostkey
+
nmap --script-help=ssh-hostkey
<pre>
 
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-01 05:06 CET
 
 
 
ssh-hostkey
 
Categories: safe default discovery
 
https://nmap.org/nsedoc/scripts/ssh-hostkey.html
 
  Shows SSH hostkeys.
 
 
 
  Shows the target SSH server's key fingerprint and (with high enough
 
  verbosity level) the public key itself.  It records the discovered host keys
 
  in <code>nmap.registry</code> for use by other scripts.  Output can be
 
  controlled with the <code>ssh_hostkey</code> script argument.
 
 
 
  You may also compare the retrieved key with the keys in your known-hosts
 
  file using the <code>known-hosts</code> argument.
 
 
 
  The script also includes a postrule that check for duplicate hosts using the
 
  gathered keys.
 
</pre>
 
 
;nfs-showmount
 
;nfs-showmount
*nmap  --script-help=nfs-showmount.nse
+
nmap  --script-help=nfs-showmount.nse
<pre>
 
Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-13 07:26 CET
 
 
 
nfs-showmount
 
Categories: discovery safe
 
https://nmap.org/nsedoc/scripts/nfs-showmount.html
 
  Shows NFS exports, like the <code>showmount -e</code> command.
 
</pre>
 
 
 
 
=ssh misc=
 
=ssh misc=
 
==Fingerprint der Hostkeys==
 
==Fingerprint der Hostkeys==
*nmap  --script ssh-hostkey 192.168.34.1
+
nmap  --script ssh-hostkey 192.168.34.1
<pre>
+
==Welche Authentifizierungsmethoden werden unterstützt==
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:03 CET
+
nmap  --script ssh-auth-methods 192.168.34.1
Nmap scan report for 192.168.34.1
+
==Welche Cipher-Suits werden unterstützt==
Host is up (0.00016s latency).
+
nmap  --script ssh2-enum-algos 192.168.34.1
Not shown: 994 closed tcp ports (conn-refused)
 
PORT    STATE SERVICE
 
22/tcp  open  ssh
 
| ssh-hostkey:
 
|  3072 2dc39f82ece37728cbc7b16c4acc6e2e (RSA)
 
|  256 7bbe487966c2e675dba74b535bbf34a1 (ECDSA)
 
|_  256 20efafc3c2991472086ba11c0c8f6cda (ED25519)
 
25/tcp  open  smtp
 
53/tcp  open  domain
 
80/tcp  open  http
 
143/tcp open  imap
 
993/tcp open  imaps
 
 
 
Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds
 
</pre>
 
 
 
=Welche Authentifizierungsmethoden werden unterstützt=
 
*nmap  --script ssh-auth-methods 192.168.34.1
 
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:08 CET
 
Nmap scan report for 192.168.34.1
 
Host is up (0.0010s latency).
 
Not shown: 994 closed tcp ports (conn-refused)
 
PORT    STATE SERVICE
 
22/tcp  open  ssh
 
| ssh-auth-methods:
 
|  Supported authentication methods:
 
|    publickey
 
|_    password
 
25/tcp  open  smtp
 
53/tcp  open  domain
 
80/tcp  open  http
 
143/tcp open  imap
 
993/tcp open  imaps
 
 
 
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
 
</pre>
 
=Welche Cipher-Suits werden unterstützt=
 
*nmap  --script ssh2-enum-algos 192.168.34.1
 
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:09 CET
 
Nmap scan report for 192.168.34.1
 
Host is up (0.00015s latency).
 
Not shown: 994 closed tcp ports (conn-refused)
 
PORT    STATE SERVICE
 
22/tcp  open  ssh
 
| ssh2-enum-algos:
 
|  kex_algorithms: (9)
 
|      curve25519-sha256
 
|      curve25519-sha256@libssh.org
 
|      ecdh-sha2-nistp256
 
|      ecdh-sha2-nistp384
 
|      ecdh-sha2-nistp521
 
|      diffie-hellman-group-exchange-sha256
 
|      diffie-hellman-group16-sha512
 
|      diffie-hellman-group18-sha512
 
|      diffie-hellman-group14-sha256
 
|  server_host_key_algorithms: (5)
 
|      rsa-sha2-512
 
|      rsa-sha2-256
 
|      ssh-rsa
 
|      ecdsa-sha2-nistp256
 
|      ssh-ed25519
 
|  encryption_algorithms: (6)
 
|      chacha20-poly1305@openssh.com
 
|      aes128-ctr
 
|      aes192-ctr
 
|      aes256-ctr
 
|      aes128-gcm@openssh.com
 
|      aes256-gcm@openssh.com
 
|  mac_algorithms: (10)
 
|      umac-64-etm@openssh.com
 
|      umac-128-etm@openssh.com
 
|      hmac-sha2-256-etm@openssh.com
 
|      hmac-sha2-512-etm@openssh.com
 
|      hmac-sha1-etm@openssh.com
 
|      umac-64@openssh.com
 
|      umac-128@openssh.com
 
|      hmac-sha2-256
 
|      hmac-sha2-512
 
|      hmac-sha1
 
|  compression_algorithms: (2)
 
|      none
 
|_      zlib@openssh.com
 
25/tcp  open  smtp
 
53/tcp  open  domain
 
80/tcp  open  http
 
143/tcp open  imap
 
993/tcp open  imaps
 
 
 
Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds
 
</pre>
 
 
==ssh Bruteforce==
 
==ssh Bruteforce==
*nmap  --script ssh-brute 192.168.34.1
+
nmap  --script ssh-brute --script-args userdb=users.txt,passdb=pass.txt 192.168.34.1
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:13 CET
 
NSE: [ssh-brute] Trying username/password pair: root:root
 
NSE: [ssh-brute] Trying username/password pair: admin:admin
 
NSE: [ssh-brute] Trying username/password pair: administrator:administrator
 
NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
 
NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
 
NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
 
...
 
</pre>
 
  
=ssl misc=
+
=Nmap-scripts-ssl=
*[[nmap-scripts-ssl]]
+
==Welche Certs werden angeboten==
 +
nmap  --script ssl-cert.nse  192.168.34.1 -p 993
 +
==Welche Cipher Suits werden angeboten==
 +
*nmap -sV --script ssl-enum-ciphers 192.168.34.1 -p 993
 
=smtp misc=
 
=smtp misc=
*[[nmap-scripts-smtp]]
+
nmap --script smtp-open-relay.nse ox.xinux.org -p 25 
 +
==Welche Kommandos werden vom Mailserver unterstützt==
 +
nmap  --script smtp-commands ox.xinux.org -p 25
 +
==User auf dem Mailsystem herausfinden==
 +
nmap  --script smtp-enum-users ox.xinux.org -p 25
 
=proxy misc=
 
=proxy misc=
*[[nmap-scripts-proxy]]
+
==Finde Offene Proxys==
 
+
nmap --script "http-open-proxy" -p 3128  10.82.10.40
 
=http misc=
 
=http misc=
*[[nmap-scripts-http]]
+
==Show HTTP Title==
=wordpress-version misc=
+
nmap --script http-title -sV -p 80 192.168.34.1
*[[nmap-scripts-wordpress-version]]
+
==HTTP Bannergrabbing==
 
+
nmap -sV -p 80 --script=banner 192.168.34.1
 
+
==Find Files or interestings Dirs on Webserver==
 
+
nmap -sV --script http-enum -p 443 10.3.4.12
=Alle Schwachstellen=
+
=Verschiedenes=
*nmap -sV --script vulners 10.0.10.104
+
==Alle Schwachstellen==
 
+
nmap -sV --script vulners 10.0.10.104
 
+
==NFS Check==
=NFS Check=
+
nmap -sV  --script=nfs-showmount.nse  10.82.10.40
*nmap -sV  --script=nfs-showmount.nse  10.82.10.40
+
==SMB Check==
=SMB Check=
+
nmap -p 445 --script smb-os-discovery 10.82.10.40
*nmap -p 445 --script smb-os-discovery 10.82.10.40
+
==Traceroute Geolocation==
 
+
nmap --traceroute  --script traceroute-geolocation.nse -p 80 www.facebook.com
=Traceroute Geolocation=
+
==FTP Bannergrabbing==
*nmap --traceroute  --script traceroute-geolocation.nse -p 80 www.facebook.com
+
nmap -sV -p 21 --script=banner 10.3.4.12
=FTP Bannergrabbing=
 
*nmap -sV -p 21 --script=banner 10.3.4.12
 
 
 
 
=Update the Script Database=
 
=Update the Script Database=
*nmap --script-updatedb
+
nmap --script-updatedb
  
 
=links=
 
=links=

Aktuelle Version vom 19. Mai 2025, 08:58 Uhr

Locate the scripts

locate nse | grep scripts

Finding Vulnerability Scanning Scripts

locate *vuln*.nse

oder besser 

cd /usr/share/nmap/scripts
ls

help

ssh-hostkey
nmap --script-help=ssh-hostkey
nfs-showmount

nmap --script-help=nfs-showmount.nse

ssh misc

Fingerprint der Hostkeys

nmap  --script ssh-hostkey 192.168.34.1

Welche Authentifizierungsmethoden werden unterstützt

nmap  --script ssh-auth-methods 192.168.34.1

Welche Cipher-Suits werden unterstützt

nmap  --script ssh2-enum-algos 192.168.34.1

ssh Bruteforce

nmap  --script ssh-brute --script-args userdb=users.txt,passdb=pass.txt 192.168.34.1

Nmap-scripts-ssl

Welche Certs werden angeboten

nmap  --script ssl-cert.nse  192.168.34.1 -p 993

Welche Cipher Suits werden angeboten

  • nmap -sV --script ssl-enum-ciphers 192.168.34.1 -p 993

smtp misc

nmap --script smtp-open-relay.nse ox.xinux.org -p 25

Welche Kommandos werden vom Mailserver unterstützt

nmap  --script smtp-commands ox.xinux.org -p 25

User auf dem Mailsystem herausfinden

nmap  --script smtp-enum-users ox.xinux.org -p 25

proxy misc

Finde Offene Proxys

nmap --script "http-open-proxy" -p 3128  10.82.10.40

http misc

Show HTTP Title

nmap --script http-title -sV -p 80 192.168.34.1

HTTP Bannergrabbing

nmap -sV -p 80 --script=banner 192.168.34.1

Find Files or interestings Dirs on Webserver

nmap -sV --script http-enum -p 443 10.3.4.12

Verschiedenes

Alle Schwachstellen

nmap -sV --script vulners 10.0.10.104

NFS Check

nmap -sV  --script=nfs-showmount.nse  10.82.10.40

SMB Check

nmap -p 445 --script smb-os-discovery 10.82.10.40

Traceroute Geolocation

nmap --traceroute  --script traceroute-geolocation.nse -p 80 www.facebook.com

FTP Bannergrabbing

nmap -sV -p 21 --script=banner 10.3.4.12

Update the Script Database

nmap --script-updatedb

links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Nmap_scripts_eine_Seite&oldid=63176