Nmap scripts eine Seite: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 1: Zeile 1:
 
=Locate the scripts=
 
=Locate the scripts=
*locate nse | grep scripts
+
locate nse | grep scripts
 
=Finding Vulnerability Scanning Scripts=
 
=Finding Vulnerability Scanning Scripts=
*locate *vuln*.nse
+
locate *vuln*.nse
 
oder besser
 
oder besser
*cd /usr/share/nmap/scripts
+
cd /usr/share/nmap/scripts
*ls
+
ls
  
 
=help=
 
=help=
 
;ssh-hostkey
 
;ssh-hostkey
*nmap --script-help=ssh-hostkey
+
nmap --script-help=ssh-hostkey
<pre>
 
Starting Nmap 7.80 ( https://nmap.org ) at 2023-03-01 05:06 CET
 
 
 
ssh-hostkey
 
Categories: safe default discovery
 
https://nmap.org/nsedoc/scripts/ssh-hostkey.html
 
  Shows SSH hostkeys.
 
 
 
  Shows the target SSH server's key fingerprint and (with high enough
 
  verbosity level) the public key itself.  It records the discovered host keys
 
  in <code>nmap.registry</code> for use by other scripts.  Output can be
 
  controlled with the <code>ssh_hostkey</code> script argument.
 
 
 
  You may also compare the retrieved key with the keys in your known-hosts
 
  file using the <code>known-hosts</code> argument.
 
 
 
  The script also includes a postrule that check for duplicate hosts using the
 
  gathered keys.
 
</pre>
 
 
;nfs-showmount
 
;nfs-showmount
*nmap  --script-help=nfs-showmount.nse
+
nmap  --script-help=nfs-showmount.nse
<pre>
 
Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-13 07:26 CET
 
 
 
nfs-showmount
 
Categories: discovery safe
 
https://nmap.org/nsedoc/scripts/nfs-showmount.html
 
  Shows NFS exports, like the <code>showmount -e</code> command.
 
</pre>
 
 
 
 
=ssh misc=
 
=ssh misc=
 
==Fingerprint der Hostkeys==
 
==Fingerprint der Hostkeys==
*nmap  --script ssh-hostkey 192.168.34.1
+
nmap  --script ssh-hostkey 192.168.34.1
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:03 CET
 
Nmap scan report for 192.168.34.1
 
Host is up (0.00016s latency).
 
Not shown: 994 closed tcp ports (conn-refused)
 
PORT    STATE SERVICE
 
22/tcp  open  ssh
 
| ssh-hostkey:
 
|  3072 2dc39f82ece37728cbc7b16c4acc6e2e (RSA)
 
|  256 7bbe487966c2e675dba74b535bbf34a1 (ECDSA)
 
|_  256 20efafc3c2991472086ba11c0c8f6cda (ED25519)
 
25/tcp  open  smtp
 
53/tcp  open  domain
 
80/tcp  open  http
 
143/tcp open  imap
 
993/tcp open  imaps
 
 
 
Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds
 
</pre>
 
 
 
 
==Welche Authentifizierungsmethoden werden unterstützt==
 
==Welche Authentifizierungsmethoden werden unterstützt==
*nmap  --script ssh-auth-methods 192.168.34.1
+
nmap  --script ssh-auth-methods 192.168.34.1
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:08 CET
 
Nmap scan report for 192.168.34.1
 
Host is up (0.0010s latency).
 
Not shown: 994 closed tcp ports (conn-refused)
 
PORT    STATE SERVICE
 
22/tcp  open  ssh
 
| ssh-auth-methods:
 
|  Supported authentication methods:
 
|    publickey
 
|_    password
 
25/tcp  open  smtp
 
53/tcp  open  domain
 
80/tcp  open  http
 
143/tcp open  imap
 
993/tcp open  imaps
 
 
 
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
 
</pre>
 
 
 
 
==Welche Cipher-Suits werden unterstützt==
 
==Welche Cipher-Suits werden unterstützt==
*nmap  --script ssh2-enum-algos 192.168.34.1
+
nmap  --script ssh2-enum-algos 192.168.34.1
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:09 CET
 
Nmap scan report for 192.168.34.1
 
Host is up (0.00015s latency).
 
Not shown: 994 closed tcp ports (conn-refused)
 
PORT    STATE SERVICE
 
22/tcp  open  ssh
 
| ssh2-enum-algos:
 
|  kex_algorithms: (9)
 
|      curve25519-sha256
 
|      curve25519-sha256@libssh.org
 
|      ecdh-sha2-nistp256
 
|      ecdh-sha2-nistp384
 
|      ecdh-sha2-nistp521
 
|      diffie-hellman-group-exchange-sha256
 
|      diffie-hellman-group16-sha512
 
|      diffie-hellman-group18-sha512
 
|      diffie-hellman-group14-sha256
 
|  server_host_key_algorithms: (5)
 
|      rsa-sha2-512
 
|      rsa-sha2-256
 
|      ssh-rsa
 
|      ecdsa-sha2-nistp256
 
|      ssh-ed25519
 
|  encryption_algorithms: (6)
 
|      chacha20-poly1305@openssh.com
 
|      aes128-ctr
 
|      aes192-ctr
 
|      aes256-ctr
 
|      aes128-gcm@openssh.com
 
|      aes256-gcm@openssh.com
 
|  mac_algorithms: (10)
 
|      umac-64-etm@openssh.com
 
|      umac-128-etm@openssh.com
 
|      hmac-sha2-256-etm@openssh.com
 
|      hmac-sha2-512-etm@openssh.com
 
|      hmac-sha1-etm@openssh.com
 
|      umac-64@openssh.com
 
|      umac-128@openssh.com
 
|      hmac-sha2-256
 
|      hmac-sha2-512
 
|      hmac-sha1
 
|  compression_algorithms: (2)
 
|      none
 
|_      zlib@openssh.com
 
25/tcp  open  smtp
 
53/tcp  open  domain
 
80/tcp  open  http
 
143/tcp open  imap
 
993/tcp open  imaps
 
 
 
Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds
 
</pre>
 
 
==ssh Bruteforce==
 
==ssh Bruteforce==
*nmap  --script ssh-brute 192.168.34.1
+
nmap  --script ssh-brute 192.168.34.1
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:13 CET
 
NSE: [ssh-brute] Trying username/password pair: root:root
 
NSE: [ssh-brute] Trying username/password pair: admin:admin
 
NSE: [ssh-brute] Trying username/password pair: administrator:administrator
 
NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
 
NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
 
NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
 
...
 
</pre>
 
 
 
 
=ssl misc=
 
=ssl misc=
 
==Fingerprint der Hostkeys==
 
==Fingerprint der Hostkeys==
*nmap  --script ssh-hostkey 192.168.34.1
+
nmap  --script ssh-hostkey 192.168.34.1
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:03 CET
 
Nmap scan report for 192.168.34.1
 
Host is up (0.00016s latency).
 
Not shown: 994 closed tcp ports (conn-refused)
 
PORT    STATE SERVICE
 
22/tcp  open  ssh
 
| ssh-hostkey:
 
|  3072 2dc39f82ece37728cbc7b16c4acc6e2e (RSA)
 
|  256 7bbe487966c2e675dba74b535bbf34a1 (ECDSA)
 
|_  256 20efafc3c2991472086ba11c0c8f6cda (ED25519)
 
25/tcp  open  smtp
 
53/tcp  open  domain
 
80/tcp  open  http
 
143/tcp open  imap
 
993/tcp open  imaps
 
 
 
Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds
 
</pre>
 
 
==Welche Authentifizierungsmethoden werden unterstützt==
 
==Welche Authentifizierungsmethoden werden unterstützt==
*nmap  --script ssh-auth-methods 192.168.34.1
+
nmap  --script ssh-auth-methods 192.168.34.1
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:08 CET
 
Nmap scan report for 192.168.34.1
 
Host is up (0.0010s latency).
 
Not shown: 994 closed tcp ports (conn-refused)
 
PORT    STATE SERVICE
 
22/tcp  open  ssh
 
| ssh-auth-methods:
 
|  Supported authentication methods:
 
|    publickey
 
|_    password
 
25/tcp  open  smtp
 
53/tcp  open  domain
 
80/tcp  open  http
 
143/tcp open  imap
 
993/tcp open  imaps
 
 
 
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
 
</pre>
 
 
==Welche Cipher-Suits werden unterstützt==
 
==Welche Cipher-Suits werden unterstützt==
*nmap  --script ssh2-enum-algos 192.168.34.1
+
nmap  --script ssh2-enum-algos 192.168.34.1
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:09 CET
 
Nmap scan report for 192.168.34.1
 
Host is up (0.00015s latency).
 
Not shown: 994 closed tcp ports (conn-refused)
 
PORT    STATE SERVICE
 
22/tcp  open  ssh
 
| ssh2-enum-algos:
 
|  kex_algorithms: (9)
 
|      curve25519-sha256
 
|      curve25519-sha256@libssh.org
 
|      ecdh-sha2-nistp256
 
|      ecdh-sha2-nistp384
 
|      ecdh-sha2-nistp521
 
|      diffie-hellman-group-exchange-sha256
 
|      diffie-hellman-group16-sha512
 
|      diffie-hellman-group18-sha512
 
|      diffie-hellman-group14-sha256
 
|  server_host_key_algorithms: (5)
 
|      rsa-sha2-512
 
|      rsa-sha2-256
 
|      ssh-rsa
 
|      ecdsa-sha2-nistp256
 
|      ssh-ed25519
 
|  encryption_algorithms: (6)
 
|      chacha20-poly1305@openssh.com
 
|      aes128-ctr
 
|      aes192-ctr
 
|      aes256-ctr
 
|      aes128-gcm@openssh.com
 
|      aes256-gcm@openssh.com
 
|  mac_algorithms: (10)
 
|      umac-64-etm@openssh.com
 
|      umac-128-etm@openssh.com
 
|      hmac-sha2-256-etm@openssh.com
 
|      hmac-sha2-512-etm@openssh.com
 
|      hmac-sha1-etm@openssh.com
 
|      umac-64@openssh.com
 
|      umac-128@openssh.com
 
|      hmac-sha2-256
 
|      hmac-sha2-512
 
|      hmac-sha1
 
|  compression_algorithms: (2)
 
|      none
 
|_      zlib@openssh.com
 
25/tcp  open  smtp
 
53/tcp  open  domain
 
80/tcp  open  http
 
143/tcp open  imap
 
993/tcp open  imaps
 
 
 
Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds
 
</pre>
 
 
 
 
=ssh Bruteforce=
 
=ssh Bruteforce=
*nmap  --script ssh-brute 192.168.34.1
+
nmap  --script ssh-brute 192.168.34.1
<pre>
 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-26 14:13 CET
 
NSE: [ssh-brute] Trying username/password pair: root:root
 
NSE: [ssh-brute] Trying username/password pair: admin:admin
 
NSE: [ssh-brute] Trying username/password pair: administrator:administrator
 
NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
 
NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
 
NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
 
...
 
</pre>
 
 
 
 
=smtp misc=
 
=smtp misc=
*[[nmap-scripts-smtp]]
+
[[nmap-scripts-smtp]]
 
=proxy misc=
 
=proxy misc=
*[[nmap-scripts-proxy]]
+
[[nmap-scripts-proxy]]
  
 
=http misc=
 
=http misc=

Version vom 15. Mai 2025, 16:13 Uhr

Locate the scripts

locate nse | grep scripts

Finding Vulnerability Scanning Scripts

locate *vuln*.nse

oder besser 

cd /usr/share/nmap/scripts
ls

help

ssh-hostkey
nmap --script-help=ssh-hostkey
nfs-showmount

nmap --script-help=nfs-showmount.nse

ssh misc

Fingerprint der Hostkeys

nmap  --script ssh-hostkey 192.168.34.1

Welche Authentifizierungsmethoden werden unterstützt

nmap  --script ssh-auth-methods 192.168.34.1

Welche Cipher-Suits werden unterstützt

nmap  --script ssh2-enum-algos 192.168.34.1

ssh Bruteforce

nmap  --script ssh-brute 192.168.34.1

ssl misc

Fingerprint der Hostkeys

nmap  --script ssh-hostkey 192.168.34.1

Welche Authentifizierungsmethoden werden unterstützt

nmap  --script ssh-auth-methods 192.168.34.1

Welche Cipher-Suits werden unterstützt

nmap  --script ssh2-enum-algos 192.168.34.1

ssh Bruteforce

nmap  --script ssh-brute 192.168.34.1

smtp misc

nmap-scripts-smtp

proxy misc

nmap-scripts-proxy

http misc

wordpress-version misc


Alle Schwachstellen

  • nmap -sV --script vulners 10.0.10.104


NFS Check

  • nmap -sV --script=nfs-showmount.nse 10.82.10.40

SMB Check

  • nmap -p 445 --script smb-os-discovery 10.82.10.40

Traceroute Geolocation

  • nmap --traceroute --script traceroute-geolocation.nse -p 80 www.facebook.com

FTP Bannergrabbing

  • nmap -sV -p 21 --script=banner 10.3.4.12

Update the Script Database

  • nmap --script-updatedb

links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Nmap_scripts_eine_Seite&oldid=62996