今天,我将简单的博客文章写到我的4个nmap NSE脚本中进行渗透测试。
DNS-brute.nse
第一.子域搜索脚本dns-brute.nse
这个nse 脚本找到了带有bruteforce的子域。
案例: nmap -p 80 –script dns-brute.nse baidu.com
http-enum和http-title
http *系列中的这些脚本非常有助于识别http服务和横幅
- nmap –script http-enum 127.0.0.1
Vulscan&vulners
第三,这些脚本(vuldb,vulners)可以识别已知的漏洞。通过查询漏洞数据库网站,此NSE Scripts漏洞信息。
目前有以下预先安装的数据库:
- scipvuldb.csv – https://vuldb.com
- cve.csv – https://cve.mitre.org
- securityfocus.csv – https://www.securityfocus.com/bid/
- xforce.csv – https://exchange.xforce.ibmcloud.com/
- expliotdb.csv – https://www.exploit-db.com
- openvas.csv – http://www.openvas.org
- securitytracker.csv – https://www.securitytracker.com(报废)
- osvdb.csv – http://www.osvdb.org(报废)
- vulnes.com – https://vulners.com
nmap -sV –script=vulscan/vulscan.nse baidu.com
如何安装 – vulscan
git clone https://github.com/scipag/vulscan
# for MacOS
$ ln -s `pwd`/vulscan /usr/local/share/nmap/scripts/vulscan
# for Linux
$ ln -s `pwd`/vulscan /usr/share/nmap/scripts/vulscan
如何安装 – Vulners
$ wget https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse
# for MacOS
$ cp vulners.nse /usr/local/share/nmap/scripts/
# for Linux
$ cp vulners.nse /usr/share/nmap/scripts/
最后抓取NSE脚本
nmap 127.0.0.1 –script=banner-plus
如何安装 banner ?
$ wget https://raw.githubusercontent.com/hdm/scan-tools/master/nse/banner-plus.nse
# for MacOS
$ cp banner-plus.nse /usr/local/share/nmap/scripts/
# for Linux
$ cp banner-plus.nse /usr/share/nmap/scripts/