Kali Linux利用Nmap实现Web高级扫描命令:
2019-03-15 本文已影响0人
我准备注销了请取关
root@kali:~# ping url
root@kali:~# nmap -T4 -v -A ip
root@kali:~# nmap -sV ip
检测Waf:
root@kali:~# nmap -p 80 --script http-waf-detect.nse url
发送32位字节绕过:
root@kali:~# nmap --mtu 32 ip
随机数据包绕过
root@kali:~# nmap --data-length ip
诱骗扫描绕过:
root@kali:~# nmap –D RND:10 ip
高级欺骗绕过:
root@kali:~# nmap –D decoy1,decoy2,decoy3 ip
连续扫描绕过:
root@kali:~# nmap --randomize-hosts ip
MAC欺骗绕过:
root@kali:~# nmap -sT -PN –spoof-mac aa:bb:cc:dd:ee:ff ip
IP隐蔽扫描:
root@kali:~# nmap -D decoy1,decoy2,decoy3 ip
端口扫描:
root@kali:~# nmap --source-port 135 ip
Sun RPC远程过程调用扫描:
root@kali:~# rpcinfo
root@kali:~# rpcinfo --p dns
查看网页源码:
root@kali:~# curl url
SSL协议扫描:
root@kali:~#nmap -Pn -sSV -T4 –F url
Http请求扫描:
root@kali:~# nmap -p80,443 --script http-methods --script-args http-methods.urlpath=/root/Desktpp/ url
HTTP代理检测扫描:
root@kali:~# nmap --script http-open-proxy -p8080 url
HTTP User Agent过滤认证扫描:
root@kali:~# nmap -p80,443 --script http-methods --script-args http-methods.url path=/root/Desktop/ url
Http URL验证扫描:
root@kali:~# nmap --script http-open-proxy --script-args http-open-proxy.url=http://whatsmyip.org,http-open-.pattern=”Your IP address is” -p8080 url
Http目录扫描:
root@kali:~# nmap --script http-enum -p80 url
查看Web站点目录:
root@kali:~# locate /nselib/data/http-fingerprints.xxx
root@kali:~# cd /usr/local/share/nmap/nslib/data
root@kali:~# ls -a
root@kali:~# nmap script http-enum http-enum.displayall -p80 url
指定不同User Agent绕过:
root@kali:~# nmap -p80 --script http-enum --script-args http.useragent=”Mozilla 5″ url
指定HTTP管道数目加快扫描:
root@kali:~# nmap -p80 --script http-enum --script-args http.pipeline=25 url
指定http-brute脚本暴力破解HTTP身份:
root@kali:~# nmap -p80 --script http-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt <target>
指定http-brute userdb用户爆破模式:
root@kali:~# nmap --script http-brute --script-args brute.mode=user <target>
指定http-brute-passdb密码爆破模式:
root@kali:~# nmap --script http-brute --script-args brute.mode=pass <target>
指定brute.credfile证书验证模式:
root@kali:~# nmap --script http-brute --script-args brute.mode=creds,brute.credfile=./creds.txt <target>
清除HTTP登录默认凭证:
root@kali:~# nmap -p80 --script http-default-accounts <target>
Apache-UserDir用户目录扫描:
root@kali:~# nmap -p80 –script http-userdir-enum url
WordPress弱口令审计:
root@kali:~# nmap -p80 --script http-wordpress-brute url
使用http-wordpress-brute.threads线程扫描:
root@kali:~# nmap -p80 --script http-wordpress-brute --script-args http-wordpressbrute.threads=5 url
WordPress虚拟机平台探测:
root@kali:~# nmap -p80 --script http-wordpress-brute --script-args http-wordpressbrute.hostname=”ahostname.wordpress.com” url
设置不同http-wordpress-brute.uri登录:
root@kali:~# nmap -p80 --script http-wordpress-brute --script-args http-wordpressbrute.uri=”/hidden-wp-login.php” url
使用http-wordpress-brute.uservar/http-wordpress-brute.passvar改变用户存储密码:
root@kali:~# nmap -p80 --script http-wordpress-brute --script-args http-wordpressbrute.uservar=usuario,http-wordpress-brute.passvar=pasguord url
Joomla CMS审计扫描:
root@kali:~# nmap -p80 --script http-joomla-brute url
Web应用防火墙检测扫描:
root@kali:~# nmap -p80 --script http-waf-detect url
通过响应内容变化检测防火墙:
root@kali:~# nmap -p80 --script http-waf-detect --script-args=”http-waf-detect.detectBodyChanges” url
root@kali:~# nmap -p80 --script http-waf-detect --script-args=”http-waf-detect.aggro” url
CSRF跨站脚本漏洞跟踪:
检测HttpOnly是否启用TRACE获取Cookies:
root@kali:~# nmap -p80 --script http-methods,http-trace --script-args http-methods.retest url
CSRF跨站脚本漏洞检测:
允许攻击者执行任意JavaScript代码:
root@kali:~# nmap -p80 --script http-unsafe-output-escaping url
SQL注入漏洞检测:
root@kali:~# nmap -p80 --script http-sql-injection url
设置httpspider.maxpagecount加快扫描速度:
root@kali:~# nmap -p80 --script http-sql-injection --script-args httpspider.maxpagecount=200 url
禁用httpspider.withinhost主机站点爬行设置:
root@kali:~# nmap -p80 --script http-sql-injection --script-args httpspider.withinhost=false url
设置User Agent代理/HTTP管道扫描数目:
root@kali:~# nmap -p80 --script http-sql-injection --script-args http.useragent=”Mozilla 42″ url
