Skip to content

扫描系列之: 端口扫描(三) #8

New issue
New issue
Open
Open
扫描系列之: 端口扫描(三)#8
Labels
扫描
@timest

Description

@timest
timest
opened on May 18, 2017

UDP端口扫描

Scapy

sr1(IP(dst='121.41.28.194')/UDP(dport=123))

Nmap

nmap -sU 123.56.123.115 ,或者可以用-p指定端口
nmap -sU 123.56.123.115 -p123

Metasploit

模块地址:auxiliary/scanner/discovery/udp_sweep

TCP 端口扫描

Scapy

ans = sr1(IP(dst='123.56.123.115')/TCP(dport=80))

Nmap

sudo nmap -sS 123.56.123.115 -p80,443

~ $ sudo nmap -sS 123.56.123.115 -p0-65535

Starting Nmap 6.40 ( http://nmap.org ) at 2016-04-22 15:11 CST
Nmap scan report for 123.56.123.115
Host is up (0.036s latency).
Not shown: 65527 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
25/tcp   open     smtp
80/tcp   open     http
465/tcp  open     smtps
587/tcp  open     submission
1379/tcp open     dbreporter
3306/tcp open     mysql
4444/tcp filtered krb524
5554/tcp filtered sgi-esphttp

Nmap done: 1 IP address (1 host up) scanned in 88.76 seconds
~ $

Metasploit

msf > use auxiliary/scanner/portscan/syn
msf auxiliary(syn) > show options

Module options (auxiliary/scanner/portscan/syn):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to scan per set
   INTERFACE                   no        The name of the interface
   PORTS      1-10000          yes       Ports to scan (e.g. 22-25,80,110-900)
   RHOSTS                      yes       The target address range or CIDR identifier
   SNAPLEN    65535            yes       The number of bytes to capture
   THREADS    1                yes       The number of concurrent threads
   TIMEOUT    500              yes       The reply read timeout in milliseconds

msf auxiliary(syn) > set threads 20
threads => 20
msf auxiliary(syn) > set ports 1-6666
ports => 1-6666
msf auxiliary(syn) > set rhosts 123.56.123.115
rhosts => 123.56.123.115
msf auxiliary(syn) > run
[*]  TCP OPEN 123.56.123.115:22
[*]  TCP OPEN 123.56.123.115:25
[*]  TCP OPEN 123.56.123.115:80
[*]  TCP OPEN 123.56.123.115:465
[*]  TCP OPEN 123.56.123.115:1379
.....

虽然也是TCP扫描,但效率不及 nmap

hping3

hping3 --scan 80 -S 121.41.28.194,其中参数-S --syn set SYN flag,经测试,结果不太准确。

TCP链接 扫描

TCP的 链接扫描比TCP的SYN扫描要简单,因为它不需要root权限,就可以发起请求。一次完整的3次握手后,客户端就能与服务器建立起TCP的链接,此扫描,就是扫描能建立链接的TCP端口。

Nmap

nmap -sT 123.56.123.115 -p 80,参数介绍:-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans

Metasploit

模块位置:use auxiliary/scanner/portscan/tcp

Metadata

Metadata

Assignees

No one assigned

    Labels

    扫描

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions