nmap高级命令

信息检索

(1)目录枚举

nmap -p 80,443 --script http-enum 45.77.171.109

(2)搜索授权页

nmap -p 80,443 --script http-auth-finder 45.77.171.109

(3)wordpress插件扫描

nmap -p 80,443 --script http-wordpress-enum --script-args http-wordpress-enum.search-limit=all 45.77.171.109

(4)检测ftp服务详细信息

nmap -p 21 --script ftp-syst 172.17.122.88

(5)检测mysql服务详细信息

nmap -p 3306 -d -sV -sC 172.17.122.88

(6)检测域名子域名

nmap --script dns-brute hupu.com

(7)检测ftp是否允许匿名登录

nmap --script ftp-anon 172.17.122.88

权限爆破

(1)login forum自带字典爆破

nmap -p 80,443 --script=http-form-brute --script-args=http-form-brute.path=/wp-login.php we-notes.com

(2)自带字典ssh爆破

nmap -p 22 -d --script ssh-brute 172.17.122.88

(3)mysql预认证枚举漏洞

nmap -p 3306 -d --script mysql-enum 172.17.122.88

(4)自带字典爆破mysql

nmap -p 3306 -d --script mysql-brute 172.17.122.88

(5)自带字典爆破ftp

nmap -p 21 -d --script ftp-brute 172.17.122.88

并行扫描

(1)自带基础NSE扫描

nmap -v --script vuln 192.168.0.184

(2)nmap-vulners漏洞扫描

通用:nmap --script nmap-vulners/ -sV 172.17.122.88

指定漏洞表:nmap --script nmap-vulners/ --script-args vulscandb=securityfocus.csv -p 22 -sV 172.17.122.88

(3)vulscan漏洞扫描

通用:nmap --script vulscan/ -sV 172.17.122.88

指定漏洞表:nmap --script vulscan/ --script-args vulscandb=securityfocus.csv -p 22 -sV 172.17.122.88

vulscan漏洞库更新

cd vulscan/utilities/updater/

./updateFiles.sh