红日攻防实验室

红日攻防实验室



nmap渗透测试脚本总结

post-bg-unix-linux.jpg


- 安全文章
- 安全开发
- 安全动态
- 安全工具

Nmap script Help

类别
脚本名称(点击查看脚本使用方法)

Nmap提供的命令行参数如下:

  • -sC: 等价于--script=default,使用默认类别的脚本进行扫描 可更换其他类别
  • --script=<Lua scripts>:<Lua scripts> 使用某个或某类脚本进行扫描,支持通配符描述
  • --script-args=<n1=v1,[n2=v2,...]>: 为脚本提供默认参数
  • --script-args-file=filename: 使用文件来为脚本提供参数
  • --script-trace: 显示脚本执行过程中发送与接收的数据
  • --script-updatedb: 更新脚本数据库
  • --script-help=<scripts>: 显示脚本的帮助信息,其中<scripts>部分可以逗号分隔的文件或脚本类别

脚本类别

Nmap的脚本类别主要分为以下几类:auth、broadcast、brute、default、discovery、dos、exploit、external、fuzzer、intrusive、malware、safe、version、vuln。下面来做详细说明。 

auth

负责处理鉴权证书(绕开鉴权)的脚本

auth
ajp-authcreds-summarydomcon-cmddomino-enum-usersftp-anon
http-authhttp-barracuda-dir-traversalhttp-config-backuphttp-default-accountshttp-domino-enum-passwords
http-method-tamperhttp-userdir-enumhttp-vuln-cve2010-0738http-wordpress-enuminformix-query
informix-tableskrb5-enum-usersms-sql-dump-hashesms-sql-empty-passwordms-sql-hasdbaccess
mysql-dump-hashesmysql-empty-passwordmysql-querymysql-usersncp-enum-users
netbus-auth-bypassoracle-enum-usersrealvnc-auth-bypasssip-enum-userssmb-enum-users
smtp-enum-userssnmp-win32-usersx11-access

broadcast

在局域网内探查更多服务开启状况,如dhcp、dns、sqlserver等服务

broadcast
broadcast-ataoe-discoverbroadcast-avahi-dosbroadcast-bjnp-discoverbroadcast-db2-discoverbroadcast-dhcp-discover
broadcast-dhcp6-discoverbroadcast-dns-service-discoverybroadcast-dropbox-listenerbroadcast-eigrp-discoverybroadcast-igmp-discovery
broadcast-listenerbroadcast-ms-sql-discoverbroadcast-netbios-master-browserbroadcast-networker-discoverbroadcast-novell-locate
broadcast-pc-anywherebroadcast-pc-duobroadcast-pim-discoverybroadcast-pingbroadcast-pppoe-discover
broadcast-rip-discoverbroadcast-ripng-discoverbroadcast-sybase-asa-discoverbroadcast-tellstick-discoverbroadcast-upnp-info
broadcast-versant-locatebroadcast-wake-on-lanbroadcast-wpad-discoverbroadcast-wsdd-discoverbroadcast-xdmcp-discover
eap-infollmnr-resolvelltd-discoverymrinfomtrace
targets-ipv6-multicast-echotargets-ipv6-multicast-invalid-dsttargets-ipv6-multicast-mldtargets-ipv6-multicast-slaactargets-sniffer

brute

提供暴力破解方式,针对常见的应用如http、snmp等

brute
afp-bruteajp-brutebackorifice-brutecassandra-brutecitrix-brute-xml
cvs-brutecvs-brute-repositorydomcon-brutedpap-brutedrda-brute
ftp-brutehttp-brutehttp-form-brutehttp-joomla-brutehttp-proxy-brute
http-wordpress-bruteiax2-bruteimap-bruteinformix-bruteirc-brute
irc-sasl-bruteiscsi-bruteldap-brutemembase-brutemetasploit-msgrpc-brute
metasploit-xmlrpc-brutemmouse-brutemongodb-brutems-sql-brutemysql-brute
mysql-enumnessus-brutenessus-xmlrpc-brutenetbus-brutenexpose-brute
nping-bruteomp2-bruteopenvas-otp-bruteoracle-bruteoracle-brute-stealth
oracle-sid-brutepcanywhere-brutepgsql-brutepop3-bruteredis-brute
rexec-bruterlogin-bruterpcap-brutersync-brutertsp-url-brute
sip-brutesmb-brutesmtp-brutesnmp-brutesocks-brute
svn-brutetelnet-brutevmauthd-brutevnc-brutexmpp-brute

default

使用-sC或-A选项扫描时候默认的脚本,提供基本脚本扫描能力

default
address-infoafp-serverinfoajp-authajp-methodsamqp-info
auth-ownersbackorifice-infobitcoinrpc-infocassandra-infocreds-summary
db2-discoverdns-nsiddns-recursiondns-service-discoveryepmd-info
fingerflume-master-infoftp-anonftp-bounceganglia-info
giop-infogopher-lshadoop-datanode-infohadoop-jobtracker-infohadoop-namenode-info
hadoop-secondary-namenode-infohadoop-tasktracker-infohbase-master-infohbase-region-infohddtemp-info
http-authhttp-corshttp-faviconhttp-generatorhttp-git
http-methodshttp-open-proxyhttp-robots.txthttp-titleike-version
imap-capabilitiesipv6-node-infoirc-infoiscsi-infojdwp-info
maxdb-infomongodb-databasesmongodb-infoms-sql-infomysql-info
nat-pmp-infonbstatncp-serverinfonetbus-infontp-info
openlookup-infop2p-confickerpop3-capabilitiesquake3-infoquake3-master-getservers
realvnc-auth-bypassrmi-dumpregistryrpcinfortsp-methodsservicetags
sip-methodssmb-os-discoverysmb-security-modesmbv2-enabledsmtp-commands
snmp-hh3c-loginssnmp-interfacessnmp-netstatsnmp-processessnmp-sysdescr
snmp-win32-servicessnmp-win32-sharessnmp-win32-softwaresnmp-win32-userssocks-auth-info
socks-open-proxyssh-hostkeysshv1ssl-certssl-date
ssl-known-keysslv2tls-nextprotonegupnp-infoventrilo-info
vnc-infowdb-versionwsdd-discoverx11-accessxmpp-info

discovery

对网络进行更多的信息,如SMB枚举、SNMP查询

discovery
acarsd-infoafp-lsafp-serverinfoafp-showmountajp-headers
ajp-requestamqp-infoasn-querybackorifice-infobanner
bitcoin-getaddrbitcoin-infobitcoinrpc-infobittorrent-discoverybjnp-discover
broadcast-eigrp-discoverybroadcast-igmp-discoverybroadcast-pim-discoverybroadcast-pingcassandra-info
citrix-enum-appscitrix-enum-apps-xmlcitrix-enum-serverscitrix-enum-servers-xmlcouchdb-databases
couchdb-statscups-infocups-queue-infodaap-get-librarydaytime
db2-das-infodb2-discoverdhcp-discoverdict-infodns-brute
dns-cache-snoopdns-check-zonedns-client-subnet-scandns-ip6-arpa-scandns-nsec-enum
dns-nsec3-enumdns-nsiddns-service-discoverydns-srv-enumdns-update
dns-zeustrackerdns-zone-transferdrda-infoepmd-infoeppc-enum-processes
fingerfirewalkflume-master-infoganglia-infogiop-info
gkrellm-infogopher-lsgpsd-infohadoop-datanode-infohadoop-jobtracker-info
hadoop-namenode-infohadoop-secondary-namenode-infohadoop-tasktracker-infohbase-master-infohbase-region-info
hddtemp-infohostmap-bfkhostmap-robtexhttp-affiliate-idhttp-apache-negotiation
http-auth-finderhttp-backup-finderhttp-cakephp-versionhttp-chronohttp-cors
http-datehttp-default-accountshttp-drupal-enum-usershttp-drupal-moduleshttp-email-harvest
http-enumhttp-faviconhttp-generatorhttp-gitweb-projects-enumhttp-google-malware
http-grephttp-headershttp-icloud-findmyiphonehttp-icloud-sendmsghttp-open-proxy
http-open-redirecthttp-php-versionhttp-puthttp-qnap-nas-infohttp-robots.txt
http-robtex-reverse-iphttp-robtex-shared-nshttp-sitemap-generatorhttp-titlehttp-trace
http-traceroutehttp-unsafe-output-escapinghttp-vhostshttp-vlcstreamer-lshttp-waf-detect
http-waf-fingerprinthttp-wordpress-pluginsicap-infoike-versionip-forwarding
ip-geolocation-geobytesip-geolocation-geopluginip-geolocation-ipinfodbip-geolocation-maxmindipidseq
ipv6-node-infoirc-botnet-channelsirc-infoiscsi-infoisns-info
jdwp-infoldap-novell-getpassldap-rootdseldap-searchlexmark-config
llmnr-resolvelltd-discoverymembase-http-infomemcached-infomodbus-discover
mongodb-databasesmongodb-infomrinfoms-sql-configms-sql-dac
ms-sql-dump-hashesms-sql-hasdbaccessms-sql-infoms-sql-queryms-sql-tables
msrpc-enummtracemysql-auditmysql-databasesmysql-dump-hashes
mysql-infomysql-querymysql-variablesmysql-vuln-cve2012-2122nat-pmp-info
nat-pmp-mapportnbstatncp-serverinfondmp-fs-infonetbus-info
nfs-lsnfs-showmountnfs-statfsnrpe-enumntp-info
ntp-monlistomp2-enum-targetsopenlookup-infopath-mtupop3-capabilities
qscanquake3-infoquake3-master-getserversrdp-enum-encryptionredis-info
resolveallriak-http-informi-dumpregistryrpcap-inforpcinfo
rsync-list-modulesservicetagssip-call-spoofsip-methodssmb-enum-domains
smb-enum-groupssmb-enum-processessmb-enum-sessionssmb-enum-sharessmb-ls
smb-mbenumsmb-os-discoverysmb-security-modesmb-server-statssmb-system-info
smtp-commandssmtp-open-relaysniffer-detectsnmp-hh3c-loginssnmp-interfaces
snmp-netstatsnmp-processessnmp-sysdescrsnmp-win32-servicessnmp-win32-shares
snmp-win32-softwaresocks-auth-infosocks-open-proxyssh-hostkeyssh2-enum-algos
ssl-certssl-datessl-enum-ciphersssl-google-cert-catalogssl-known-key
stun-infostuxnet-detecttargets-asntargets-ipv6-multicast-echotargets-ipv6-multicast-invalid-dst
targets-ipv6-multicast-mldtargets-ipv6-multicast-slaactargets-sniffertargets-traceroutetelnet-encryption
tftp-enumtls-nextprotonegtraceroute-geolocationupnp-infoventrilo-info
versant-infovnc-infovoldemort-infovuze-dht-infowdb-version
whoiswsdd-discoverxdmcp-discoverxmpp-info

dos

用于进行拒绝服务攻击(denial of service)

dos
broadcast-avahi-doshttp-slowlorisipv6-ra-floodsmb-check-vulnssmb-flood
smb-vuln-ms10-054

exploit

利用已知的漏洞入侵系统

expolit
afp-path-vulndistcc-cve2004-2687ftp-proftpd-backdoorftp-vsftpd-backdoorhttp-awstatstotals-exec
http-axis2-dir-traversalhttp-barracuda-dir-traversalhttp-huawei-hg5xx-vulnhttp-litespeed-sourcecode-downloadhttp-majordomo2-dir-traversal
http-tplink-dir-traversalhttp-vuln-cve2009-3960http-vuln-cve2012-1823irc-unrealircd-backdoorjdwp-exec
jdwp-injectsmb-check-vulnssmtp-vuln-cve2010-4344

external

利用第三方的数据库或资源,例如进行whois解析

external
asn-querydns-blacklistdns-check-zonedns-random-srcportdns-random-txid
dns-zeustrackerhostmap-bfkhostmap-robtexhttp-google-malwarehttp-icloud-findmyiphone
http-icloud-sendmsghttp-open-proxyhttp-proxy-brutehttp-robtex-reverse-iphttp-robtex-shared-ns
http-virustotalip-geolocation-geobytesip-geolocation-geopluginip-geolocation-ipinfodbip-geolocation-maxmind
smtp-enum-userssmtp-open-relaysocks-open-proxyssl-google-cert-catalogtargets-asn
traceroute-geolocationwhois

fuzzer

模糊测试的脚本,发送异常的包到目标机,探测出潜在漏洞

fuzzer
dns-fuzzhttp-form-fuzzerhttp-phpself-xss

intrusive

入侵性的脚本,此类脚本可能引发对方的IDS|IPS的记录或屏蔽

intrusive
afp-bruteafp-path-vulnajp-brutebackorifice-brutebroadcast-avahi-dos
cassandra-brutecitrix-brute-xmlcvs-brutecvs-brute-repositorydistcc-cve2004-2687
dns-brutedns-cache-snoopdns-fuzzdns-ip6-arpa-scandns-nsec-enum
dns-nsec3-enumdns-random-srcportdns-random-txiddns-zone-transferdomcon-brute
domcon-cmddomino-enum-usersdpap-brutedrda-brutefirewall-bypass
ftp-bruteftp-libopieftp-proftpd-backdoorftp-vsftpd-backdoorftp-vuln-cve2010-4221
hostmap-bfkhttp-awstatstotals-exechttp-axis2-dir-traversalhttp-barracuda-dir-traversalhttp-brute
http-chronohttp-config-backuphttp-domino-enum-passwordshttp-drupal-enum-usershttp-drupal-modules
http-enumhttp-exif-spiderhttp-form-brutehttp-form-fuzzerhttp-iis-webdav-vuln
http-joomla-brutehttp-litespeed-sourcecode-downloadhttp-majordomo2-dir-traversalhttp-open-redirecthttp-passwd
http-phpself-xsshttp-proxy-brutehttp-puthttp-rfi-spiderhttp-sitemap-generator
http-slowlorishttp-sql-injectionhttp-unsafe-output-escapinghttp-userdir-enumhttp-vhosts
http-vuln-cve2009-3960http-vuln-cve2010-2861http-vuln-cve2011-3368http-vuln-cve2012-1823http-waf-detect
http-waf-fingerprinthttp-wordpress-brutehttp-wordpress-enumhttp-wordpress-pluginsiax2-brute
imap-bruteinformix-bruteinformix-queryinformix-tablesipv6-ra-flood
irc-bruteirc-sasl-bruteirc-unrealircd-backdooriscsi-brutejdwp-exec
jdwp-injectkrb5-enum-usersldap-brutemembase-brutemetasploit-info
metasploit-msgrpc-brutemetasploit-xmlrpc-brutemmouse-brutemmouse-execmodbus-discover
mongodb-brutems-sql-brutems-sql-empty-passwordms-sql-xp-cmdshellmysql-brute
mysql-databasesmysql-empty-passwordmysql-enummysql-usersmysql-variables
mysql-vuln-cve2012-2122nessus-brutenessus-xmlrpc-brutenetbus-brutenexpose-brute
nping-brutenrpe-enumntp-monlistomp2-bruteopenvas-otp-brute
oracle-bruteoracle-brute-stealthoracle-enum-usersoracle-sid-brutepcanywhere-brute
pgsql-brutepjl-ready-messagepop3-bruterdp-vuln-ms12-020redis-brute
rexec-bruterlogin-brutermi-vuln-classloaderrpcap-brutersync-brute
rtsp-url-brutesamba-vuln-cve-2012-1182sip-brutesip-call-spoofsip-enum-users
smb-brutesmb-check-vulnssmb-enum-domainssmb-enum-groupssmb-enum-processes
smb-enum-sessionssmb-enum-sharessmb-enum-userssmb-floodsmb-print-text
smb-psexecsmb-server-statssmb-system-infosmb-vuln-ms10-054smb-vuln-ms10-061
smtp-brutesmtp-enum-userssmtp-open-relaysmtp-vuln-cve2010-4344smtp-vuln-cve2011-1720
smtp-vuln-cve2011-1764sniffer-detectsnmp-brutesnmp-ios-configsocks-brute
ssl-enum-ciphersstuxnet-detectsvn-brutetelnet-brutetftp-enum
vmauthd-brutevnc-brutexmpp-brute

malware

探测目标机是否感染了病毒、开启了后门等信息

malware
afp-bruteafp-path-vulnajp-brutebackorifice-brutebroadcast-avahi-dos
cassandra-brutecitrix-brute-xmlcvs-brutecvs-brute-repositorydistcc-cve2004-2687
dns-brutedns-cache-snoopdns-fuzzdns-ip6-arpa-scandns-nsec-enum
dns-nsec3-enumdns-random-srcportdns-random-txiddns-zone-transferdomcon-brute
domcon-cmddomino-enum-usersdpap-brutedrda-brutefirewall-bypass
ftp-bruteftp-libopieftp-proftpd-backdoorftp-vsftpd-backdoorftp-vuln-cve2010-4221
hostmap-bfkhttp-awstatstotals-exechttp-axis2-dir-traversalhttp-barracuda-dir-traversalhttp-brute
http-chronohttp-config-backuphttp-domino-enum-passwordshttp-drupal-enum-usershttp-drupal-modules
http-enumhttp-exif-spiderhttp-form-brutehttp-form-fuzzerhttp-iis-webdav-vuln
http-joomla-brutehttp-litespeed-sourcecode-downloadhttp-majordomo2-dir-traversalhttp-open-redirecthttp-passwd
http-phpself-xsshttp-proxy-brutehttp-puthttp-rfi-spiderhttp-sitemap-generator
http-slowlorishttp-sql-injectionhttp-unsafe-output-escapinghttp-userdir-enumhttp-vhosts
http-vuln-cve2009-3960http-vuln-cve2010-2861http-vuln-cve2011-3368http-vuln-cve2012-1823http-waf-detect
http-waf-fingerprinthttp-wordpress-brutehttp-wordpress-enumhttp-wordpress-pluginsiax2-brute
imap-bruteinformix-bruteinformix-queryinformix-tablesipv6-ra-flood
irc-bruteirc-sasl-bruteirc-unrealircd-backdooriscsi-brutejdwp-exec
jdwp-injectkrb5-enum-usersldap-brutemembase-brutemetasploit-info
metasploit-msgrpc-brutemetasploit-xmlrpc-brutemmouse-brutemmouse-execmodbus-discover
mongodb-brutems-sql-brutems-sql-empty-passwordms-sql-xp-cmdshellmysql-brute
mysql-databasesmysql-empty-passwordmysql-enummysql-usersmysql-variables
mysql-vuln-cve2012-2122nessus-brutenessus-xmlrpc-brutenetbus-brutenexpose-brute
nping-brutenrpe-enumntp-monlistomp2-bruteopenvas-otp-brute
oracle-bruteoracle-brute-stealthoracle-enum-usersoracle-sid-brutepcanywhere-brute
pgsql-brutepjl-ready-messagepop3-bruterdp-vuln-ms12-020redis-brute
rexec-bruterlogin-brutermi-vuln-classloaderrpcap-brutersync-brute
rtsp-url-brutesamba-vuln-cve-2012-1182sip-brutesip-call-spoofsip-enum-users
smb-brutesmb-check-vulnssmb-enum-domainssmb-enum-groupssmb-enum-processes
smb-enum-sessionssmb-enum-sharessmb-enum-userssmb-floodsmb-print-text
smb-psexecsmb-server-statssmb-system-infosmb-vuln-ms10-054smb-vuln-ms10-061
smtp-brutesmtp-enum-userssmtp-open-relaysmtp-vuln-cve2010-4344smtp-vuln-cve2011-1720
smtp-vuln-cve2011-1764sniffer-detectsnmp-brutesnmp-ios-configsocks-brute
ssl-enum-ciphersstuxnet-detectsvn-brutetelnet-brutetftp-enum
vmauthd-brutevnc-brutexmpp-brute

safe

此类与intrusive相反,属于安全性脚本

safe
acarsd-infoaddress-infoafp-lsafp-serverinfoafp-showmount
ajp-authajp-headersajp-methodsajp-requestamqp-info
asn-queryauth-ownersauth-spoofbackorifice-infobanner
bitcoin-getaddrbitcoin-infobitcoinrpc-infobittorrent-discoverybjnp-discover
broadcast-ataoe-discoverbroadcast-bjnp-discoverbroadcast-db2-discoverbroadcast-dhcp-discoverbroadcast-dhcp6-discover
broadcast-dns-service-discoverybroadcast-dropbox-listenerbroadcast-eigrp-discoverybroadcast-igmp-discoverybroadcast-listener
broadcast-ms-sql-discoverbroadcast-netbios-master-browserbroadcast-networker-discoverbroadcast-novell-locatebroadcast-pc-anywhere
broadcast-pc-duobroadcast-pim-discoverybroadcast-pingbroadcast-pppoe-discoverbroadcast-rip-discover
broadcast-ripng-discoverbroadcast-sybase-asa-discoverbroadcast-tellstick-discoverbroadcast-upnp-infobroadcast-versant-locate
broadcast-wake-on-lanbroadcast-wpad-discoverbroadcast-wsdd-discoverbroadcast-xdmcp-discovercassandra-info
citrix-enum-appscitrix-enum-apps-xmlcitrix-enum-serverscitrix-enum-servers-xmlcouchdb-databases
couchdb-statscreds-summarycups-infocups-queue-infodaap-get-library
daytimedb2-das-infodb2-discoverdhcp-discoverdict-info
dns-blacklistdns-check-zonedns-client-subnet-scandns-recursiondns-service-discovery
dns-srv-enumdns-updatedns-zeustrackerdrda-infoduplicates
eap-infoepmd-infoeppc-enum-processesfingerfirewalk
flume-master-infoftp-anonftp-bounceganglia-infogiop-info
gkrellm-infogopher-lsgpsd-infohadoop-datanode-infohadoop-jobtracker-info
hadoop-namenode-infohadoop-secondary-namenode-infohadoop-tasktracker-infohbase-master-infohbase-region-info
hddtemp-infohostmap-robtexhttp-affiliate-idhttp-apache-negotiationhttp-auth
http-auth-finderhttp-backup-finderhttp-cakephp-versionhttp-corshttp-date
http-default-accountshttp-email-harvesthttp-faviconhttp-frontpage-loginhttp-generator
http-githttp-gitweb-projects-enumhttp-google-malwarehttp-grephttp-headers
http-icloud-findmyiphonehttp-icloud-sendmsghttp-malware-hosthttp-methodshttp-open-proxy
http-php-versionhttp-qnap-nas-infohttp-robots.txthttp-robtex-reverse-iphttp-robtex-shared-ns
http-slowloris-checkhttp-titlehttp-tracehttp-traceroutehttp-virustotal
http-vlcstreamer-lshttp-vmware-path-vulnhttp-vuln-cve2010-0738http-vuln-cve2011-3192icap-info
ike-versionimap-capabilitiesip-forwardingip-geolocation-geobytesip-geolocation-geoplugin
ip-geolocation-ipinfodbip-geolocation-maxmindipidseqipv6-node-infoirc-botnet-channels
irc-infoiscsi-infoisns-infojdwp-infoldap-novell-getpass
ldap-rootdseldap-searchlexmark-configllmnr-resolvelltd-discovery
mcafee-epo-agentmembase-http-infomemcached-infometasploit-infomongodb-databases
mongodb-infomrinfoms-sql-configms-sql-dacms-sql-dump-hashes
ms-sql-hasdbaccessms-sql-infoms-sql-queryms-sql-tablesmsrpc-enum
mtracemysql-auditmysql-dump-hashesmysql-infomysql-query
nat-pmp-infonat-pmp-mapportnbstatncp-enum-usersncp-serverinfo
ndmp-fs-infonetbus-auth-bypassnetbus-infonfs-lsnfs-showmount
nfs-statfsntp-infoomp2-enum-targetsopenlookup-infop2p-conficker
path-mtupop3-capabilitiesqscanquake3-infoquake3-master-getservers
rdp-enum-encryptionrealvnc-auth-bypassredis-inforesolveallreverse-index
riak-http-informi-dumpregistryrpcap-inforpcinforsync-list-modules
rtsp-methodsservicetagssip-methodssmb-lssmb-mbenum
smb-os-discoverysmb-security-modesmbv2-enabledsmtp-commandssmtp-strangeport
snmp-hh3c-loginssnmp-interfacessnmp-netstatsnmp-processessnmp-sysdescr
snmp-win32-servicessnmp-win32-sharessnmp-win32-softwaresnmp-win32-userssocks-auth-info
socks-open-proxyssh-hostkeyssh2-enum-algossshv1ssl-cert
ssl-datessl-google-cert-catalogssl-known-keysslv2stun-info
targets-asntargets-sniffertargets-traceroutetelnet-encryptiontls-nextprotoneg
traceroute-geolocationunusual-portupnp-infourl-snarfventrilo-info
versant-infovnc-infovoldemort-infovuze-dht-infowhois
wsdd-discoverx11-accessxdmcp-discoverxmpp-info

version

负责增强服务与版本扫描(Version Detection)功能的脚本

version
amqp-infocccam-versiondb2-das-infodrda-infoiax2-version
ike-versionjdwp-versionmaxdb-infomcafee-epo-agentmurmur-version
ndmp-versionnetbus-versionopenlookup-infoovs-agent-versionpptp-version
quake3-inforpc-grindskypev2-versionstun-versionventrilo-info
wdb-versionxmpp-info

vuln

负责检查目标机是否有常见的漏洞(Vulnerability),如是否有MS08_067

vuln
afp-path-vulnbroadcast-avahi-dosdistcc-cve2004-2687firewall-bypassftp-libopie
ftp-proftpd-backdoorftp-vsftpd-backdoorftp-vuln-cve2010-4221http-awstatstotals-exechttp-axis2-dir-traversal
http-enumhttp-frontpage-loginhttp-githttp-huawei-hg5xx-vulnhttp-iis-webdav-vuln
http-litespeed-sourcecode-downloadhttp-majordomo2-dir-traversalhttp-method-tamperhttp-passwdhttp-phpself-xss
http-slowloris-checkhttp-sql-injectionhttp-tplink-dir-traversalhttp-tracehttp-vmware-path-vuln
http-vuln-cve2010-0738http-vuln-cve2010-2861http-vuln-cve2011-3192http-vuln-cve2011-3368http-vuln-cve2012-1823
http-wordpress-enumirc-botnet-channelsirc-unrealircd-backdoormysql-vuln-cve2012-2122netbus-auth-bypass
rdp-vuln-ms12-020rmi-vuln-classloadersamba-vuln-cve-2012-1182smb-check-vulnssmb-vuln-ms10-054
smb-vuln-ms10-061smtp-vuln-cve2010-4344smtp-vuln-cve2011-1720smtp-vuln-cve2011-1764ssl-known-key
wdb-version
 标签: none

作者  :  redBu11



关于我

about me

redBu11

联系我