nmap | 易学教程

remote OS detection in python

阅读更多关于 remote OS detection in python

问题 I want to implement an OS detection using python (like nmap), I find python-nmap-0.3.4.tar.gz library, but it didn't provide Operating system in response! How can I change it to achieve my goal. EDIT: in the site sample: >>> import nmap >>> nm = nmap.PortScanner() >>> nm.scan('127.0.0.1', '22-443') >>> print(nm.csv()) host;protocol;port;name;state;product;extrainfo;reason;version;conf 127.0.0.1;tcp;22;ssh;open;OpenSSH;protocol 2.0;syn-ack;5.9p1 Debian 5ubuntu1;10 127.0.0.1;tcp;25;smtp;open

Python Nmap Path Error

阅读更多关于 Python Nmap Path Error

问题 Python imports NMap fine but when I do a basic variable assignment it returns an error: Traceback (most recent call last): File "<pyshell#1>", line 1, in <module> nm = nmap.PortScanner() File "C:\Python32\lib\site-packages\nmap\nmap.py", line 144, in __init__ raise PortScannerError('nmap program was not found in path. PATH is : {0}'.format(os.getenv('PATH'))) nmap.nmap.PortScannerError: 'nmap program was not found in path. PATH is : C:\\Program Files (x86)\\NVIDIA Corporation\\PhysX\\Common;C

How to find IP address range

阅读更多关于 How to find IP address range

问题 When I use this command which IP addresed are scanned # nmap -sP 192.168.0.120/25 CAn you please help me how to get the IP range when I have the addres and subnet. Because I am trying to understand this, but no result till now..Thanks in advance 回答1: The network in your command is in CIDR notation. The first part (before the / ) defines which network, and the second part defines how many bits of netmask are set. An IPv4 address is 4 bytes, or 32 bits of information. /25 means that 25 bits of

net -snmp 的监控策略

阅读更多关于 net -snmp 的监控策略

yum install net-snmp net-snmp-utils -y vim /etc/snmp/snmpd.conf 最后添加：rocommunity nmap 192.168.1.0/24 里的“rocommunity”表示这是一个只读的访问权限 nmap 是团体名，相当于密码，很多平台喜欢使用“public”这个默认字符串。 192.168.1.0/24 代表指定的监控点IP,也就是只能使用这个获取。 [root@localhost ~]# /etc/rc.d/init.d/snmpd restart 可以使用OID获取服务器一些当前性能指标 1 2 3 4 5 6 7 8 9 [root@linux-node1 ~]# snmpget -v2c -c nmap 192.168.58.11 1.3.6.1.4.1.2021.10.1.3.1 UCD-SNMP-MIB::laLoad.1 = STRING: 0.00 [root@linux-node1 ~]# snmpget -v2c -c nmap 192.168.58.11 1.3.6.1.4.1.2021.10.1.3.2 UCD-SNMP-MIB::laLoad.2 = STRING: 0.01 [root@linux-node1 ~]# snmpget -v2c -c nmap 192.168.58.11 1

probabely “loop” and “output” doesn't work properly in my bash script

阅读更多关于 probabely “loop” and “output” doesn't work properly in my bash script

问题 I wrote the following script: #!/bin/bash echo "Reading data - headers - both" if [ $# -ne 3 ]; then echo "Usage: ./nmap <port-range> <ip-list> <d || h || b>" exit 1 fi rm -f /tmp/right.txt 1>/dev/null 2>/dev/null rm -f /tmp/wrong.txt 1>/dev/null 2>/dev/null output="" if [ $3 == h ]; then while read -r -u3 port; do while read -r -u4 ip; do # echo -en "\n$ip $port: " OUT=$( nmap -p "$port" --script=http-headers.nse "$ip" | awk 'NR>=7 && NR<=10') # [[ $OUT == *Apache* ]] && $(echo -en "$ip

nmap命令总结

阅读更多关于 nmap命令总结

nmap命令总结 https://www.cnblogs.com/chenqionghe/p/10657722.html 一、nmap是什么 nmap是一款网络扫描和主机检测的非常有用的工具，不局限于仅仅收集信息和枚举，同时可以用来作为一个漏洞探测器或安全扫描器。它可以适用于winodws,linux,mac等操作系统。Nmap是一款非常强大的实用工具,可用于：作用： - 检测活在网络上的主机（主机发现） - 检测主机上开放的端口（端口发现或枚举） - 检测到相应的端口（服务发现）的软件和版本 - 检测操作系统，硬件地址，以及软件版本 - 检测脆弱性的漏洞（nmap的脚本）二、使用说明 namp [扫描类型] [扫描参数] [hosts 地址与范围] 选项与参数： *** [扫描类型]*** ：主要的扫描类型有下面几种： -sT : 扫描TCP数据包已建立的连接connect() -sS : 扫描TCP数据包带有SYN卷标的数据 -sP : 以ping的方式进行扫描 -sU : 以UDP的数据包格式进行扫描 -sO : 以IP的协议(protocol)进行主机的扫描 [扫描参数]: 主要的扫描参数有几种： -PT : 使用TCP里头的ping的方式来进行扫描，可以获知目前有几台计算机存在(较常用) -PI : 使用实际的ping(带有ICMP数据包的)来进行扫描 -p :

Output IP only from an nmap scan on open port

阅读更多关于 Output IP only from an nmap scan on open port

问题 I'm wanting to find computers with ssh open on my subnet but it shows all host that are up in the results and not just the ones that have open ports this is my command nmap -PN -p 22 --open -oG - 192.168.*.* | awk '{print $2}' > sshopen.txt Thanks 回答1: You can select with awk to print only in certain cases and not all. For example, the following matches the last field, if it contains ssh (but you could test also for 22) then it prints the IP. nmap -PN -p 22 --open -oG - 192.168.*.* | awk '$NF

渗透测试工具实战技巧合集

阅读更多关于渗透测试工具实战技巧合集

最好的 NMAP 扫描策略 # 适用所有大小网络最好的 nmap 扫描策略 # 主机发现，生成存活主机列表 $ nmap -sn -T4 -oG Discovery.gnmap 192.168.56.0/24 $ grep "Status: Up" Discovery.gnmap | cut -f 2 -d ' ' > LiveHosts.txt # 端口发现，发现大部分常用端口 # http://nmap.org/presentations/BHDC08/bhdc08-slides-fyodor.pdf $ nmap -sS -T4 -Pn -oG TopTCP -iL LiveHosts.txt $ nmap -sU -T4 -Pn -oN TopUDP -iL LiveHosts.txt $ nmap -sS -T4 -Pn --top-ports 3674 -oG 3674 -iL LiveHosts.txt # 端口发现，发现全部端口，但 UDP 端口的扫描会非常慢 $ nmap -sS -T4 -Pn -p 0-65535 -oN FullTCP -iL LiveHosts.txt $ nmap -sU -T4 -Pn -p 0-65535 -oN FullUDP -iL LiveHosts.txt # 显示 TCP\UDP 端口 $ grep "open"

Nmap http-joomla-brute script example?

阅读更多关于 Nmap http-joomla-brute script example?

问题 This is a relatively obscure topic, but any help is nevertheless appreciated. I am trying to run a brute force test on my website's Joomla login. I was trying to use nmap's http-joomla-brute, but for some reason it does not output neither the process nor does it actually do the brute force with the password list I gave it. Here is my script: nmap -sV --script http-joomla-brute --script-args 'passdb=/Users/abc/Documents/passwords.txt,http-joomla-brute.threads=5,brute.firstonly=true' my.website

C++ xml parser for nmap output

阅读更多关于 C++ xml parser for nmap output

问题 I'm new to nmap. I saw in nmap tutorial (https://nmap.org/book/man-output.html) that -oX option can be used to get nmap output in xml format. I want to know if any xml parser written in c++ is available to parse nmap xml output file. 来源： https://stackoverflow.com/questions/43061536/c-xml-parser-for-nmap-output