BackTrack 5 tools

最新推荐文章于 2019-11-08 17:27:52 发布
原创 最新推荐文章于 2019-11-08 17:27:52 发布 · 5.4k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

1. fping 可以指定一个ip范围

root@root:~# fping -g 10.9.128.0 10.9.128.255
10.9.128.1 is alive
10.9.128.6 is alive
10.9.128.7 is alive
10.9.128.9 is alive
10.9.128.10 is alive
10.9.128.11 is alive

2. httprint 

root@root:/pentest/enumeration/www/httprint/linux# ./httprint -h 202.108.253.37 -s signatures.txt 
httprint v0.301 (beta) - web server fingerprinting tool
(c) 2003-2005 net-square solutions pvt. ltd. - see readme.txt
http://net-square.com/httprint/
httprint@net-square.com

Finger Printing on http://202.108.253.37:80/
Finger Printing Completed on http://202.108.253.37:80/
--------------------------------------------------
Host: 202.108.253.37
Derived Signature:
nginx
811C9DC5E2CE6926811C9DC5811C9DC5811C9DC594DF1BD04276E4BB811C9DC5
0D7645B5811C9DC5811C9DC5CD37187C11DDC7D78398721E811C9DC5811C9DC5
E2CE6926811C9DC5811C9DC5811C9DC5E2CE6927811C9DC5E2CE6926811C9DC5
811C9DC5E1CE67B1811C9DC5811C9DC5811C9DC56ED3C2956ED3C295E2CE6923
E2CE69236ED3C295811C9DC5E2CE6927E2CE6923

Banner Reported: nginx
Banner Deduced: Microsoft-IIS/6.0
Score: 90
Confidence: 54.22
------------------------
Scores: 
Microsoft-IIS/6.0: 90 54.22
Apache/1.3.27: 75 27.68
Apache/1.3.26: 75 27.68
Apache/1.3.[4-24]: 75 27.68
Apache/1.3.[1-3]: 75 27.68
Apache/2.0.x: 72 23.67
thttpd: 69 20.06
Agranat-EmWeb: 68 18.93
Apache/1.2.6: 65 15.80
Lotus-Domino/6.x: 64 14.83
Netscape-Enterprise/4.1: 62 13.01
TUX/2.0 (Linux): 62 13.01
Microsoft-IIS/4.0: 57  9.08
Microsoft-IIS/5.0: 57  9.08
Microsoft-IIS/5.0 ASP.NET: 57  9.08
Microsoft-IIS/5.1: 57  9.08
Netscape-Enterprise/6.0: 57  9.08
Netscape-Enterprise/3.6 SP2: 54  7.12
cisco-IOS: 54  7.12
Lexmark Optra Printer: 52  5.96
Netscape-Enterprise/3.5.1G: 49  4.44
Com21 Cable Modem: 49  4.44
SMC Wireless Router 7004VWBR: 49  4.44
MikroTik RouterOS: 49  4.44
IDS-Server/3.2.2: 49  4.44
Belkin Wireless router: 49  4.44
WebSitePro/2.3.18: 49  4.44
VisualRoute 2005 Server Edition: 49  4.44
Linksys WRTP54G: 49  4.44
JC-HTTPD/1.14.18: 49  4.44
BaseHTTP/0.3 Python/2p3.3 edna/0.4: 47  3.56
RomPager/4.07 UPnP/1.0: 47  3.56
Zeus/4.1: 46  3.16
HP-ChaiServer/3.0: 44  2.44
Oracle Servlet Engine: 44  2.44
Zeus/4_2: 43  2.11
Zope/2.6.0 ZServer/1.1b1: 41  1.52
Jetty (unverified): 40  1.26
Netscape-Enterprise/3.5.1: 39  1.02
Domino-Go-Webserver/4.6.2.8: 39  1.02
AOLserver/3.5.6: 39  1.02
TightVNC: 39  1.02
dwhttpd (Sun Answerbook): 39  1.02
Intel NetportExpressPro/1.0: 39  1.02
Boa/0.94.11: 39  1.02
RealVNC/4.0: 39  1.02
GWS/2.1 Google Web Server: 39  1.02
Stronghold/2.4.2-Apache/1.3.x: 21  0.64
AOLserver/3.4.2-3.5.1: 21  0.64
Jana Server/1.45: 21  0.64
Xerver_v3: 21  0.64
Lotus-Domino/5.x: 24  0.64
Microsoft-IIS/5.0 Virtual Host: 24  0.64
Adaptec ASM 1.1: 24  0.64
WebLogic XMLX Module 8.1: 24  0.64
SunONE WebServer 6.0: 20  0.63
Netscape-Enterprise/4.1: 20  0.63
MiniServ/0.01 Webmin: 20  0.63
CompaqHTTPServer/4.2: 20  0.63
fnord: 20  0.63
Oracle XML DB/Oracle9i: 25  0.62
Allied Telesyn Ethernet switch: 25  0.62
JRun Web Server: 25  0.62
Linksys AP2: 37  0.59
Linksys with Talisman firmware: 37  0.59
Orion/2.0x: 27  0.55
Jetty/4.2.2: 15  0.49
Netgear MR814v2 - IP_SHARER WEB 1.0: 15  0.49
Tanberg 880 video conf: 15  0.49
WebLogic Server 8.x: 14  0.45
EHTTP/1.1: 14  0.45
WebLogic Server 8.1: 14  0.45
Tomcat Web Server/3.2.3: 14  0.45
Hewlett Packard xjet: 29  0.43
HP Jet-Direct Print Server: 29  0.43
Resin/3.0.8: 29  0.43
AssureLogic/2.0: 13  0.41
Netscape-Enterprise/3.6: 30  0.36
AkamaiGHost: 30  0.36
Cisco-HTTP: 10  0.28
CompaqHTTPServer-SSL/4.2: 10  0.28
3Com/v1.0: 10  0.28
Snap Appliances, Inc./3.x: 10  0.28
Microsoft ISA Server (internal): 10  0.28
Microsoft ISA Server (external): 10  0.28
NetPort Software 1.1: 10  0.28
WebSENSE/1.0: 10  0.28
Cisco Pix 6.2: 10  0.28
MailEnable-HTTP/5.0: 10  0.28
MiniServ/0.01: 10  0.28
Tcl-Webserver/3.4.2: 10  0.28
Stronghold/4.0-Apache/1.3.x: 31  0.27
EMWHTTPD/1.0: 35  0.24
Ipswitch-IMail/8.12: 35  0.24
Surgemail webmail (DManager): 35  0.24
Apache-Tomcat/4.1.29: 32  0.16
Microsoft-IIS/URLScan: 34  0.09
NetWare-Enterprise-Web-Server/5.1: 34  0.09
CompaqHTTPServer/1.0: 34  0.09
Linksys Print Server: 5  0.08
Zeus/4.0: 33  0.04
squid/2.5.STABLE5: 33  0.04
RemotelyAnywhere: 0  0.00
Linksys AP1: 0  0.00
Linksys Router: 0  0.00
ServletExec: 0  0.00
NetBuilderHTTPDv0.1: 0  0.00
Linksys BEFSR41/BEFSR11/BEFSRU31: 0  0.00
Ubicom/1.1: 0  0.00
Ubicom/1.1 802.11b: 0  0.00

--------------------------------------------------

3. dmitry 

root@root:~# dmitry -i 202.108.253.37
Deepmagic Information Gathering Tool
"There be some deep magic going on"

ERROR: Unable to locate Host Name for 202.108.253.37
Continuing with limited modules
HostIP:202.108.253.37
HostName:

Gathered Inet-whois information for 202.108.253.37
---------------------------------


inetnum:        202.108.0.0 - 202.108.255.255
netname:        UNICOM-BJ
descr:          China Unicom Beijing province network
descr:          China Unicom
country:        CN
admin-c:        CH1302-AP
tech-c:         SY21-AP
mnt-by:         APNIC-HM
mnt-lower:      MAINT-CNCGROUP-BJ
mnt-routes:     MAINT-CNCGROUP-RR
changed:        hm-changed@apnic.net 20031017
status:         ALLOCATED PORTABLE
changed:        hm-changed@apnic.net 20060124
changed:        hm-changed@apnic.net 20090507
changed:        hm-changed@apnic.net 20090508
source:         APNIC

person:         ChinaUnicom Hostmaster
nic-hdl:        CH1302-AP
e-mail:         abuse@cnc-noc.net
address:        No.21,Jin-Rong Street
address:        Beijing,100033
address:        P.R.China
phone:          +86-10-66259764
fax-no:         +86-10-66259764
country:        CN
changed:        abuse@cnc-noc.net 20090408
mnt-by:         MAINT-CNCGROUP
source:         APNIC

person:         sun ying
address:        fu xing men nei da jie 97, Xicheng District
address:        Beijing 100800
country:        CN
phone:          +86-10-66030657
fax-no:         +86-10-66078815
e-mail:         hostmast@publicf.bta.net.cn
nic-hdl:        SY21-AP
mnt-by:         MAINT-CNCGROUP-BJ
changed:        suny@publicf.bta.net.cn 19980824
changed:        hm-changed@apnic.net 20060717
changed:        hostmast@publicf.bta.net.cn  20090630
source:         APNIC



All scans completed, exiting

root@root:~# dmitry -w soufun.com
Deepmagic Information Gathering Tool
"There be some deep magic going on"

HostIP:202.108.253.57
HostName:soufun.com

Gathered Inic-whois information for soufun.com
---------------------------------

   Domain Name: SOUFUN.COM
   Registrar: NETWORK SOLUTIONS, LLC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://www.networksolutions.com/en_US/
   Name Server: NS.SOUFUN.COM
   Name Server: NS2.SOUFUN.COM
   Name Server: NS3.SOUFUN.COM
   Status: clientTransferProhibited
   Updated Date: 29-nov-2012
   Creation Date: 15-apr-1999
   Expiration Date: 15-apr-2016

>>> Last update of whois database: Sat, 23 Feb 2013 03:25:42 UTC <<<

4. arp spoof

需要设置ip_forward为1

对所有host响应gateway的mac是eth0的MAC

root@root:~# arpspoof -i eth0  10.9.128.1
0:1c:25:1e:d6:b7 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.9.128.1 is-at 0:1c:25:1e:d6:b7
0:1c:25:1e:d6:b7 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.9.128.1 is-at 0:1c:25:1e:d6:b7


5. dnsenum

root@root:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl --enum nuomi.com
dnsenum.pl VERSION:1.2
Warning: can't load Net::Whois::IP module, whois queries disabled.

-----   nuomi.com   -----

-----------------
Host's addresses:
-----------------
 nuomi.com.	900	IN	A	123.125.38.239
 nuomi.com.	900	IN	A	123.125.38.240
 nuomi.com.	900	IN	A	123.125.38.241
 nuomi.com.	900	IN	A	123.125.38.2
 nuomi.com.	900	IN	A	123.125.38.3

-------------
Name servers:
-------------
  ns1.renren.com.	211684	IN	A	123.125.40.215
  ns2.renren.com.	211684	IN	A	220.181.180.7
  ns3.renren.com.	211684	IN	A	60.28.219.15

-----------
MX record:
-----------
  mail.nuomi.com.	900	IN	A	123.125.36.126

---------------------
Trying Zonetransfers:
---------------------

 Trying zonetransfer for nuomi.com on ns2.renren.com ... 

 Trying zonetransfer for nuomi.com on ns3.renren.com ... 

 Trying zonetransfer for nuomi.com on ns1.renren.com ... 

--------------------------------------------
Scraping nuomi.com subdomains from Google:
--------------------------------------------

 ----   Google search page: 1   ---- 

 ----   Google search page: 2   ---- 

 ----   Google search page: 3   ---- 

 ----   Google search page: 4   ---- 

 ----   Google search page: 5   ---- 

 ----   Google search page: 6   ---- 

 ----   Google search page: 7   ---- 

 ----   Google search page: 8   ---- 

 ----   Google search page: 9   ---- 

 ----   Google search page: 10   ---- 

 ----   Google search page: 11   ---- 

 ----   Google search page: 12   ---- 

 ----   Google search page: 13   ---- 

 ----   Google search page: 14   ---- 
Use of uninitialized value in subroutine entry at ./dnsenum.pl line 894.

 Google results: 0
  perhaps Google is blocking our queries.
 Check manually.

brute force file not specified, bay.

6. netenum -- find all the live hosts. 

root@root:/pentest/enumeration/irpas# ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:1c:25:1e:d6:b7  
          inet6 addr: fe80::21c:25ff:fe1e:d6b7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:384901 errors:0 dropped:0 overruns:0 frame:0
          TX packets:341984 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:553787460 (553.7 MB)  TX bytes:29804045 (29.8 MB)
          Interrupt:20 Memory:fe000000-fe020000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:742 errors:0 dropped:0 overruns:0 frame:0
          TX packets:742 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:274352 (274.3 KB)  TX bytes:274352 (274.3 KB)

mon0      Link encap:UNSPEC  HWaddr 00-1F-3B-23-54-59-30-30-00-00-00-00-00-00-00-00  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:3023258 errors:0 dropped:2281854 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:864092462 (864.0 MB)  TX bytes:0 (0.0 B)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.9.131.2  P-t-P:10.9.128.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:3520 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3883 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:3712512 (3.7 MB)  TX bytes:388275 (388.2 KB)

wlan0     Link encap:Ethernet  HWaddr 00:1f:3b:23:54:59  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@root:/pentest/enumeration/irpas# ./netenum 10.9.128.1/24 5 1
118 targets found
10.9.128.1
10.9.128.2
10.9.128.3
10.9.128.5
10.9.128.14
10.9.128.15
10.9.128.16
10.9.128.22
10.9.128.23
10.9.128.24
10.9.128.25
10.9.128.26
10.9.128.27
10.9.128.28
10.9.128.33
10.9.128.34
10.9.128.42
10.9.128.43
10.9.128.44
10.9.128.45
10.9.128.47
10.9.128.46
10.9.128.50
10.9.128.54
10.9.128.55
10.9.128.56
10.9.128.59
10.9.128.64
10.9.128.69
10.9.128.74
10.9.128.76
10.9.128.77
10.9.128.78
10.9.128.79
10.9.128.86
10.9.128.87
10.9.128.88
10.9.128.89
10.9.128.95
10.9.128.96
10.9.128.97
10.9.128.99
10.9.128.100
10.9.128.101
10.9.128.102
10.9.128.103
10.9.128.105
10.9.128.107
10.9.128.108
10.9.128.109
10.9.128.111
10.9.128.112
10.9.128.117
10.9.128.118
10.9.128.125
10.9.128.126
10.9.128.127
10.9.128.130
10.9.128.135
10.9.128.136
10.9.128.138
10.9.128.139
10.9.128.140
10.9.128.141
10.9.128.142
10.9.128.143
10.9.128.144
10.9.128.146
10.9.128.147
10.9.128.149
10.9.128.150
10.9.128.152
10.9.128.154
10.9.128.156
10.9.128.157
10.9.128.159
10.9.128.162
10.9.128.163
10.9.128.166
10.9.128.167
10.9.128.168
10.9.128.169
10.9.128.170
10.9.128.176
10.9.128.178
10.9.128.179
10.9.128.181
10.9.128.182
10.9.128.185
10.9.128.186
10.9.128.187
10.9.128.190
10.9.128.196
10.9.128.197
10.9.128.199
10.9.128.203
10.9.128.208
10.9.128.210
10.9.128.211
10.9.128.212
10.9.128.214
10.9.128.215
10.9.128.216
10.9.128.219
10.9.128.220
10.9.128.221
10.9.128.226
10.9.128.227
10.9.128.228
10.9.128.231
10.9.128.234
10.9.128.235
10.9.128.240
10.9.128.241
10.9.128.245
10.9.128.246
10.9.128.247
10.9.128.253

7. protos 

root@root:/pentest/enumeration/irpas# ./protos -i ppp0 -d 123.125.38.239 -v
123.125.38.239 is alive
TARGET	123.125.38.239
Running in verbose mode
	Afterscan delay is 3
	running in fast scan - pause every 1 probes
	continuing scan afterwards for 3 secs
	supported protocols will be reported
	you supplied the target(s) 123.125.38.239
Scanning 123.125.38.239
Port unreachable - therefore protocol UDP is running
Port unreachable - therefore protocol UDP is running
Port unreachable - therefore protocol UDP is running
Port unreachable - therefore protocol UDP is running
Port unreachable - therefore protocol UDP is running
>>>>>>>>> RESULTS >>>>>>>>>>

123.125.38.239 may be running (did not negate):
	ICMP IGMP ST TCP IGP NVP-II ARGUS XNET UDP DCN-MEAS PRM TRUNK-1 LEAF-1 RDP ISO-TP4 MFE-NSP SEP IDPR DDP TP++ IPv6 IPv6-Route IDRP GRE BNA AH SWIPE MOBILE SKIP IPv6-NoNxt 61 63 KRYPTOLAN IPPC SAT-MON IPCV CPHB PVP SUN-ND WB-EXPAK VMTP VINES NSFNET-IGP TCF OSPFIGP LARP AX.25 MICP ETHERIP 99PrivEncr IFMP PIM SCPS A/N SNP IPX-in-IP VRRP IATP SRP SMP PTP FIRE CRUDP IPLT PIPE FC 135 137 139 141 144 146 148 150 152 154 156 158 160 162 164 166 168 170 172 174 176 178 180 182 184 186 188 190 192 194 196 198 200 202 204 206 208 210 212 214 216 218 220 222 224 226 228 230 232 234 236 238 240 242 244 246 248 250 252 254 


root@root:/pentest/enumeration/irpas# ./protos -i ppp0 -d 10.9.128.1 -v
10.9.128.1 is alive
TARGET	10.9.128.1
Running in verbose mode
	Afterscan delay is 3
	running in fast scan - pause every 1 probes
	continuing scan afterwards for 3 secs
	supported protocols will be reported
	you supplied the target(s) 10.9.128.1
Scanning 10.9.128.1
Port unreachable - therefore protocol UDP is running
Port unreachable - therefore protocol UDP is running
Port unreachable - therefore protocol UDP is running
Port unreachable - therefore protocol UDP is running
Port unreachable - therefore protocol UDP is running
>>>>>>>>> RESULTS >>>>>>>>>>

10.9.128.1 may be running (did not negate):
	ICMP IGMP IPenc TCP UDP GRE

8. nmap 

root@root:~# nmap -v -A nuomi.com

Starting Nmap 5.51 ( http://nmap.org ) at 2013-02-22 10:42 EST
NSE: Loaded 57 scripts for scanning.
Initiating Ping Scan at 10:42
Scanning nuomi.com (123.125.38.239) [4 ports]
Completed Ping Scan at 10:42, 0.13s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:42
Completed Parallel DNS resolution of 1 host. at 10:42, 0.00s elapsed
Initiating SYN Stealth Scan at 10:42
Scanning nuomi.com (123.125.38.239) [1000 ports]
Discovered open port 80/tcp on 123.125.38.239
Completed SYN Stealth Scan at 10:43, 4.32s elapsed (1000 total ports)
Initiating Service scan at 10:43
Scanning 1 service on nuomi.com (123.125.38.239)
Completed Service scan at 10:43, 6.04s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against nuomi.com (123.125.38.239)
Retrying OS detection (try #2) against nuomi.com (123.125.38.239)
NSE: Script scanning 123.125.38.239.
Initiating NSE at 10:43
Completed NSE at 10:43, 0.10s elapsed
Nmap scan report for nuomi.com (123.125.38.239)
Host is up (0.017s latency).
Other addresses for nuomi.com (not scanned): 123.125.38.240 123.125.38.241 123.125.38.2 123.125.38.3
Not shown: 999 filtered ports
PORT   STATE SERVICE VERSION
80/tcp open  http    nginx 1.2.0
|_http-methods: No Allow or Public header in OPTIONS response (status code 301)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 2.6.9 (92%), Linux 2.6.9 - 2.6.27 (91%), ZoneAlarm Z100G WAP (91%), Linux 2.6.11 (89%), Linux 2.6.9 (CentOS 4.4) (89%), Riverbed Steelhead 200 proxy server (89%), Linux 2.6.18 (88%), Linux 2.6.28 (88%), Linux 2.6.30 (88%), Linux 2.6.5 (88%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 8.039 days (since Thu Feb 14 09:46:30 2013)
TCP Sequence Prediction: Difficulty=190 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT      ADDRESS
1   16.89 ms 123.125.38.239

Read data files from: /usr/local/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.81 seconds
           Raw packets sent: 2080 (95.204KB) | Rcvd: 23 (1.672KB)

root@root:~# nmap -sP 10.9.128.1/24

Starting Nmap 5.51 ( http://nmap.org ) at 2013-02-22 10:49 EST
Nmap scan report for 10.9.128.1
Host is up (0.0023s latency).
Nmap scan report for 10.9.128.5
Host is up (0.0032s latency).
Nmap scan report for 10.9.128.11
Host is up (0.0025s latency).
Nmap scan report for 10.9.128.13
Host is up (0.0019s latency).
Nmap scan report for 10.9.128.14
Host is up (0.0016s latency).
Nmap scan report for 10.9.128.15
Host is up (0.0021s latency).
Nmap scan report for 10.9.128.16
Host is up (0.0014s latency).
Nmap scan report for 10.9.128.23
Host is up (0.0028s latency).
Nmap scan report for 10.9.128.24
Host is up (0.0013s latency).
Nmap scan report for 10.9.128.25
Host is up (0.0031s latency).
Nmap scan report for 10.9.128.26
Host is up (0.00093s latency).
Nmap scan report for 10.9.128.27
Host is up (0.0028s latency).
Nmap scan report for 10.9.128.28
Host is up (0.0030s latency).
Nmap scan report for 10.9.128.33
Host is up (0.014s latency).
Nmap scan report for 10.9.128.34
Host is up (0.00096s latency).
Nmap scan report for 10.9.128.42
Host is up (0.011s latency).
Nmap scan report for 10.9.128.43
Host is up (0.0020s latency).
Nmap scan report for 10.9.128.44
Host is up (0.0029s latency).
Nmap scan report for 10.9.128.45
Host is up (0.0020s latency).
Nmap scan report for 10.9.128.46
Host is up (0.014s latency).
Nmap scan report for 10.9.128.47
Host is up (0.0050s latency).
Nmap scan report for 10.9.128.50
Host is up (0.0017s latency).
Nmap scan report for 10.9.128.53
Host is up (0.012s latency).
Nmap scan report for 10.9.128.55
Host is up (0.0022s latency).
Nmap scan report for 10.9.128.56
Host is up (0.0013s latency).
Nmap scan report for 10.9.128.59
Host is up (0.0012s latency).
Nmap scan report for 10.9.128.62
Host is up (0.00094s latency).
Nmap scan report for 10.9.128.69
Host is up (0.0046s latency).
Nmap scan report for 10.9.128.73
Host is up (0.0018s latency).
Nmap scan report for 10.9.128.74
Host is up (0.0029s latency).
Nmap scan report for 10.9.128.76
Host is up (0.0024s latency).
Nmap scan report for 10.9.128.77
Host is up (0.0013s latency).
Nmap scan report for 10.9.128.79
Host is up (0.0015s latency).
Nmap scan report for 10.9.128.86
Host is up (0.0015s latency).
Nmap scan report for 10.9.128.87
Host is up (0.0024s latency).
Nmap scan report for 10.9.128.89
Host is up (0.0013s latency).
Nmap scan report for 10.9.128.95
Host is up (0.0023s latency).
Nmap scan report for 10.9.128.96
Host is up (0.0031s latency).
Nmap scan report for 10.9.128.97
Host is up (0.0013s latency).
Nmap scan report for 10.9.128.100
Host is up (0.00092s latency).
Nmap scan report for 10.9.128.101
Host is up (0.0031s latency).
Nmap scan report for 10.9.128.102
Host is up (0.0025s latency).
Nmap scan report for 10.9.128.103
Host is up (0.0020s latency).
Nmap scan report for 10.9.128.105
Host is up (0.0019s latency).
Nmap scan report for 10.9.128.108
Host is up (0.0020s latency).
Nmap scan report for 10.9.128.111
Host is up (0.0012s latency).
Nmap scan report for 10.9.128.112
Host is up (0.0010s latency).
Nmap scan report for 10.9.128.117
Host is up (0.0021s latency).
Nmap scan report for 10.9.128.118
Host is up (0.0019s latency).
Nmap scan report for 10.9.128.119
Host is up (0.0024s latency).
Nmap scan report for 10.9.128.125
Host is up (0.0031s latency).
Nmap scan report for 10.9.128.127
Host is up (0.0013s latency).
Nmap scan report for 10.9.128.130
Host is up (0.0022s latency).
Nmap scan report for 10.9.128.135
Host is up (0.0073s latency).
Nmap scan report for 10.9.128.136
Host is up (0.0019s latency).
Nmap scan report for 10.9.128.138
Host is up (0.0024s latency).
Nmap scan report for 10.9.128.139
Host is up (0.0073s latency).
Nmap scan report for 10.9.128.140
Host is up (0.0019s latency).
Nmap scan report for 10.9.128.141
Host is up (0.0021s latency).
Nmap scan report for 10.9.128.142
Host is up (0.0021s latency).
Nmap scan report for 10.9.128.143
Host is up (0.0029s latency).
Nmap scan report for 10.9.128.144
Host is up (0.0015s latency).
Nmap scan report for 10.9.128.146
Host is up (0.0018s latency).
Nmap scan report for 10.9.128.147
Host is up (0.0017s latency).
Nmap scan report for 10.9.128.149
Host is up (0.0034s latency).
Nmap scan report for 10.9.128.150
Host is up (0.0014s latency).
Nmap scan report for 10.9.128.152
Host is up (0.0014s latency).
Nmap scan report for 10.9.128.154
Host is up (0.0013s latency).
Nmap scan report for 10.9.128.156
Host is up (0.0011s latency).
Nmap scan report for 10.9.128.157
Host is up (0.0021s latency).
Nmap scan report for 10.9.128.159
Host is up (0.00080s latency).
Nmap scan report for 10.9.128.162
Host is up (0.00093s latency).
Nmap scan report for 10.9.128.166
Host is up (0.0014s latency).
Nmap scan report for 10.9.128.167
Host is up (0.00079s latency).
Nmap scan report for 10.9.128.168
Host is up (0.0015s latency).
Nmap scan report for 10.9.128.169
Host is up (0.0042s latency).
Nmap scan report for 10.9.128.170
Host is up (0.0015s latency).
Nmap scan report for 10.9.128.176
Host is up (0.0020s latency).
Nmap scan report for 10.9.128.179
Host is up (0.0023s latency).
Nmap scan report for 10.9.128.181
Host is up (0.0073s latency).
Nmap scan report for 10.9.128.182
Host is up (0.00093s latency).
Nmap scan report for 10.9.128.185
Host is up (0.0026s latency).
Nmap scan report for 10.9.128.186
Host is up (0.0032s latency).
Nmap scan report for 10.9.128.187
Host is up (0.0020s latency).
Nmap scan report for 10.9.128.190
Host is up (0.0055s latency).
Nmap scan report for 10.9.128.196
Host is up (0.0068s latency).
Nmap scan report for 10.9.128.199
Host is up (0.0022s latency).
Nmap scan report for 10.9.128.203
Host is up (0.0045s latency).
Nmap scan report for 10.9.128.207
Host is up (0.0017s latency).
Nmap scan report for 10.9.128.208
Host is up (0.0014s latency).
Nmap scan report for 10.9.128.210
Host is up (0.0018s latency).
Nmap scan report for 10.9.128.211
Host is up (0.0015s latency).
Nmap scan report for 10.9.128.212
Host is up (0.015s latency).
Nmap scan report for 10.9.128.214
Host is up (0.0020s latency).
Nmap scan report for 10.9.128.215
Host is up (0.0014s latency).
Nmap scan report for 10.9.128.216
Host is up (0.0054s latency).
Nmap scan report for 10.9.128.219
Host is up (0.0015s latency).
Nmap scan report for 10.9.128.220
Host is up (0.0017s latency).
Nmap scan report for 10.9.128.221
Host is up (0.0020s latency).
Nmap scan report for 10.9.128.222
Host is up (0.00093s latency).
Nmap scan report for 10.9.128.226
Host is up (0.00084s latency).
Nmap scan report for 10.9.128.231
Host is up (0.00082s latency).
Nmap scan report for 10.9.128.234
Host is up (0.0012s latency).
Nmap scan report for 10.9.128.235
Host is up (0.0016s latency).
Nmap scan report for 10.9.128.241
Host is up (0.0018s latency).
Nmap scan report for 10.9.128.245
Host is up (0.0020s latency).
Nmap scan report for 10.9.128.246
Host is up (0.013s latency).
Nmap scan report for 10.9.128.247
Host is up (0.0034s latency).
Nmap scan report for 10.9.128.252
Host is up (0.0010s latency).
Nmap scan report for 10.9.128.253
Host is up (0.0012s latency).
Nmap done: 256 IP addresses (110 hosts up) scanned in 3.36 seconds

root@root:~# nmap -sS 119.167.213.153 (qingdaonews.com)

Starting Nmap 5.51 ( http://nmap.org ) at 2013-02-22 10:53 EST
Nmap scan report for 119.167.213.153
Host is up (0.0077s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 4.58 seconds

root@root:~# nmap -O 123.125.38.3

Starting Nmap 5.51 ( http://nmap.org ) at 2013-02-22 10:54 EST
Nmap scan report for 123.125.38.3
Host is up (0.015s latency).
Not shown: 974 filtered ports
PORT      STATE SERVICE
20/tcp    open  ftp-data
30/tcp    open  unknown
80/tcp    open  http
146/tcp   open  iso-tp0
222/tcp   open  rsh-spx
555/tcp   open  dsf
668/tcp   open  mecomm
981/tcp   open  unknown
1021/tcp  open  exp1
1061/tcp  open  kiosk
1064/tcp  open  jstel
1149/tcp  open  bvtsonar
1583/tcp  open  simbaexpress
1947/tcp  open  sentinelsrm
2042/tcp  open  isis
2191/tcp  open  tvbus
2323/tcp  open  3d-nfsd
2718/tcp  open  pn-requester2
2967/tcp  open  symantec-av
3268/tcp  open  globalcatLDAP
3369/tcp  open  satvid-datalnk
3828/tcp  open  neteh
14442/tcp open  unknown
16000/tcp open  fmsas
28201/tcp open  unknown
54328/tcp open  unknown
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: CipherLab 5100 time and attendance terminal (86%), Cisco Unified Communications Manager VoIP gateway (86%), Cisco IP Phone 7941 (86%), D-Link DCS-3220 or DCS-5300G webcam (86%), Efficient Networks SpeedStream 5100 ADSL router (86%), Hioki MEMORY HiCORDER 8855 digital oscilloscope (86%), DD-WRT v23 (Linux 2.4.36) (86%), Tomato 1.27 (Linux 2.4.20) (86%), Vyatta router (Linux 2.6.26) (86%), Linux 2.6.18 (86%)
No exact OS matches for host (test conditions non-ideal).

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.39 seconds


DNS区域传输、DNS字典爆破、DNS注册信息
含笑
05-17 1万+
我们可以利用DNS区域传输来查看目标的记录,首先我们要先知道一个域名服务器,因为域名服务器有所有主机的记录,dig @域名服务器 域 传输方法axfr(AXFR请求,是从DNS服务器请求在主DNS服务器上更新信息的一类域名系统的请求。) 我们先挑选一个ns记录,来进行区域传输;root@kali:~# dig @ns2.sina.com sina.com axfr ;; Connectio
社工资源整理
weixin_30865427的博客
07-16 1万+
CMS 1 Tncms 2 Discuz-6 3 phpvod 4 Website Creator 5 微信达微信数字投票管理系统 6 Stackla Social Hub 7 Banshee 8 mymps 9 Kolibri CMS 10 AnanyooCMS 11 ILAS网上图书馆 12 Destoon ...
backtrack工具列表及介绍
积木网络
01-07 1万+
积木网络 Tools 1 Tools Found on BackTrack 3.0 Final (This wiki is still being updated for the latest release) 1.1 Information Gathering 1.1.1 0trace 0.01 1.1.2 Ass 1.1.3 dig 1.1.4 DMitry 1.1.5 DNS
《网络攻防技术与实践》(诸葛建伟)读书笔记
weixin_30418341的博客
03-17 1651
《网络攻防技术与实践》(诸葛建伟)读书笔记 第一章   一、思考:   1.   Q:如何进行攻击溯源?如何反攻击溯源?如何更好的实现隐蔽攻击?在设备资源不对等的情况下如何凭借技术、凭借什么样的技术能取得优势?   A:攻击溯源技术已加入技术储备池待学习列表;设备资源严重失衡情况下打赢非对称网络对抗要扬长避短,灵活的调动包括社会工程在内的一切技术、...
【安全牛学习笔记】DNS区域传输、DNS字典爆破、DNS注册信息
weixin_33937778的博客
09-11 2007
DNS区域传输、DNS字典爆破、DNS注册信息╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋┃DNS区域传输 ┃┃ dig @ns1.example.com example.com axfr ┃┃ host -T -l sina.com...
Simba_R6.19.2403.7z
11-05
大名鼎鼎的小狮子,射频校准软件,高级程度的产线自动化测试软件,支持以下功能: 1、射频校准和验证; 2、电流测试; 3、天线测试; 4、DUT固件下载。
backtrack5 [bt5] 中文指南【BackTrack Chinese Guide V10】 pdf
04-18
### BackTrack5中文指南知识点概览 #### 一、BackTrack5概述与入门 - **BackTrack5**是一款专门用于安全审计和渗透测试的操作系统,它基于Debian,集成了大量的安全工具,使得用户能够方便地进行网络安全评估。 - *...
backtrack5怎么安装vmware tools
最新发布
10-01
不过,如果你需要在Backtrack5上安装VMware Tools,虽然不是直接针对Backtrack5,你可以按照一般步骤操作,因为VMware Tools适用于大部分虚拟化平台。 以下是安装过程的大致步骤: 1. **下载VMware Tools**:首先...
Backtrack menu and Backtrack tools:在不更改当前操作系统的情况下安装Backtrack工具。-开源
05-28
在ubuntu / redhat / centos上添加带有可选Backtrack Menu的Backtrack工具。... -在最新的Ubuntu / Redhat 5/6,Centos 5/6上进行了测试。 注意:仔细安装某些依赖项会影响您当前的OS设置,请在安装前确保所有步骤。
BackTrack5 BT5在VM虚拟机下安装完美教程.pdf
05-16
BackTrack 5 在 VM 虚拟机下的安装教程 一、概述 BackTrack 5(BT5)是基于 Ubuntu Lucid LTS、Kernel 2.6.38 的 Penetration Testing 发行版,提供了 GNOME 和 KDE 两个桌面系统版本。该版本的代号为“revolution...
***测试踩点之httprint指纹识别技术
weixin_34326179的博客
05-21 537
Http指纹识别现在已经成为应用程序安全中一个新兴的话题,Http服务器和Http应用程序安全也已经成为网络安全中的重要一部分.从网络管理的立场来看,保持对各种web服务器的监视和追踪使得Http指纹识别变的唾手可得,Http指纹识别可以使得信息系统和安全策略变的自动化,在基于已经设置了审核策略的特殊的平台或是特殊的web服务器上,安全测试工具可以使用Http指纹识别来减少...
IBM待遇完全揭密--工资 级别等(网上摘抄)
阿太 Jin 的专栏
04-08 1万+
<br /><br />IBM待遇完全揭密--工资 级别等(网上摘抄)<br /> <br /> <br />[关于工资]<br />IBM的工资是这样几个部分组成的(非ISSC):<br />1.12个月的月基本工资(Monthly Basic Salary)。<br />2.China New Year and spring bonus(2个月的MBS).<br />3.performance bonus(0.8个月工资),全球也不会发给几个人的,基本上是骗人的。<br />4.每月补助,700
Linux网卡异常问题:ethernet eth0: no PHY
无语僧
03-07 2万+
平台:IMX6Q系统:Linux V3.14.28异常日志信息如下:Configuring network interfaces... [    7.228356] fec 2188000.ethernet eth0: no PHY, assuming direct connection to switch[    7.236055] libphy: PHY fixed-0:00 not foun...
谁动了我们的DNS
软体疯子专栏
10-16 5704
 文章属性:转载文章来源:internet文章提交:root (webmaster_at_xfocus.org)本文遵从GPL协议,欢迎转载|=------------------------------------------------------------------------=|---------[ Table of Contents ]  0x1   - 前言  0x2   - 一些
五种最常见的开源路由器第三方固件测评-转
xp5xp6的博客
01-16 1万+
除了智能手机外,路由器和无线接入点无疑是最常被破解和修改的消费级设备。一方面破解这些设备较为简单,另一方面破解、修改设备参数后能带来一系列好处,比如拥有更多的特性,改善路由功能,加强安全性,而且破解后还能配置原厂固件通常不允许修改的参数(例如天线输出功率)。 五种最常见第三方固件的测评,重点介绍它们所提供的功能、最适合的用户群,其中有专为嵌入式硬件或特定路由器而设计的,有设计成与硬件无关的解决方
EmWebAdmin 初步上手
weixin_30535167的博客
05-15 233
EmWebAdmin 简介: // github 地址: https://github.com/ZengjfOS/EmWebAdmin // 介绍: 参考gentelella做的模板; 这是一个PHP网站模板系统,采用Smarty进行模板解析; EmWebAdmin 使用: // 将 EmWebAdmin clone 下来,或者直接下来。 ...
Android 开源项目和文章集合(更新:2022.03.21)
热门推荐
z979451341的博客
11-08 19万+
1.再见SharedPreferences,你好MMKV! https://mp.weixin.qq.com/s/VBMDIE0QHXQAMuIjon-Fjg
HP Socket HttpServer使用
与其用泪水悔恨昨天,不如用汗水拼搏今天
12-24 8803
使用HP搭建Socket HttpServer,并且实现post,get,以及websocket,主要是webssockt折腾了不少时间。 首先要自己实现底层接口,都是纯虚函数,需要自己去实现,继承自IHttpServerListener #pragma once #include "SocketInterface.h" #include "stdio.h" #include&lt;sys...
BackTrack5中文使用手册
"BackTrack5中文指南v5是神经元信息安全多元团队编写的关于BackTrack5的详细使用手册,旨在帮助用户了解和掌握这个著名的网络安全分析操作系统。该指南覆盖了从文档管理、系统简介、下载方法到安装和使用等多个方面...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值