本文介绍如何使用Nmap工具对本地网络进行详细扫描,并将扫描结果以XML格式导入Metasploit进行进一步分析。通过具体实例展示了扫描过程及结果解析。
msf > nmap -n -oX my.xml 192.168.144.0/24
[*] exec: nmap -n -oX my.xml 192.168.144.0/24
--使用nmap来扫描本地网络,扫描结果会自动生成XML文件形式添加到Metasploit中。
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-11-07 07:55 EST
Nmap scan report for 192.168.144.1
Host is up (0.00028s latency).
Not shown: 990 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
902/tcp open iss-realsecure
912/tcp open apex-mesh
2869/tcp open icslap
5357/tcp open wsdapi
49155/tcp open unknown
49156/tcp open unknown
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.144.2
Host is up (0.00035s latency).
All 1000 scanned ports on 192.168.144.2 are closed
MAC Address: 00:50:56:E6:0A:6D (VMware)
Nmap scan report for 192.168.144.135
Host is up (0.00028s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:84:5D:10 (VMware)
Nmap scan report for 192.168.144.254
Host is up (0.037s latency).
All 1000 scanned ports on 192.168.144.254 are filtered
MAC Address: 00:50:56:F4:50:B2 (VMware)
Nmap scan report for 192.168.144.130
Host is up (0.0000020s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (5 hosts up) scanned in 328.80 seconds
msf > db_import my.xml
---将nmap输出的结果已XML文件形式导入Metasploit中,调用以上命令。
[*] Importing 'Nmap XML' data
[*] Import: Parsing with 'Nokogiri v1.6.6.2'
[*] Importing host 192.168.144.1
[*] Importing host 192.168.144.135
[*] Importing host 192.168.144.130
[*] Successfully imported /root/my.xml
msf > hosts
---通过hosts命令查询nmap输出的数据。
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.144.1 00:50:56:c0:00:08 Unknown device
192.168.144.130 Unknown device
192.168.144.135 00:0c:29:84:5d:10 Unknown device
msf > services
---通过services命令,查看Metasploit中可用的服务。
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.144.1 49156 tcp unknown open
192.168.144.1 49155 tcp unknown open
192.168.144.1 135 tcp msrpc open
192.168.144.1 139 tcp netbios-ssn open
192.168.144.1 443 tcp https open
192.168.144.1 445 tcp microsoft-ds open
192.168.144.1 5357 tcp wsdapi open
192.168.144.1 912 tcp apex-mesh open
192.168.144.1 2869 tcp icslap open
192.168.144.1 902 tcp iss-realsecure open
192.168.144.130 22 tcp ssh open
192.168.144.135 22 tcp ssh open
msf > db_nmap -n -A 192.168.144.135
--使用db_nmap命令对目标主机使用nmap命令进行扫描。
[*] Nmap: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-11-07 08:15 EST
[*] Nmap: Nmap scan report for 192.168.144.135
[*] Nmap: Host is up (0.00023s latency).
[*] Nmap: Not shown: 999 closed ports
[*] Nmap: PORT STATE SERVICE VERSION
[*] Nmap: 22/tcp open ssh OpenSSH 6.9p1 Ubuntu 2 (Ubuntu Linux; protocol 2.0)
[*] Nmap: | ssh-hostkey:
[*] Nmap: | 2048 7f:73:b2:c0:9c:fe:ec:3b:ff:48:59:ae:ad:dc:68:7f (RSA)
[*] Nmap: |_ 256 f9:1d:c1:ef:a3:8a:b1:19:96:9d:34:25:9c:ca:4c:53 (ECDSA)
[*] Nmap: MAC Address: 00:0C:29:84:5D:10 (VMware)
[*] Nmap: Device type: general purpose
[*] Nmap: Running: Linux 3.X
[*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:3
[*] Nmap: OS details: Linux 3.2 - 3.19
[*] Nmap: Network Distance: 1 hop
[*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
[*] Nmap: TRACEROUTE
[*] Nmap: HOP RTT ADDRESS
[*] Nmap: 1 0.23 ms 192.168.144.135
[*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 8.55 seconds
[*] exec: nmap -n -oX my.xml 192.168.144.0/24
--使用nmap来扫描本地网络,扫描结果会自动生成XML文件形式添加到Metasploit中。
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-11-07 07:55 EST
Nmap scan report for 192.168.144.1
Host is up (0.00028s latency).
Not shown: 990 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
902/tcp open iss-realsecure
912/tcp open apex-mesh
2869/tcp open icslap
5357/tcp open wsdapi
49155/tcp open unknown
49156/tcp open unknown
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.144.2
Host is up (0.00035s latency).
All 1000 scanned ports on 192.168.144.2 are closed
MAC Address: 00:50:56:E6:0A:6D (VMware)
Nmap scan report for 192.168.144.135
Host is up (0.00028s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:84:5D:10 (VMware)
Nmap scan report for 192.168.144.254
Host is up (0.037s latency).
All 1000 scanned ports on 192.168.144.254 are filtered
MAC Address: 00:50:56:F4:50:B2 (VMware)
Nmap scan report for 192.168.144.130
Host is up (0.0000020s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (5 hosts up) scanned in 328.80 seconds
msf > db_import my.xml
---将nmap输出的结果已XML文件形式导入Metasploit中,调用以上命令。
[*] Importing 'Nmap XML' data
[*] Import: Parsing with 'Nokogiri v1.6.6.2'
[*] Importing host 192.168.144.1
[*] Importing host 192.168.144.135
[*] Importing host 192.168.144.130
[*] Successfully imported /root/my.xml
msf > hosts
---通过hosts命令查询nmap输出的数据。
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.144.1 00:50:56:c0:00:08 Unknown device
192.168.144.130 Unknown device
192.168.144.135 00:0c:29:84:5d:10 Unknown device
msf > services
---通过services命令,查看Metasploit中可用的服务。
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
192.168.144.1 49156 tcp unknown open
192.168.144.1 49155 tcp unknown open
192.168.144.1 135 tcp msrpc open
192.168.144.1 139 tcp netbios-ssn open
192.168.144.1 443 tcp https open
192.168.144.1 445 tcp microsoft-ds open
192.168.144.1 5357 tcp wsdapi open
192.168.144.1 912 tcp apex-mesh open
192.168.144.1 2869 tcp icslap open
192.168.144.1 902 tcp iss-realsecure open
192.168.144.130 22 tcp ssh open
192.168.144.135 22 tcp ssh open
msf > db_nmap -n -A 192.168.144.135
--使用db_nmap命令对目标主机使用nmap命令进行扫描。
[*] Nmap: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-11-07 08:15 EST
[*] Nmap: Nmap scan report for 192.168.144.135
[*] Nmap: Host is up (0.00023s latency).
[*] Nmap: Not shown: 999 closed ports
[*] Nmap: PORT STATE SERVICE VERSION
[*] Nmap: 22/tcp open ssh OpenSSH 6.9p1 Ubuntu 2 (Ubuntu Linux; protocol 2.0)
[*] Nmap: | ssh-hostkey:
[*] Nmap: | 2048 7f:73:b2:c0:9c:fe:ec:3b:ff:48:59:ae:ad:dc:68:7f (RSA)
[*] Nmap: |_ 256 f9:1d:c1:ef:a3:8a:b1:19:96:9d:34:25:9c:ca:4c:53 (ECDSA)
[*] Nmap: MAC Address: 00:0C:29:84:5D:10 (VMware)
[*] Nmap: Device type: general purpose
[*] Nmap: Running: Linux 3.X
[*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:3
[*] Nmap: OS details: Linux 3.2 - 3.19
[*] Nmap: Network Distance: 1 hop
[*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
[*] Nmap: TRACEROUTE
[*] Nmap: HOP RTT ADDRESS
[*] Nmap: 1 0.23 ms 192.168.144.135
[*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 8.55 seconds
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
