Bii o ṣe le Lo Awọn iwe afọwọkọ Nmap Script (NSE) ni Linux


ṣayẹwo awọn ebute oko ati awọn iṣẹ ṣiṣi lori awọn ogun wọnyẹn, ati pupọ diẹ sii.

Ọkan ninu awọn ẹya ti o nifẹ ti Nmap ni Ẹrọ Nmap Script (NSE), eyiti o mu paapaa irọrun ati ṣiṣe diẹ sii si rẹ. O fun ọ laaye lati kọ awọn iwe afọwọkọ tirẹ ni ede siseto Lua, ati ṣeeṣe pin awọn iwe afọwọkọ wọnyi pẹlu awọn olumulo Nmap miiran ni ita.

Awọn oriṣi mẹrin ti awọn iwe afọwọkọ NSE wa, eyun:

  • Awọn iwe afọwọkọ ti iṣaaju - jẹ awọn iwe afọwọkọ ti o ṣiṣẹ ṣaaju eyikeyi awọn iṣẹ ọlọjẹ Nmap, wọn pa wọn nigbati Nmap ko kojọpọ alaye kankan nipa ibi-afẹde sibẹsibẹ.
  • Awọn iwe afọwọkọ gbalejo - jẹ awọn iwe afọwọkọ ti o ṣiṣẹ lẹhin ti Nmap ti ṣe awọn iṣẹ ṣiṣe deede bii awari alejo, wiwa ibudo, iṣawari ẹya, ati wiwa OS lodi si oluṣojuuṣe ibi-afẹde kan.
  • Awọn iwe afọwọkọ iṣẹ - jẹ awọn iwe afọwọkọ ti o kọju si awọn iṣẹ kan pato ti n tẹtisi lori olupin ibi-afẹde kan.
  • Awọn iwe afọwọkọ Postrule - jẹ awọn iwe afọwọkọ ti o ṣiṣẹ lẹhin ti Nmap ti ṣayẹwo gbogbo awọn agbalejo ibi-afẹde rẹ.

Lẹhinna awọn iwe afọwọkọ wọnyi ni a ṣajọ labẹ ọpọlọpọ awọn isọri pẹlu awọn ti ijẹrisi (auth), iwari awọn ọmọ-ogun (igbohunsafefe), awọn ikọlu agbara ikọlu lati gboju le awọn iwe eri ijẹrisi (ṣa), iwari diẹ sii nipa nẹtiwọọki kan (wiwa), ti o fa kiko iṣẹ (dos ), lo nilokulo diẹ ninu ibajẹ (lo nilokulo), ati bẹbẹ lọ Nọmba awọn iwe afọwọkọ kan jẹ ti ẹka aiyipada.

Akiyesi: Ṣaaju ki a to lọ siwaju, o yẹ ki o ṣe akiyesi awọn aaye pataki wọnyi:

  • Maṣe ṣe awọn iwe afọwọkọ lati awọn ẹgbẹ kẹta laisi ṣojuuṣe wo nipasẹ wọn tabi nikan ti o ba gbẹkẹle awọn onkọwe naa. Eyi jẹ nitori awọn iwe afọwọkọ wọnyi ko ṣiṣẹ ni apoti iyanrin kan ati nitorinaa le ṣe airotẹlẹ tabi irira ba eto rẹ jẹ tabi gbogun ti aṣiri rẹ.
  • Ẹlẹẹkeji, ọpọlọpọ awọn iwe afọwọkọ wọnyi le ṣee ṣiṣẹ bi boya iṣaaju tabi iwe afọwọkọ ifiweranṣẹ. Ṣiyesi eyi, o ni iṣeduro lati lo ilana iṣaaju fun awọn idi ti aitasera.
  • Nmap nlo awọn iwe afọwọkọ/data.db ibi ipamọ data lati ṣawari awọn iwe afọwọkọ aiyipada ati awọn ẹka.

Lati wo ipo ti gbogbo awọn iwe afọwọkọ NSE ti o wa, ṣiṣe ohun elo wiwa lori ebute, bii eleyi:

$ locate *.nse

/usr/share/nmap/scripts/acarsd-info.nse
/usr/share/nmap/scripts/address-info.nse
/usr/share/nmap/scripts/afp-brute.nse
/usr/share/nmap/scripts/afp-ls.nse
/usr/share/nmap/scripts/afp-path-vuln.nse
/usr/share/nmap/scripts/afp-serverinfo.nse
/usr/share/nmap/scripts/afp-showmount.nse
/usr/share/nmap/scripts/ajp-auth.nse
/usr/share/nmap/scripts/ajp-brute.nse
/usr/share/nmap/scripts/ajp-headers.nse
/usr/share/nmap/scripts/ajp-methods.nse
/usr/share/nmap/scripts/ajp-request.nse
/usr/share/nmap/scripts/allseeingeye-info.nse
/usr/share/nmap/scripts/amqp-info.nse
/usr/share/nmap/scripts/asn-query.nse
...

Awọn iwe afọwọkọ NSE ti rù ni lilo asia --script , eyiti o tun fun ọ laaye lati ṣiṣẹ awọn iwe afọwọkọ tirẹ nipa fifun awọn ẹka, awọn orukọ faili afọwọkọ, tabi orukọ awọn ilana ilana nibiti awọn iwe afọwọkọ rẹ wa.

Itọka fun muu awọn iwe afọwọkọ jẹ bi atẹle:

$ nmap -sC target     #load default scripts
OR
$ nmap --script filename|category|directory|expression,...   target    

O le wo apejuwe ti iwe afọwọkọ kan pẹlu aṣayan --script-iranlọwọ . Ni afikun, o le kọja awọn ariyanjiyan si diẹ ninu awọn iwe afọwọkọ nipasẹ awọn aṣayan --script-args ati --script-args-file awọn aṣayan, nigbamii ni a lo lati pese orukọ faili kan ju laini aṣẹ-aṣẹ kan.

Lati ṣe ọlọjẹ pẹlu ọpọlọpọ awọn iwe afọwọkọ aiyipada, lo Flag -sC tabi ni lilo miiran --script = aiyipada bi o ti han.

$ nmap -sC scanme.nmap.org
OR
$ nmap --script=default scanme.nmap.org
OR
$ nmap --script default scanme.nmap.org
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-15 10:36 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.0027s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
80/tcp open  http
|_http-title: Go ahead and ScanMe!

Nmap done: 1 IP address (1 host up) scanned in 11.74 seconds

Lati lo iwe afọwọkọ kan fun idi ti o yẹ, o le, akọkọ gbogbo rẹ, gba apejuwe ṣoki ti ohun ti o ṣe n gangan, fun apẹẹrẹ, awọn akọle-http.

$ nmap --script-help http-headers scanme.nmap.org
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-15 10:37 IST

http-headers
Categories: discovery safe
https://nmap.org/nsedoc/scripts/http-headers.html
  Performs a HEAD request for the root folder ("/") of a web server and displays the HTTP headers returned.

Loading Awọn iwe afọwọkọ NSE Lati Ṣe Awọn iwoye Nmap

O le yan tabi fifuye awọn iwe afọwọkọ lati ṣe ọlọjẹ ni awọn ọna oriṣiriṣi ti a ṣalaye ni isalẹ.

Lọgan ti o ba mọ kini iwe afọwọkọ kan ṣe, o le ṣe ọlọjẹ nipa lilo rẹ. O le lo iwe afọwọkọ kan tabi tẹ atokọ iyasọtọ ti awọn orukọ afọwọkọ. Aṣẹ ti o wa ni isalẹ yoo fun ọ laaye lati wo awọn akọle HTTP ti a tunto lori oju-iwe ayelujara ni olupin ibi-afẹde naa.

$ nmap --script http-headers scanme.nmap.org
Starting Nmap 7.01 ( https://nmap.org ) at 2017-11-15 10:39 IST
Nmap scan report for scanme.nmap.org (45.33.32.156)
Host is up (0.27s latency).
Not shown: 996 closed ports
PORT      STATE    SERVICE
22/tcp    open     ssh
80/tcp    open     http
| http-headers: 
|   Date: Wed, 15 Nov 2017 05:10:04 GMT
|   Server: Apache/2.4.7 (Ubuntu)
|   Accept-Ranges: bytes
|   Vary: Accept-Encoding
|   Connection: close
|   Content-Type: text/html
|   
|_  (Request type: HEAD)
179/tcp   filtered bgp
31337/tcp open     Elite

Nmap done: 1 IP address (1 host up) scanned in 20.96 seconds

O tun le fifuye awọn iwe afọwọkọ lati inu ẹka kan tabi lati atokọ ti o pin koma ti awọn ẹka. Ninu apẹẹrẹ yii, a nlo gbogbo awọn iwe afọwọkọ ninu aiyipada ati ẹka igbohunsafefe lati ṣe ọlọjẹ lori ogun 192.168.56.1.

$ nmap --script default,broadcast 192.168.56.1

Eyi wulo nigba ti o ba fẹ yan awọn iwe afọwọkọ pẹlu apẹẹrẹ orukọ ti a fun. Fun apẹẹrẹ lati gbe gbogbo awọn iwe afọwọkọ pẹlu awọn orukọ bẹrẹ pẹlu ssh, ṣiṣe aṣẹ ni isalẹ lori ebute naa:

$ nmap --script "ssh-*" 192.168.56.1

O tun le yan awọn iwe afọwọkọ nipa lilo awọn ifihan boolean eyiti o le kọ nipa lilo ati, tabi, kii ṣe awọn oniṣẹ. Ati awọn orukọ ninu ikosile Boolean le jẹ ẹka kan, orukọ faili kan lati script.db, tabi gbogbo rẹ.

Atẹle atẹle yoo fifuye awọn iwe afọwọkọ lati aiyipada tabi awọn ẹka igbohunsafefe.

$ nmap --script "default or broadcast" 192.168.56.10

Ewo ni deede si:

$ nmap --script default,broadcast 192.168.56.10

Lati gbe gbogbo awọn iwe afọwọkọ silẹ ti o fi awọn ti o wa ninu ẹka vuln silẹ, ṣiṣe aṣẹ yii lori ebute naa.

$ nmap --script "not vuln" 192.168.56.10

Atẹle atẹle n wo idiju diẹ ṣugbọn o rọrun lati ni oye, o yan awọn iwe afọwọkọ ninu aiyipada, tabi awọn ẹka igbohunsafefe, fifi awọn ti o ni awọn orukọ ti o bẹrẹ pẹlu ssh- silẹ.

$ nmap --script "(default or broadcast) and not ssh-*" 192.168.56.10

Ni pataki, o ṣee ṣe lati darapo awọn isori, awọn orukọ iwe afọwọkọ, itọsọna kan ti o ni awọn iwe afọwọkọ aṣa rẹ, tabi ikolẹ boolean lati gbe awọn iwe afọwọkọ silẹ, bii eleyi:

$ nmap --script broadcast,vuln,ssh-auth-methods,/path/to/custom/scripts 192.168.56.10

Ni isalẹ jẹ apẹẹrẹ ti o fihan bi a ṣe le ṣe awọn ariyanjiyan si awọn iwe afọwọkọ pẹlu aṣayan –script-args:

$ nmap --script mysql-audit --script-args "mysql-audit.username='root', \
mysql-audit.password='password_here', mysql-audit.filename='nselib/data/mysql-cis.audit'"

Lati ṣe nọmba ibudo kan, lo aṣayan -p nmap:

$ nmap -p 3306 --script mysql-audit --script-args "mysql-audit.username='root', \ 
mysql-audit.password='password_here' , mysql-audit.filename='nselib/data/mysql-cis.audit'"

Aṣẹ ti o wa loke n ṣakoso iṣayẹwo ti iṣeto aabo olupin MySQL lodi si awọn apakan ti aṣepari CIS MySQL v1.0.2. O tun le ṣẹda awọn faili iṣatunṣe aṣa ti o wulo ti ara rẹ fun awọn iṣayẹwo MySQL miiran.

Iyẹn ni fun bayi. O le wa alaye diẹ sii lori oju-iwe eniyan Nmap tabi ṣayẹwo Lilo NSE.

Lati bẹrẹ pẹlu kikọ awọn iwe afọwọkọ NSE tirẹ, ṣayẹwo itọsọna yii: https://nmap.org/book/nse-tutorial.html

Nmap jẹ ohun elo ti o lagbara pupọ ati iwulo ti gbogbo eto tabi olutọju nẹtiwọọki nilo ninu ibi aabo aabo rẹ - NSE nirọrun ṣafikun ṣiṣe diẹ si rẹ.

Ninu nkan yii, a ṣe afihan ọ si Ẹrọ Nmap Script ati ki o wo bi o ṣe le wa ati lo ọpọlọpọ awọn iwe afọwọkọ ti o wa labẹ awọn isọri oriṣiriṣi. Ti o ba ni ibeere eyikeyi, ma ṣe ṣiyemeji lati kọ pada si wa nipasẹ fọọmu asọye ni isalẹ.