![]() ![]() |_ftp-anon: Anonymous FTP login allowed (FTP code 230) For example, “ftp-anon” script in “/use/share/nmap/scripts” can be used to check whether the anonymous login on remote server is allowed or not. The examples of these mis-configurations may include FTP anonymous login enabled, SSH username enumeration, or public access of Samba shares etc. Nmap scripts can also be used to detect mis-configurations in remote hosts or networks. Nmap done: 1 IP address (1 host up) scanned in 7.24 seconds |_ Statistics: Performed 25 guesses in 7 seconds, average tps: 3.6 | azad:s3cr4tp4ssw0rd - Valid credentials NSE: Trying username/password pair: :s3cr4tp4ssw0rd NSE: Trying username/password pair: azad:s3cr4tp4ssw0rd NSE: Trying username/password pair: usama:s3cr4tp4ssw0rd NSE: Trying username/password pair: bob:s3cr4tp4ssw0rd NSE: Trying username/password pair: donie:s3cr4tp4ssw0rd NSE: Trying username/password pair: :s3cr4t NSE: Trying username/password pair: azad:s3cr4t NSE: Trying username/password pair: usama:s3cr4t NSE: Trying username/password pair: bob:s3cr4t NSE: Trying username/password pair: donie:s3cr4t NSE: Trying username/password pair: :secret NSE: Trying username/password pair: azad:secret NSE: Trying username/password pair: usama:secret ![]() NSE: Trying username/password pair: bob:secret NSE: Trying username/password pair: donie:secret An example of SSH brute-force using Nmap with dictionaries “users.lst” and “pass.lst” is given below nmap -p22 -script ssh-brute -script-args userdb=users.lst,passdb=pass.lst You can brute-force a lot of services using Nmap scripts including SSH, HTTP, VNC, MySQL, IMAP, SMTP and many others. ![]() Nmap scripts can be used to brute force remote services without relying on third party tools like Hydra, Medusa or Metasploit Framework. In general, Nmap scripts can be used for the following purposes Default Nmap scripts are located in “/usr/share/nmap/scripts” and can be used using “–script” argument. Nmap has a lot of default and third party scripts that add to the efficiency of Nmap while doing network scanning and enumeration. These scripts can be used to automate variety of tasks like detecting vulnerabilities, fingerprinting software versions, detecting mis-configurations in a network or a host etc. Nmap has a useful feature called Nmap Scripting Engine (NSE), which allows you to write your own scripts in its scripting engine. That was just an overview, there are also a lot other options that you can see in Nmap documentation Nmap Scripts (NSE) O : enable OS detection, requires root privileges T : sets the scan speed, -T5 is the fastest sC : Nmap script scanning, includes all default scripts sV : to grab the banner of remote software running on a specific port Includes script scanning, OS identification, version scanning etc Nmap has a lot of great options for effective port and vulnerability scanning, some mostly used options are described here -A : Aggressive scanning. Despite getting old, it has full support with open source community contributing and improving it every day. It has both Graphical User Interface (Zenmap) and Command Line Interface which can be used to automate the scanning process. NMAP is an open source all-in-one tool that one can use for port scanning, service identification, banner grabbing, operating system finger printing, vulnerability scanning and many other tasks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |