Mestasploit 弱點掃描

時間 2019-11-16

標籤 mestasploit 弱點掃描简体版

原文原文鏈接

1. 簡介

根據信息收集結果搜索漏洞利用模塊
結合外部漏洞掃描系統對大量IP地址段進行批量掃描
誤判率、漏判率

2. VNC 密碼破解

use auxiliary/scanner/vnc/vnc_loginphp

msf > use auxiliary/scanner/vnc/vnc_login
msf auxiliary(scanner/vnc/vnc_login) > set BLANK_PASSWORDS true
msf auxiliary(scanner/vnc/vnc_login) > set THREADS 20
msf auxiliary(scanner/vnc/vnc_login) > set RHOSTS 10.10.10.142
msf auxiliary(scanner/vnc/vnc_login) > run

3. VNC 無密碼訪問（未設置密碼）

use auxiliary/scanner/vnc/vnc_none_auth

supported : None, free access!web

msf > use auxiliary/scanner/vnc/vnc_none_auth
msf auxiliary(scanner/vnc/vnc_none_auth) > set RHOSTS 10.10.10.142
msf auxiliary(scanner/vnc/vnc_none_auth) > run

4. RDP 遠程桌面漏洞

use auxiliary/scanner/rdp/ms12_020_check

檢查不會形成 DoS 攻擊.sql

msf > use auxiliary/scanner/rdp/ms12_020_check
msf auxiliary(scanner/rdp/ms12_020_check) > set RHOSTS 10.10.10.140-150
msf auxiliary(scanner/rdp/ms12_020_check) > run

說明存在漏洞api

5. 設備後門

use auxiliary/scanner/ssh/juniper_backdoor #juniper 防火牆
use auxiliary/scanner/ssh/fortinet_backdoor # fortinet 防火牆

6. VMware ESXi 密碼爆破

use auxiliary/scanner/vmware/vmauthd_login
use auxiliary/scanner/vmware/vmware_enum_vms

7. 利用 WEB API 遠程開啓虛擬機

use auxiliary/admin/vmware/poweron_vm

8. HTTP 弱點掃描

過時證書：use auxiliary/scanner/http/certtomcat

msf > use auxiliary/scanner/http/cert
msf auxiliary(scanner/http/cert) > set RHOSTS 10.10.10.130-150
msf auxiliary(scanner/http/cert) > set THREADS 20
msf auxiliary(scanner/http/cert) > run

顯示目錄及文件ssh

use auxiliary/scanner/http/dir_listingwordpress

msf > use auxiliary/scanner/http/dir_listing
msf auxiliary(scanner/http/dir_listing) > set RHOSTS 10.10.10.132
msf auxiliary(scanner/http/dir_listing) > set PATH dav
msf auxiliary(scanner/http/dir_listing) > run

use auxiliary/scanner/http/files_dir編碼

msf auxiliary(scanner/http/dir_listing) > use auxiliary/scanner/http/files_dir
msf auxiliary(scanner/http/files_dir) > set RHOSTS 10.10.10.132
msf auxiliary(scanner/http/files_dir) > run

WebDAV Unicode 編碼身份驗證繞過命令行

use auxiliary/scanner/http/dir_webdav_unicode_bypass日誌

msf > use auxiliary/scanner/http/dir_webdav_unicode_bypass
msf auxiliary(scanner/http/dir_webdav_unicode_bypass) > set RHOSTS 10.10.10.132
msf auxiliary(scanner/http/dir_webdav_unicode_bypass) > set THREADS 20
msf auxiliary(scanner/http/dir_webdav_unicode_bypass) > run

Tomcat 管理登陸頁面

use auxiliary/scanner/http/tomcat_mgr_login

msf > use auxiliary/scanner/http/tomcat_mgr_login
msf auxiliary(scanner/http/tomcat_mgr_login) > set RHOSTS 10.10.10.132
msf auxiliary(scanner/http/tomcat_mgr_login) > run

基於 HTTP 方法的身份驗證繞過

use auxiliary/scanner/http/verb_auth_bypass

msf > use auxiliary/scanner/http/verb_auth_bypass
msf auxiliary(scanner/http/verb_auth_bypass) > set RHOSTS 10.10.10.132
msf auxiliary(scanner/http/verb_auth_bypass) > run

Wordpress 密碼爆破

use auxiliary/scanner/http/wordpress_login_enum

msf > use auxiliary/scanner/http/wordpress_login_enum
msf auxiliary(scanner/http/wordpress_login_enum) > set RHOSTS 10.10.10.151
msf auxiliary(scanner/http/wordpress_login_enum) > run

9. wmap

WMAP WEB 應用掃描器
- 根據 sqlmap 的工做方式開發
- load wmap
- wmap_sites -a http://1.1.1.1
- wmap_targets -t http://1.1.1.1/mutillidae/index.php
- wmap_run -t # 列出全部模塊
- wmap_run -e # 開始掃描
- wmap_vulns -l # 查看掃描出的漏洞
- vulns
```
msf > load wmap
msf > wmap_sites -h
msf > wmap_sites -a http://10.10.10.132
msf > wmap_targets -t http://10.10.10.132/mutillidae/index.php
msf > wmap_run -h
msf > wmap_run -t
msf > wmap_run -e
msf > wmap_vulns -l
```
```
msf > vulns
```

10. openvas

load openvas
- 命令行模式，須要配置，使用頻繁
```
msf > load openvas 
msf > openvas_help
```
使用掃描器掃描以後生成報告
- msf 導入 nbe 格式掃描日誌
- db_import openvas.nbe
```
msf > db_import 1.nbe
msf > vulns
```

11. MSF 直接調用 nessus 執行掃描

load nessus
nessus_help
nessus_connect admin:toor@1.1.1.1
nessus_policy_list
nessus_scan_new
nessus_report_list

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。