Nmap扫描与发现漏洞全技巧

漏洞主机发现

验证iis短文件名泄露

1
nmap -p 80 --script http-iis-short-name-brute 192.168.0.1/24

验证Memcached未授权访问漏洞

1
nmap -sV -p 11211 -script memcached-info 192.168.0.1/24

验证http.sys远程代码执行漏洞

1
nmap -sV  -script http-vuln-cve2015-1635 192.168.0.1/24

验证心脏出血漏洞

1
nmap -sV --script=ssl-heartbleed 192.168.0.1/24

验证Mongodb未授权访问漏洞

1
nmap -p 27017 --script mongodb-info 192.168.0.1/24

验证Redis未授权访问漏洞

1
nmap -p 6379 --script redis-info 192.168.0.1/24

验证Elasticsearch未授权访问漏洞

1
nmap --script=http-vuln-cve2015-1427 --script-args command='ls' 192.168.0.1/24

验证Rsync未授权访问漏洞

1
nmap -p 873 --script rsync-brute --script-args 'rsync-brute.module=www' 192.168.0.1/24

相关资料:

https://blog.csdn.net/jiangliuzheng/article/details/51992220

https://blog.csdn.net/hackerie/article/details/78065636

http://www.vuln.cn/2444