!!!笔记仅供学习交流使用,请勿进行其他用途!!!
CONTENTS
使用nmap的脚本进行漏洞扫描:
参考网址【 http://nmap.org/nsedoc/categories/vuln.html 】
使用metasploit内部的wamp模块:
参考网址【 http://www.offensive-security.com/metasploit-unleashed/WMAP_Web_Scanner 】
msf > load wmap #载入wmap命令模块
.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] === et [ ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
msf > help
wmap Commands
=============
Command Description
------- -----------
wmap_modules Manage wmap modules
wmap_nodes Manage nodes
wmap_run Test targets
wmap_sites Manage sites
wmap_targets Manage targets
wmap_vulns Display web vulns
。。。。。。
。。。。。。
msf > wmap_modules -h
[*] Usage: wmap_modules [options]
-h Display this help text
-l List all wmap enabled modules
-r Reload wmap modules
msf > wmap_modules -l #查看可以利用的模块
[*] Loading wmap modules...
[*] 39 wmap enabled modules loaded.
[*] wmap_ssl
。。。。。
。。。。。
msf > wmap_sites -h
[*] Usage: wmap_sites [options]
-h Display this help text
-a [url] Add site (vhost,url)
-d [ids] Delete sites (separate ids with space)
-l List all available sites
-s [id] Display site structure (vhost,url|ids) (level)
msf > wmap_sites -a http://10.10.10.128 #添加一个目标IP地址
[*] Site created.
msf > wmap_sites -l #查看所有的目标IP地址
[*] Available sites
===============
Id Host Vhost Port Proto # Pages # Forms
-- ---- ----- ---- ----- ------- -------
0 10.10.10.128 10.10.10.128 80 http 0 0
1 108.166.213.104 108.166.213.104 80 http 0 0
msf > wmap_sites -d 1 #删掉不用的目标IP
[*] Deleted 108.166.213.104 on 108.166.213.104 at index 1
msf > wmap_targets -h
[*] Usage: wmap_targets [options]
-h Display this help text
-t [urls] Define target sites (vhost1,url[space]vhost2,url)
-d [ids] Define target sites (id1, id2, id3 ...)
-c Clean target sites list
-l List all target sites
msf > wmap_targets -d 0 #指定目标URL,可以使用 -d -t两种方法添加
[*] Loading 10.10.10.128,http://10.10.10.128:80/.
msf > wmap_targets -l #查看所有的目标URL
[*] Defined targets
===============
Id Vhost Host Port SSL Path
-- ----- ---- ---- --- ----
0 10.10.10.128 10.10.10.128 80 false /
msf > wmap_run -h
[*] Usage: wmap_run [options]
-h Display this help text
-t Show all enabled modules
-m [regex] Launch only modules that name match provided regex.
-p [regex] Only test path defined by regex.
-e [/path/to/profile] Launch profile modules against all matched targets.
(No profile file runs all enabled modules.)
msf > wmap_run -t #查看可用的模块
[*] Testing target:
。。。。。
msf > wmap_run -e #exploit
。。。。。。
msf > vulns
。。。。。。
发表评论