cstriker1407的笔记本

好记性不如铅笔头

安全, 操作系统

某《魔鬼训练营》读书笔记:WEB应用检测和渗透

!!!笔记仅供学习交流使用,请勿进行其他用途!!!

使用nmap的脚本进行漏洞扫描:

参考网址【 http://nmap.org/nsedoc/categories/vuln.html 】

使用metasploit内部的wamp模块:

参考网址【 http://www.offensive-security.com/metasploit-unleashed/WMAP_Web_Scanner 】

msf > load wmap #载入wmap命令模块

.-.-.-..-.-.-..---..---.
| | | || | | || | || |-'
`-----'`-'-'-'`-^-'`-'
[WMAP 1.5.1] ===  et [  ] metasploit.com 2012
[*] Successfully loaded plugin: wmap
msf > help

wmap Commands
=============

    Command       Description
    -------       -----------
    wmap_modules  Manage wmap modules
    wmap_nodes    Manage nodes
    wmap_run      Test targets
    wmap_sites    Manage sites
    wmap_targets  Manage targets
    wmap_vulns    Display web vulns
。。。。。。
。。。。。。

msf > wmap_modules -h 
[*] Usage: wmap_modules [options]
    -h         Display this help text
    -l          List all wmap enabled modules
    -r        Reload wmap modules

msf > wmap_modules -l #查看可以利用的模块
[*] Loading wmap modules...
[*] 39 wmap enabled modules loaded.
[*] wmap_ssl
。。。。。
。。。。。
msf > wmap_sites -h
[*] Usage: wmap_sites [options]
    -h        Display this help text
    -a [url]  Add site (vhost,url)
    -d [ids]  Delete sites (separate ids with space)
    -l        List all available sites
    -s [id]   Display site structure (vhost,url|ids) (level)

msf > wmap_sites -a http://10.10.10.128 #添加一个目标IP地址
[*] Site created.
msf > wmap_sites -l  #查看所有的目标IP地址
[*] Available sites
===============

     Id  Host             Vhost            Port  Proto  # Pages  # Forms
     --  ----             -----            ----  -----  -------  -------
     0   10.10.10.128     10.10.10.128     80    http   0        0
     1   108.166.213.104  108.166.213.104  80    http   0        0

msf > wmap_sites -d 1 #删掉不用的目标IP
[*] Deleted 108.166.213.104 on 108.166.213.104 at index 1
msf > wmap_targets -h
[*] Usage: wmap_targets [options]
    -h         Display this help text
    -t [urls]    Define target sites (vhost1,url[space]vhost2,url) 
    -d [ids]    Define target sites (id1, id2, id3 ...)
    -c         Clean target sites list
    -l          List all target sites

msf > wmap_targets -d 0 #指定目标URL,可以使用 -d -t两种方法添加
[*] Loading 10.10.10.128,http://10.10.10.128:80/.
msf > wmap_targets -l  #查看所有的目标URL
[*] Defined targets
===============

     Id  Vhost         Host          Port  SSL    Path
     --  -----         ----          ----  ---    ----
     0   10.10.10.128  10.10.10.128  80    false    /

msf > wmap_run -h
[*] Usage: wmap_run [options]
    -h                        Display this help text
    -t                        Show all enabled modules
    -m [regex]                Launch only modules that name match provided regex.
    -p [regex]                Only test path defined by regex.
    -e [/path/to/profile]     Launch profile modules against all matched targets.
                              (No profile file runs all enabled modules.)

msf > wmap_run -t #查看可用的模块
[*] Testing target:
。。。。。
msf > wmap_run -e #exploit
。。。。。。
msf > vulns
。。。。。。

 

Leave a Reply

2 × 4 =

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据

Theme by Anders Norén

苏ICP备16032087号