灰客服務 grey service

此是一種收集網址(IP)資訊,並攻擊的指令 針對LFI/RFI(local File Inclusion/Remote File Inclusion)特性去掃描跟攻擊 可叁考:  https://www.youtube.com/watch?v=ODMHucZNQ9k ============================ 看看 help fimap -h fimap v.1.00_svn (My life for Aiur) :: Automatic LFI/RFI scanner and exploiter :: by Iman Karim (fimap.dev@gmail.com) Usage: ./fimap.py [options] ## Operating Modes:   -s , --single                 Mode to scan a single URL for FI errors.                                 Needs URL (-u). This mode is the default.   -m , --mass                   Mode for mass scanning. Will check every URL                                 from a given list (-l) for FI errors.   -g , --google                 Mode to use Google to aquire URLs.                                 Needs a query (-q) as google search query.   -B , --bing                   Use bing to get URLs.                                 Needs a query (-q) as bing search query.                                 Also needs a Bing APIKey (--bingkey)  

這是用來檢查網站整個目錄, 也會整理資訊 存放於指定的文件中 於終端機模式> 輸入 dirbuster

****** nbtscan(查詢LAN裏頭使用smb協定的設備) ****** 透過IP掃描方式找LAN裏頭 NetBIOS設備相關資料 ——————— 掃描192.168.8.***所有設備 指令: sudo nbtscan -r 192.168.8.0/24 ——————— 掃描192.168.8.***所有設備且MAC address 00:00:00:00:00:00(可自設定) 指令: sudo nbtscan -r 192.168.8.0/24 |grep "00:00:00:00:00:00" ——————— 用來檢查網路window電腦基本資料 例如: 電腦名稱, 使用者, IP, Mac address, services(服務) nbtscan -h "Human-readable service names" (-h) option cannot be used without verbose (-v) option. Usage: nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>) -v verbose output. Print all names received from each host -d dump packets. Print whole packet contents. -e Format output in /etc/hosts format. -l Format output in lmhosts format. Cannot be used with -v, -s or -h options. -t timeout wait timeout milliseconds for response. Default 1000. -b bandwidth Output throttling. Slow down output so that it uses no more that bandwidth bps. Use

這是針對 目標IP 的port 掃描 並依其回應到自己的appdefs.resp 查詢對應可能的服務 說明: amap v5.4 (c) 2011 by van Hauser <vh@thc.org> www.thc.org/thc-amap Syntax: amap [-A|-B|-P|-W] [-1buSRHUdqv] [[-m] -o <file>] [-D <file>] [-t/-T sec] [-c cons] [-C retries] [-p proto] [-i <file>] [target port [port] ...] Modes: -A Map applications: send triggers and analyse responses (default) -B Just grab banners, do not send triggers -P No banner or application stuff - be a (full connect) port scanner Options: -1 Only send triggers to a port until 1st identification. Speeeeed! -6 Use IPv6 instead of IPv4 -b Print ascii banner of responses -i FILE Nmap machine readable outputfile to read ports from -u Ports specified on commandline are UDP (default is TCP) -R Do NOT identify RPC service -H Do NOT send application triggers marked as potentially harmful -U Do NOT dump unrecognised responses (better