灰客服務 grey service

  └─$ sudo sctpscan                                                                                         1 ⨯ SCTPscan - Copyright (C) 2002 - 2009 Philippe Langlois. SCTPscan comes with ABSOLUTELY NO WARRANTY; for details read the LICENSE or COPYING file. Usage:  sctpscan [options] Options:   -p, --port <port>           (default: 10000)       port specifies the remote port number   -P, --loc_port <port>           (default: 10000)       port specifies the local port number   -l, --loc_host <loc_host>   (default: 127.0.0.1)       loc_host specifies the local (bind) host for the SCTP       stream with optional local port number   -r, --rem_host <rem_host>   (default: 127.0.0.2)       rem_host specifies the remote (sendto) address for the SCTP       stream with optional remote port number   -s  --scan -r aaa[.bbb[.ccc]]       scan all machines within network   -m  --map       map all SCTP ports from 0 to 65535 (portscan)   -F  --Frequent       Portscans the freque

  Linux字典生成工具cewl

  └─$ sudo rtpbreak             Copyright (c) 2007-2008 Dallachiesa Michele <micheleDOTdallachiesaATposteDOTit> rtpbreak v1.3a is free software, covered by the GNU General Public License. USAGE: rtpbreak (-r|-i) <source> [options]  INPUT   -r <str>      Read packets from pcap file <str>   -i <str>      Read packets from network interface <str>   -L <int>      Force datalink header length == <int> bytes  OUTPUT   -d <str>      Set output directory to <str> (def:.)   -w            Disable RTP raw dumps   -W            Disable RTP pcap dumps   -g            Fill gaps in RTP raw dumps (caused by lost packets)   -n            Dump noise packets   -f            Disable stdout logging   -F            Enable syslog logging   -v            Be verbose  SELECT   -m            Sniff packets in promisc mode   -p <str>      Add pcap filter <str>   -e            Expect even destination UDP port   -u            Expect unprivileged

下載 webshag解壓縮到目錄 webshag-master sudo chmod +x setup.linux.py  sudo ./setup.linux.py sudo ./webshag_cli.py 例如: sudo ./webshag_cli.py -m pscan <IP或網域> sudo ./webshag_cli.py  -m spider -p 80 <IP或網域>

下載點 https://www.microsoftedgeinsider.com/en-us/ 安裝指令 sudo dpkg -i  microsoft-edge-beta_92.0.902.45-1_amd64.deb

用來轉換 rpm to deb 指令: sudo apt-get update && apt-get upgrade sudo apt --fix-broken install sudo apt-get install alien 例如: sudo alien <檔案名稱.rpm>

安裝前置元件 1. wget http://archive.ubuntu.com/ubuntu/pool/universe/p/pygtk/python-gtk2_2.24.0-5.1ubuntu2_amd64.deb 2. wget http://azure.archive.ubuntu.com/ubuntu/pool/universe/p/pygobject-2/python-gobject-2_2.28.6-14ubuntu1_amd64.deb 3. wget http://security.ubuntu.com/ubuntu/pool/universe/p/pycairo/python-cairo_1.16.2-2ubuntu2_amd64.deb 安裝 1. sudo dpkg -i python-gobject-2_2.28.6-14ubuntu1_amd64.deb  2. sudo dpkg -i python-cairo_1.16.2-2ubuntu2_amd64.deb 3. sudo dpkg -i python-gtk2_2.24.0-5.1ubuntu2_amd64.deb  ———————————- 安裝alien 將zenmap*.rpm 轉成 zenmap*.deb ———————————- 安裝 zenmap sudo dpkg -i zenmap***.deb ———————————- 執行 zenmap 最好以root身分執行, 功能比較完整

針對: SSH、RDP、FTP、Telnet、HTTP(S)、Wordpress、POP3(S)、IMAP、CVS、SMB、VNC、SIP、Redis、PostgreSQL、MQTT、MySQL、MSSQL、MongoDB、Cassandra、WinRM、OWA , 和 DICOM 參考: https://nmap.org/ncrack/ HELP └─$ sudo ncrack                 Ncrack 0.7 ( http://ncrack.org ) Usage: ncrack [Options] {target and service specification} TARGET SPECIFICATION:   Can pass hostnames, IP addresses, networks, etc.   Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254   -iX <inputfilename>: Input from Nmap's -oX XML output format   -iN <inputfilename>: Input from Nmap's -oN Normal output format   -iL <inputfilename>: Input from list of hosts/networks   --exclude <host1[,host2][,host3],...>: Exclude hosts/networks   --excludefile <exclude_file>: Exclude list from file SERVICE SPECIFICATION:   Can pass target specific services in <service>://target (standard) notation or   using -p which will be applied to all hosts in non-standard notation.   Service arguments can be spec

 一個針對性可最佳化的密碼生成器 例如: mp64 pass?d HELP └─$ sudo mp64 -h                                                                                                255 ⨯ High-Performance word generator with a per-position configureable charset Usage: mp64 [options]... mask * Startup:   -V,  --version             Print version   -h,  --help                Print help * Increment:   -i,  --increment=NUM:NUM   Enable increment mode. 1st NUM=start, 2nd NUM=stop                              Example: -i 4:8 searches lengths 4-8 (inclusive) * Misc:        --combinations        Calculate number of combinations        --hex-charset         Assume charset is given in hex   -q,  --seq-max=NUM         Maximum number of multiple sequential characters   -r,  --occurrence-max=NUM  Maximum number of occurrence of a character * Resources:   -s,  --start-at=WORD       Start at specific position   -l,  --stop-at=WORD        Stop at specific position * Files:   -o,  --output-file=FILE    Output-file * Custom charsets:  

 將DNS 透過 TCP 跳接轉換技術 有client server 二端, client透過server主機DNS方式連接到第三台電腦的不同socket,  也就是一種跳接轉換技術(使用DNS通道,但卻連接到第三台不同socket) 參考: https://github.com/Yehnn/kali/blob/master/kali%E5%90%8E%E9%97%A8%E6%8A%80%E6%9C%AF%E5%AE%9E%E6%88%98/06DNS2TCP%20%E5%9C%A8%20DNS%20%E6%95%B0%E6%8D%AE%E6%B5%81%E4%B8%AD%E7%BB%B4%E6%8C%81%20TCP%20%E8%BF%9E%E6%8E%A5%E7%9A%84%E5%8E%9F%E7%90%86.md

可以針對演算法:  MD4, MD5, SHA1, SHA225, SHA256, SHA384, SHA512, RMD160, GOST, WHIRLPOOL, LM, NTLM, MYSQL, CISCO7, JUNIPER, LDAP_MD5, and LDAP_SHA1 sudo git clone https://github.com/Talanor/findmyhash cd findmyhash sudo pip3 install -r dependencies.txt 參考: https://hackonology.com/courses/kali-linux/lesson/findmyhash-dehashing-method-in-kali-linux/ https://www.youtube.com/watch?v=YhMsCWcpPKY https://xorbin.com/

針對 vnckey,sshkey,rdp,openvpn 暴力破解其帳密 usage: Usage: use --help for further information Crowbar is a brute force tool which supports OpenVPN, Remote Desktop Protocol, SSH Private Keys and VNC Keys. positional arguments:   options optional arguments:   -h, --help            show this help message and exit   -b {openvpn,rdp,sshkey,vnckey}, --brute {openvpn,rdp,sshkey,vnckey}                         Target service   -s SERVER, --server SERVER                         Static target   -S SERVER_FILE, --serverfile SERVER_FILE                         Multiple targets stored in a file   -u USERNAME [USERNAME ...], --username USERNAME [USERNAME ...]                         Static name to login with   -U USERNAME_FILE, --usernamefile USERNAME_FILE                         Multiple names to login with, stored in a file   -n THREAD, --number THREAD                         Number of threads to be active at once   -l FILE, --log FILE   Log file (only write attempts)   -o FILE, --output FILE            

針對網站 檢查相關版本訊息<超過1700個偵測切入點) 可參考:  https://tools.kali.org/web-applications/whatweb

DIRB 的主要目的是幫助進行專業的 Web 應用程序審計。特別是在安全相關的測試。它涵蓋了經典 Web 漏洞掃描程序未涵蓋的一些漏洞 說明:  sudo apt-get install dirb dirb is already the newest version (2.22+dfsg-5). 指令: dirb <web http 網址>  /usr/share/wordlists/dirb/common.txt

想要使用 dig, nslookup工具, 這是放在 dnsutils裡頭 安裝指令:  sudo apt install dnsutils

網頁版:  https://www.speedtest.net/ 安裝  sudo apt install speedtest-cli sudo speedtest -h              usage: speedtest [-h] [--no-download] [--no-upload] [--single] [--bytes] [--share] [--simple]                  [--csv] [--csv-delimiter CSV_DELIMITER] [--csv-header] [--json] [--list]                  [--server SERVER] [--exclude EXCLUDE] [--mini MINI] [--source SOURCE]                  [--timeout TIMEOUT] [--secure] [--no-pre-allocate] [--version] Command line interface for testing internet bandwidth using speedtest.net. -------------------------------------------------------------------------- https://github.com/sivel/speedtest-cli optional arguments:   -h, --help            show this help message and exit   --no-download         Do not perform download test   --no-upload           Do not perform upload test   --single              Only use a single connection instead of multiple. This simulates a                         typical file transfer.   --bytes               Display values in b

檢測網站或IP 是否有開啟 DAV服務 可參考: https://tools.kali.org/web-applications/davtest

  可參考: https://www.cyberpratibha.com/blog/arachni-web-application-scanner-in-kali-linux/ 下載: https://www.arachni-scanner.com/download/

  先針對 python sudo apt-get install python sudo apt-get install python-gevent sudo apt-get install python-requests 新版 sudo apt-get update sudo apt-get upgrade sudo apt-get install python3 sudo apt-get install python3-gevent sudo apt-get install python3-requests 下載 sudo wget http://ftp.br.debian.org/debian/pool/main/b/bbqsql/bbqsql_1.1-2_all.deb 安裝: sudo dpkg -i bbqsql_1.1-2_all.deb 參考: https://debian.pkgs.org/9/debian-main-amd64/bbqsql_1.1-2_all.deb.html

找出<目標>若使用apache裏頭user檔案的帳號資訊 sudo apt-get install apache-users 例如:  apache-users -h <IP或網址> -l /usr/share/wordlists/metasploit/unix_users.txt -p 80 -s 0 -e 403 -t 10

處理檔案位置複製或修改轉成另一個檔案, 方便下一波使用 sudo apt-get install ddrescue sudo dd_rescue -h

 Doona (資料收集)  是一種Bruteforce Exploit Detector Tool (BED),用來檢測是否有溢出等問題

蒐集 網域名稱之下所有子網名的名稱與IP 安裝指令: sudo apt install dnsmap 說明: dnsmap 0.35 - DNS Network Mapper usage: dnsmap <target-domain> [options] options: -w <wordlist-file> -r <regular-results-file> -c <csv-results-file> -d <delay-millisecs> -i <ips-to-ignore> (useful if you're obtaining false positives) e.g.: dnsmap example.com dnsmap example.com -w yourwordlist.txt -r /tmp/domainbf_results.txt dnsmap example.com -r /tmp/ -d 3000 dnsmap example.com -r ./domainbf_results.txt